urlscan.io logo urlscan.io
SecurityTrails logo

flagstar.onlinebank.com Open in urlscan Pro
45.60.34.53  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://flagstar.onlinebank.com/
Effective URL: https://flagstar.onlinebank.com/SignIn.aspx
Submission: On March 17 via automatic, source certstream-suspicious
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 4 countries across 15 domains to perform 71 HTTP transactions. The main IP is 45.60.34.53, located in United States and belongs to INCAPSULA, US. The main domain is flagstar.onlinebank.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on April 12th 2018. Valid for: 2 years.
This is the only time flagstar.onlinebank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 56 45.60.34.53 19551 (INCAPSULA)
2 52.129.74.14 395492 (IOVATION3)
4 63.78.207.114 23291 (FLAGSTAR-...)
1 23.37.33.211 16625 (AKAMAI-AS)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 1 35.153.153.196 14618 (AMAZON-AES)
1 52.216.238.245 16509 (AMAZON-02)
1 13.108.235.253 14340 (SALESFORCE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 13.108.232.254 14340 (SALESFORCE)
71 13
56    45.60.34.53 (United States)

ASN19551 (INCAPSULA, US)
flagstar.onlinebank.com
2    52.129.74.14 (United States)

ASN395492 (IOVATION3, US)
PTR: mpsnare.iesnare.com
mpsnare.iesnare.com
4    63.78.207.114 (United States)

ASN23291 (FLAGSTAR-BANK-, US)
PTR: flagstar.com
www.flagstar.com
1    23.37.33.211 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-37-33-211.deploy.static.akamaitechnologies.com
use.typekit.net
2    2606:4700::6811:b958 (United States)

ASN13335 (CLOUDFLARENET, US)
onlinebank.report-uri.com
1    2a00:1450:4001:815::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    2a00:1450:4001:817::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    35.153.153.196 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-153-153-196.compute-1.amazonaws.com
www.glancecdn.net
1    52.216.238.245 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1.amazonaws.com
s3.amazonaws.com
1    13.108.235.253 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl8-iad.la2-c1cs-iad.salesforceliveagent.com
c.la2-c2cs-iad.salesforceliveagent.com
2    2a00:1450:4001:815::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    2a00:1450:400c:c0c::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:824::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:800::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    13.108.232.254 (United States)

ASN14340 (SALESFORCE, US)
PTR: dcl2-iad.la2-c2-iad.salesforceliveagent.com
d.la2-c2-iad.salesforceliveagent.com
Domain Requested by
56 flagstar.onlinebank.com 1 redirects flagstar.onlinebank.com
4 www.flagstar.com flagstar.onlinebank.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 onlinebank.report-uri.com flagstar.onlinebank.com
2 mpsnare.iesnare.com flagstar.onlinebank.com
mpsnare.iesnare.com
1 d.la2-c2-iad.salesforceliveagent.com c.la2-c2cs-iad.salesforceliveagent.com
1 www.google.de flagstar.onlinebank.com
1 www.google.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 c.la2-c2cs-iad.salesforceliveagent.com flagstar.onlinebank.com
1 s3.amazonaws.com flagstar.onlinebank.com
1 www.glancecdn.net 1 redirects
1 www.googletagmanager.com flagstar.onlinebank.com
1 fonts.gstatic.com flagstar.onlinebank.com
1 use.typekit.net flagstar.onlinebank.com
0 truncated Failed flagstar.onlinebank.com
71 16

This site contains links to these domains. Also see Links.

Domain
www.flagstar.com
Subject Issuer Validity Valid
flagstar.onlinebank.com
DigiCert SHA2 Secure Server CA		 2018-04-12 -
2020-04-12		 2 years crt.sh
mpsnare.iesnare.com
DigiCert SHA2 High Assurance Server CA		 2019-04-24 -
2020-05-26		 a year crt.sh
www.flagstar.com
Entrust Certification Authority - L1M		 2020-01-30 -
2022-03-31		 2 years crt.sh
*.typekit.net
DigiCert SHA2 Secure Server CA		 2019-12-06 -
2021-12-10		 2 years crt.sh
ssl765279.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-22 -
2020-06-29		 6 months crt.sh
*.google.com
GTS CA 1O1		 2020-02-25 -
2020-05-19		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
s3.amazonaws.com
DigiCert Baltimore CA-2 G2		 2019-11-09 -
2020-12-02		 a year crt.sh
la2-c1cs-iad.salesforceliveagent.com
DigiCert SHA2 Secure Server CA		 2019-05-06 -
2021-05-05		 2 years crt.sh
www.google.de
GTS CA 1O1		 2020-03-03 -
2020-05-26		 3 months crt.sh
la2-c2-iad.salesforceliveagent.com
DigiCert SHA2 Secure Server CA		 2018-07-31 -
2020-07-30		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://flagstar.onlinebank.com/SignIn.aspx
Frame ID: 6C1C8BE9D9E5A531EC26013E4AB5F92D
Requests: 95 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://flagstar.onlinebank.com/ HTTP 302
    https://flagstar.onlinebank.com/SignIn.aspx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
  • html /<input[^>]+name="__VIEWSTATE/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

71
Requests

100 %
HTTPS

47 %
IPv6

15
Domains

16
Subdomains

13
IPs

4
Countries

1133 kB
Transfer

1919 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://flagstar.onlinebank.com/ HTTP 302
    https://flagstar.onlinebank.com/SignIn.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 67
  • https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19916&site=production HTTP 302
  • https://s3.amazonaws.com/glancecdn/cobrowse/js/GlanceCobrowseLoader_4.2.0M.js
Request Chain 91
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1575877723&t=pageview&_s=1&dl=https%3A%2F%2Fflagstar.onlinebank.com%2FSignIn.aspx&ul=en-us&de=UTF-8&dt=Sign%20In%20-%20Flagstar%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAUAB~&jid=723690930&gjid=415170525&cid=1346772177.1584465365&tid=UA-34304025-1&_gid=598338932.1584465365&_r=1&gtm=2ou340&z=1005686934 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_gid=598338932.1584465365&gjid=415170525&_v=j81&z=1005686934 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_v=j81&z=1005686934 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_v=j81&z=1005686934&slf_rd=1&random=1808130238

71 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set SignIn.aspx
flagstar.onlinebank.com/
Redirect Chain
  • https://flagstar.onlinebank.com/
  • https://flagstar.onlinebank.com/SignIn.aspx
109 KB
111 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
3f1e092150682eca81e30aea0e52a244aacabee55e51f938187b688495bc276d
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Host
flagstar.onlinebank.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
ASP.NET_SessionId=1r3f0bv4kkkybwb5mvd3cvsu; PortalLanguage_2272=en-US; visid_incap_1963273=/K1CR9WMTsmBFCNRbfgC59AFcV4AAAAAQUIPAAAAAAAYUq/hadEmwtiUjw4IV6NA; incap_ses_471_1963273=O9q1dELNIElM2CaLu1WJBtEFcV4AAAAApcETfXdOrot4bFYTm1961w==; ___utmvmzEuPYDkB=KWbNqWUVaqv; ___utmvbzEuPYDkB=BZz XQIOvalU: ctZ
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Cache-Control
private, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
Tue, 01 Jan 2019 05:00:00 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
DENY SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Date
Tue, 17 Mar 2020 17:16:01 GMT
Set-Cookie
visid_incap_1963273=/K1CR9WMTsmBFCNRbfgC59AFcV4AAAAAQUIPAAAAAAAYUq/hadEmwtiUjw4IV6NA; expires=Wed, 17 Mar 2021 13:46:53 GMT; HttpOnly; path=/; Domain=.onlinebank.com incap_ses_471_1963273=O9q1dELNIElM2CaLu1WJBtEFcV4AAAAApcETfXdOrot4bFYTm1961w==; path=/; Domain=.onlinebank.com ___utmvbzEuPYDkB=a; Max-Age=0; path=/; expires=Sun, 15 Mar 2020 13:43:00 GMT ___utmvmzEuPYDkB=a; Max-Age=0; path=/; expires=Sun, 15 Mar 2020 13:43:00 GMT
X-CDN
Incapsula
Transfer-Encoding
chunked
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 922) q(0 0 0 -1) r(5 6) U5

Redirect headers

Cache-Control
private, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
Tue, 01 Jan 2019 05:00:00 GMT
Location
/SignIn.aspx
Server
Microsoft-IIS/8.5
Set-Cookie
ASP.NET_SessionId=1r3f0bv4kkkybwb5mvd3cvsu; path=/; secure; HttpOnly; SameSite=Lax PortalLanguage_2272=en-US; expires=Mon, 17-Mar-2070 17:16:01 GMT; path=/; secure; HttpOnly visid_incap_1963273=/K1CR9WMTsmBFCNRbfgC59AFcV4AAAAAQUIPAAAAAAAYUq/hadEmwtiUjw4IV6NA; expires=Wed, 17 Mar 2021 13:46:53 GMT; HttpOnly; path=/; Domain=.onlinebank.com incap_ses_471_1963273=O9q1dELNIElM2CaLu1WJBtEFcV4AAAAApcETfXdOrot4bFYTm1961w==; path=/; Domain=.onlinebank.com ___utmvmzEuPYDkB=KWbNqWUVaqv; path=/; Max-Age=900 ___utmvazEuPYDkB=ZFnlIlH; path=/; Max-Age=900 ___utmvbzEuPYDkB=BZz XQIOvalU: ctZ; path=/; Max-Age=900
X-Frame-Options
DENY SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Date
Tue, 17 Mar 2020 17:16:01 GMT
Content-Length
129
X-CDN
Incapsula
X-Iinfo
0-3805455-3805456 NNNN CT(103 309 0) RT(1584465360819 9) q(0 0 4 1) r(9 9) U5
EditMode.css
flagstar.onlinebank.com/App_Themes/Theme4/ 		774 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/EditMode.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
94fb85c0bd3e70b7508434ba7625483252ed4e86dbde231b7917c9ef0a7ef781
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:02 GMT
Server
Microsoft-IIS/8.5
ETag
"03928e4966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
3-14306932-14306934 NNNN CT(100 107 0) RT(1584465362445 7) q(0 0 2 -1) r(3 3) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
774
X-CDN
Incapsula
LoadingPanel.css
flagstar.onlinebank.com/App_Themes/Theme4/ 		89 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/LoadingPanel.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
c0ff4817b1eb977c5bd7b1991006c69090ffdae73733a7d8829fec8d611f69fc
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:02 GMT
Server
Microsoft-IIS/8.5
ETag
"03928e4966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
7-5232989-5232990 NNNN CT(100 103 0) RT(1584465362445 9) q(0 0 2 -1) r(3 3) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
89
X-CDN
Incapsula
opensans.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/opensans.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
b9c775232213b8a4b7a63dfaf839757b2a8d1583a1af7b5766030da6e8c474b4
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805548-3805549 NNNN CT(101 102 0) RT(1584465362447 9) q(0 0 2 -1) r(3 3) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
2347
X-CDN
Incapsula
screen.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		790 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
38ceea9bbebce6221e6f9825e6a25ba40d75687767385f8e234ed70c4e2d9743
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880775-11880778 NNNN CT(101 102 0) RT(1584465362447 9) q(0 0 2 -1) r(3 3) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
790
X-CDN
Incapsula
surveyor-fonts.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		171 KB
172 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/surveyor-fonts.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
f31e15302a59e25862ffaff4e854830ad9759f948bf537ae5c0dba24a12f2406
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Sun, 29 Jul 2018 23:50:06 GMT
Server
Microsoft-IIS/8.5
ETag
"0cb29e09627d41:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880776-11880779 NNNN CT(100 103 0) RT(1584465362447 10) q(0 0 2 -1) r(4 6) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
175100
X-CDN
Incapsula
RadDockableObject.css
flagstar.onlinebank.com/Skins/Default/Dock/Default/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Skins/Default/Dock/Default/RadDockableObject.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
926172c6f78bad8d437e449a3309ea0de03199f2bc0d2101899f3ce99df04f4b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 15:42:34 GMT
Server
Microsoft-IIS/8.5
ETag
"0d1edd17d6d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 1919) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
2105
X-CDN
Incapsula
Content.aspx
flagstar.onlinebank.com/ 		39 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=GlobalSkin1&t=07/21/2019%209:49:14%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
29174c3dc55eea46741571209fce99910e494e7a2a5fdfd325a8d20087ef89ed
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Sun, 21 Jul 2019 09:49:14 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:02 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 337) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
39
X-CDN
Incapsula
Content.aspx
flagstar.onlinebank.com/ 		4 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=Live+Person+Merge&t=03/14/2019%205:41:48%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 14 Mar 2019 05:41:48 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:02 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 339) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
4
X-CDN
Incapsula
Content.aspx
flagstar.onlinebank.com/ 		9 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=AM82AccountChanges&t=02/27/2020%207:14:31%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
283c84201f419afd4b749093bea98993b525892798cb48b34647a74b7a8bcd1b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 27 Feb 2020 07:14:32 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:02 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 346) q(0 0 0 -1) r(2 3) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
9433
X-CDN
Incapsula
Content.aspx
flagstar.onlinebank.com/ 		11 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=UXUpgradeCustomFixes&t=02/27/2020%207:09:39%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
2554fdbe29ce9b5f1fa7b8f38afa62e882edc0fcedc9edb3e396c90eb02776af
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 27 Feb 2020 07:09:39 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:02 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 345) q(0 0 0 -1) r(2 3) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
11565
X-CDN
Incapsula
Content.aspx
flagstar.onlinebank.com/ 		173 KB
174 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/27/2020%2010:12:02%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
cd883dadd75506756b2704cc9688ec1a19fa80ca98d41ad754c81fcdf20478bb
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 27 Feb 2020 10:12:02 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:02 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 2050) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
176891
X-CDN
Incapsula
print.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		175 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/print.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
f4f9f204aaab6f4fc1dfda7bc3bd4aad98d4236c7061b144b496dd991cbf12ae
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880776-11880779 ENNN RT(1584465362447 1483) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
175
X-CDN
Incapsula
WebResource.axd
flagstar.onlinebank.com/ 		23 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZFLi9cQ9SKv4yoO46yO68R0oWbQOkhlAKqSvWYYg4-bJkRC2yuQqJ4ceidrB_H0EeBYpbMI6dsewJZxdfcHUCupoNpm3-OjXzrHbcmrNGgEI0&t=637100682046795651
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Sat, 23 Nov 2019 06:10:04 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
X-Iinfo
8-11880776-11880779 ENNN RT(1584465362447 1075) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
23063
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:31 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		197 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
39cf40e6045db72c75ee95309db213c0e684dde33109f968ecf096681a64ea05
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:27 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 2737) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
67546
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:27 GMT
Resource.axd
flagstar.onlinebank.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Controls.PortalMenuTree.js&h=8641A961E79BD19263EE74AE2BA83D5B
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
0f9ba58762585fb64d3252ba7a6a6e2fbf8b3853115028f7f1e8618b9adb14fa
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:43 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 1143) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
1370
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:43 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		179 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Desktop&h=B9AC35AC98D9161CDBBB4D5B00303936
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
9809c7b50f66d112c97b2ad1874f43561dbf2db7ed9155d30cf85e9be34810d1
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 16:39:54 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 1156) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
50338
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 16:39:54 GMT
Resource.axd
flagstar.onlinebank.com/ 		15 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?k=jquery.tools&r=IDS.Web.Resources.Scripts.jquery.tools.min.js&h=98EDE3E266766F3CC8FBC6447F87BC4A
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
4181ba8af6f8e421d85560793c7dda28d3ec22b6e5f35eb1d21dfde6bf6f6eed
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:27 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 1171) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
5325
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:27 GMT
Resource.axd
flagstar.onlinebank.com/ 		382 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Web.Resources.Scripts.jslogging.js&h=C578B076511D7E36E08287E713D2B08F
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
d91a13ea8b1257f34b0402fba9e9875131d80dfcf2ed3e335fb594d084216a68
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:43 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
8-11880776-11880779 ENNN RT(1584465362447 1199) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
257
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:43 GMT
Resource.axd
flagstar.onlinebank.com/ 		624 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Web.Resources.Scripts.orcc.jquery.ajaxextensions.js&h=CAD35409DC640ADED4335AD7249EC986
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
8116cc35619b96c857b95da7585a85f6f3ae8dc0a5987ef8eb3ce0eb62c4e181
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:41 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 1226) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
283
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:41 GMT
Resource.axd
flagstar.onlinebank.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Web.hlm.base.template.Theme4.js.scripts.js&h=1BD8C1C0A991A77A6FAE929E0A90E3A3
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
12371d559ec2b98cc635e6a5fd67d78baa7f052e9abad5808eeaccd50224d335
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:28 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 1271) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
1133
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:28 GMT
Resource.axd
flagstar.onlinebank.com/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Web.hlm.base.template.Theme4.js.personalize.js&h=B5C7293EC3331DD77CE163BE33893AB0
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
de9ae63fef36954e6cc48eaec6a023485b36043869cc598e042d8b2e67ba97c3
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:27 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 1300) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
2589
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:27 GMT
Resource.axd
flagstar.onlinebank.com/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?k=jquery.ui.touch-punch&r=IDS.Web.Resources.Scripts.jquery.ui.touch-punch.js&h=8D54427BA97E1865BDD33FBD942F8243
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
0da5cf16d1a549dc5e4acffcd3f86700a298d6c6702a3b4fe89c5bab314f6c84
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:57 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
8-11880776-11880779 ENNN RT(1584465362447 1329) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
595
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:57 GMT
Resource.axd
flagstar.onlinebank.com/ 		8 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Web.hlm.base.template.Theme4.MainModuleTemplateHeader.js&h=A99EC583DBB3E460C11978FE36DA30E0
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
5b00ef9e1ac889bb399f0578aa17a88b9a0318e0632bb16e862a111270b0cf2e
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:22:18 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 1342) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
8071
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:22:18 GMT
ScriptResource.axd
flagstar.onlinebank.com/ 		26 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptResource.axd?d=nv7asgRUU0tRmHNR2D6t1MuUMADhjQDqweIIWUavfumUrRgefrAoLvf12von5xzCo0LFIDh2TwkJYLekb1CeJEr3psxk0yhT-T-i5M3Np6RZGnEwBa667yeXPF1gUwPMDOUt7TKLG4Yj-WEdFIN98_6EphMf-2OIEgYiHKtuv1tzVsH4r3ztRXa7kGDeZ7nd0&t=ffffffff93f2983c
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 17 Mar 2020 15:21:46 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 2974) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
5479
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:46 GMT
fp_AA.js
flagstar.onlinebank.com/hlm/base/Authentication/Scripts/ 		32 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/hlm/base/Authentication/Scripts/fp_AA.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
cb5643ffff191bf755e4b0812525d2db86931ea3f666bc8f0bf244f2da2042b9
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 1382) q(0 0 0 -1) r(1 1) U5
Content-Length
8348
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Thu, 09 May 2019 15:42:14 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:03 GMT
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=604800
ETag
"0f2c67d6d51:0"
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
snare.js
mpsnare.iesnare.com/ 		38 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/snare.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.129.74.14 , United States, ASN395492 (IOVATION3, US),
Reverse DNS
mpsnare.iesnare.com
Software
nginx /
Resource Hash
740a76f0e0aa28b9ca9377c8c741a7a5236c10e40f1aaa39cfc0e729a95180ff
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Encoding
gzip
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
no-cache, private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
0
Telerik.Web.UI.WebResource.axd
flagstar.onlinebank.com/ 		140 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=M_layout_content_ScriptManager_TSM&compress=1&_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions%2c+Version%3d4.0.0.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d31bf3856ad364e35%3aen-US%3a92dc34f5-462f-43bd-99ec-66234f705cd1%3aea597d4b%3ab25378d2
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
25d8216dcffe1420437fe6c11eaa1cde529708862d1420aa792ff41483cf0ff3
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 1388) q(0 0 0 -1) r(1 1) U5
Content-Length
35162
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Wed, 18 Jun 2014 00:00:00 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:03 GMT
Vary
User-Agent
Content-Type
application/x-javascript
Cache-Control
public, max-age=31536000
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Expires
Wed, 17 Mar 2021 17:16:04 GMT
WebResource.axd
flagstar.onlinebank.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/WebResource.axd?d=JoBkLzP19aTuxbWOhHobYrbhumlz3QZ7G8hw6GoJSg4e_VAtmDL_JuwN8Neb0Nf7fvcBhjz8o1SkaEZtT2T75zgcSea-S51pjDdZg4f0bR-iXFLVaRf22T4cooSLWR5X0&t=637100682046795651
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Sat, 23 Nov 2019 06:10:04 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 1455) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
3005
X-CDN
Incapsula
Expires
Wed, 17 Mar 2021 15:21:47 GMT
need-help.css
www.flagstar.com/content/dam/flagstar/components/need-help/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, 3DES_EDE_CBC
Server
63.78.207.114 , United States, ASN23291 (FLAGSTAR-BANK-, US),
Reverse DNS
flagstar.com
Software
Apache /
Resource Hash
16d8c6c10eca296a3addd2a2316aacd62946e9014e994f6c0a61c454c554f07f
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
2059
x-xss-protection
1; mode=block
X-UA-Compatible
IE=Edge
Last-Modified
Tue, 17 Mar 2020 13:40:48 GMT
Server
Apache
ETag
"9a09a-2235-5a10d15539800"
Vary
Accept-Encoding
Content-Type
text/css
Expires
Thu, 16 Apr 2020 17:16:03 GMT
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
clientname
flagstar
need-help.js
www.flagstar.com/content/dam/flagstar/components/need-help/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, 3DES_EDE_CBC
Server
63.78.207.114 , United States, ASN23291 (FLAGSTAR-BANK-, US),
Reverse DNS
flagstar.com
Software
Apache /
Resource Hash
f24065e4c062aa2dac22f15324a0c76ae8cd8a173a5dce900aff248c169d0540
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Encoding
gzip
Connection
Keep-Alive
Content-Length
3110
x-xss-protection
1; mode=block
X-UA-Compatible
IE=Edge
Last-Modified
Tue, 17 Mar 2020 13:40:48 GMT
Server
Apache
ETag
"9a0dd-2c28-5a10d15539800"
Vary
Accept-Encoding
Content-Type
application/javascript
Expires
Thu, 16 Apr 2020 17:16:03 GMT
Cache-Control
max-age=2592000
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=100
clientname
flagstar
cpm8xio.js
use.typekit.net/ 		19 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/cpm8xio.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.37.33.211 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-37-33-211.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8dd496476d04b01e64e3042a5ecaa049b89601b02145a66c23ecca9d11dbb0c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
server
nginx
access-control-allow-origin
*
date
Tue, 17 Mar 2020 17:16:03 GMT
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
status
200
cache-control
public, max-age=600, stale-while-revalidate=604800
timing-allow-origin
*
content-length
7455
_Incapsula_Resource
flagstar.onlinebank.com/ 		132 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=2&cb=2064487233
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d0cb17c92e5b60bd268f47a2715d9f6659f45dc26c4b9ae5767ee0b655a5bd1f

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Content-Encoding
gzip
Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
19199
Content-Type
application/javascript
accordion.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/accordion.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
90a5e085de08b76787107ea46a188afc417537f1903e36ef89b6c63d5b0581e2
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 462) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
1926
X-CDN
Incapsula
carousel.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/carousel.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
bc5427c8becdc12dbb8026919b68588038af5c479590819134593e007eadfa67
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 496) q(0 0 0 -1) r(2 2) U5
Content-Length
1230
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:02 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
ETag
"06659e5966d51:0"
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
checkBoxList.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/checkBoxList.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
2ea7c05ebc9afbf695a66e0d86c1a4ec99c81bd71afd1c7c545165980b696557
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 575) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
1580
X-CDN
Incapsula
common.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		13 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/common.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
8c947dfe2d6b2340979b1fb936896c186af4aaddd700be9091d017ce85941c8b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 584) q(0 0 0 -1) r(1 1) U5
Content-Length
3851
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:02 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
ETag
"06659e5966d51:0"
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
google-map.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		724 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/google-map.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
5c541e2e8634c45cd04c9cebc6f84b3c0a5bfe126b515cecc87ca428af1da52c
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 594) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
724
X-CDN
Incapsula
template.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		56 KB
57 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/template.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
98d6fc5c8e67416741c381481ab7ae2c3be8c67c2f82149b0ff1575009ecc0c2
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 695) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
57405
X-CDN
Incapsula
module.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		188 KB
34 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
29814dc70644b1c75e3c80f0e44bf3d93efca7ca16973612d761d5dbecf4e338
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 699) q(0 0 0 -1) r(1 2) U5
Content-Length
33441
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:03 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
ETag
"06659e5966d51:0"
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
printer.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/printer.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
367da0b2f03e6a6035c24189543b0cab1980e2e62b38c8ad1efa69cd06097562
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 703) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
2077
X-CDN
Incapsula
tileManager.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/tileManager.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
3a080f18685baaf2be511a9859d6bbeee808392ac034e12c9da7894aef487920
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 2391) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
6309
X-CDN
Incapsula
menu.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		12 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/menu.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
bfc59a75bccdb0ec1a57be01f8e7e6888b9fdfaccaf1f311bcf105bdbc5f4e2d
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 785) q(0 0 0 -1) r(1 1) U5
Content-Length
2715
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:03 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
ETag
"06659e5966d51:0"
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
wizard.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		59 KB
60 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/wizard.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
c5f47e16fa0d49b005eb6e5af9ab7ceb6eccd12b317c0ef221507dbd81b923f8
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 814) q(0 0 0 -1) r(1 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:02 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
60379
X-CDN
Incapsula
tab.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/tab.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
5ef32ff73136070a4d457187063dcb443eaa6edc7c9408feffa1ae3f19a66996
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 2512) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
1081
X-CDN
Incapsula
progress-bar.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/progress-bar.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
e0e05b87924fcc412258b9a24dfeab9e9e697ab69b55be8364cb591842459ce8
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 900) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
1161
X-CDN
Incapsula
drawer.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		983 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/drawer.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
3e667460fefce5a2fe970fe89057f6c18e7b72e63067df7c3b4168b36d587a08
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 2626) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
983
X-CDN
Incapsula
atmLocator.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		218 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/atmLocator.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
b7acb047f2d46898d4fe77b16ab0aeb7f66b0124d50bab9fa39ce26fa32bc3e9
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 1019) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
218
X-CDN
Incapsula
range.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/range.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
900c3453f4434eeed8a825da471927e0e8483768f2f91ca75b300d127c460f9b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 1023) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
1875
X-CDN
Incapsula
switch.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		4 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/switch.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
45b648ffbe4bda170b2cda93900228a1c57ea28583dcb6a0d2319ef5b6c868b7
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-CDN
Incapsula
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 1035) q(0 0 0 -1) r(1 1) U5
Content-Length
879
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
X-Frame-Options
SAMEORIGIN
Date
Tue, 17 Mar 2020 17:16:03 GMT
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=604800
ETag
"06659e5966d51:0"
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
enforce
onlinebank.report-uri.com/r/t/csp/ 		0
804 B 		Other
General
Check archive.org
Download Go to
Full URL
https://onlinebank.report-uri.com/r/t/csp/enforce
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b958 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
Origin
https://flagstar.onlinebank.com
Sec-Fetch-Dest
report
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 17 Mar 2020 17:16:04 GMT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
access-control-allow-origin
*
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
status
201
strict-transport-security
max-age=63113904; includeSubDomains; preload
cf-ray
57585c0cf8021f31-FRA
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
content.aspx
flagstar.onlinebank.com/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?name=loader
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
c9c2484b74bd1885ba68e33680ded5ee482470df6937369a4699c3f5ca9dbba6
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/27/2020%2010:12:02%20AM
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 27 Aug 2018 07:07:34 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 1462) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
2329
X-CDN
Incapsula
logo.js
mpsnare.iesnare.com/script/ 		96 B
514 B 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/script/logo.js
Requested by
Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/snare.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.129.74.14 , United States, ASN395492 (IOVATION3, US),
Reverse DNS
mpsnare.iesnare.com
Software
nginx /
Resource Hash
3e26445e54ee1ecac7d72de11eeccc19b47c6c31469770c872ad23f67e77a995
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 17 Mar 2020 17:16:04 GMT
Content-Encoding
gzip
Last-Modified
Tue, 06 May 2014 00:01:40 GMT
Server
nginx
Strict-Transport-Security
max-age=15552000; includeSubDomains
p3p
CP="NON DSP COR CURa"
Cache-Control
private
Transfer-Encoding
chunked
Connection
keep-alive
Content-Type
text/javascript; charset=utf-8
Expires
Wed, 17 Mar 2021 17:16:04 GMT
content.aspx
flagstar.onlinebank.com/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?name=FlagstarLogo300px.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
2e562036b690beaf9b3edd4daf553da86a3fc67d12d5649e32d7395b75f97e38
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/27/2020%2010:12:02%20AM
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 06 Aug 2018 20:19:19 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-Iinfo
3-14306932-14306934 ENNN RT(1584465362445 1666) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
9498
X-CDN
Incapsula
content.aspx
flagstar.onlinebank.com/ 		853 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?theme=Theme4&color1=white&image=svg/help-solid.svg
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
d65a44667683feb04ff9c1a60c5dd16a7451d3252ec2a8152efdc3ffee016e01
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/27/2020%2010:12:02%20AM
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jan 0001 05:00:00 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:04 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
X-Iinfo
7-5232989-5232990 ENNN RT(1584465362445 1666) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
853
X-CDN
Incapsula
cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/opensans/v13/ 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/opensans.css
Origin
https://flagstar.onlinebank.com
Sec-Fetch-Dest
font
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Tue, 10 Mar 2020 17:58:18 GMT
x-content-type-options
nosniff
last-modified
Mon, 27 Apr 2015 23:46:39 GMT
server
sffe
age
602266
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
15572
x-xss-protection
0
expires
Wed, 10 Mar 2021 17:58:18 GMT
ajax-loader.gif
flagstar.onlinebank.com/App_Themes/Theme4/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/images/ajax-loader.gif
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
93c99b1a62bdef426c6029d8eeaa796af079bd0b67c7bd67fda444e8afb6f562
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:02 GMT
Server
Microsoft-IIS/8.5
ETag
"03928e4966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
X-Iinfo
8-11880776-11880779 ENNN RT(1584465362447 1668) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:04 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
4178
X-CDN
Incapsula
sprite-y.png
flagstar.onlinebank.com/App_Themes/Theme4/images/ 		7 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/images/sprite-y.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
85c5b4224b245a27a2ed39a18a2b2be57bc4ee9a3e676a8cdbec9a3480732dff
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:04 GMT
Server
Microsoft-IIS/8.5
ETag
"06659e5966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-Iinfo
8-11880775-11880778 ENNN RT(1584465362447 1673) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:03 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
7663
X-CDN
Incapsula
content.aspx
flagstar.onlinebank.com/ 		606 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?theme=theme4-css&skinimage=flagstar/icon-logout.svg&Color1=%23FFFFFF
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
dc62b6009c4b39570ce7e78ff114a134d8e56ba71b75deb0b971d736e3e9aaee
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/27/2020%2010:12:02%20AM
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 01 Jan 0001 05:00:00 GMT
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:03 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
X-Iinfo
0-3805455-3805456 ENNN RT(1584465360819 3301) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
public
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Length
606
X-CDN
Incapsula
js
www.googletagmanager.com/gtag/ 		75 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-34304025-1
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
fd12d3635bc3bf65453bf6361561d708058e9086cada4b27b5620c748719151e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Tue, 17 Mar 2020 17:16:04 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
28554
x-xss-protection
0
last-modified
Tue, 17 Mar 2020 16:25:53 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 17 Mar 2020 17:16:04 GMT
GlanceCobrowseLoader_4.2.0M.js
s3.amazonaws.com/glancecdn/cobrowse/js/
Redirect Chain
  • https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19916&site=production
  • https://s3.amazonaws.com/glancecdn/cobrowse/js/GlanceCobrowseLoader_4.2.0M.js
9 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s3.amazonaws.com/glancecdn/cobrowse/js/GlanceCobrowseLoader_4.2.0M.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.238.245 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1.amazonaws.com
Software
AmazonS3 /
Resource Hash
acb761de56201714caf6714349449e651698b34b30b5274e6ff7eb3c755976a5

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Tue, 17 Mar 2020 17:16:06 GMT
Last-Modified
Fri, 03 Aug 2018 13:12:48 GMT
Server
AmazonS3
x-amz-request-id
72F811C593D8A351
ETag
"b9e08a2419bed112fa7efe1a1a2f7e87"
x-amz-version-id
zTiPqEUFxLSsPGUyNvKNEygG3OHbDfUt
Cache-Control
public, max-age=31556926
x-amz-replication-status
COMPLETED
Accept-Ranges
bytes
Content-Type
application/javascript
Content-Length
8954
x-amz-id-2
6wPv2p0fdn87blaingIAt8Msqb2zATLCHn0pDN6LnihYi3loYDlX+Vh/AdIds9Z0coYWD/OMLEo=

Redirect headers

date
Tue, 17 Mar 2020 17:16:04 GMT
server
Microsoft-IIS/8.5
x-aspnet-version
4.0.30319
access-control-allow-origin
*
location
https://s3.amazonaws.com/glancecdn/cobrowse/js/GlanceCobrowseLoader_4.2.0M.js
content-type
text/html; charset=utf-8
status
302
cache-control
max-age=3600
content-length
194
deployment.js
c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/ 		41 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/deployment.js?_=1584465364074
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.108.235.253 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl8-iad.la2-c1cs-iad.salesforceliveagent.com
Software
Jetty(9.4.z-SNAPSHOT) /
Resource Hash
58d3ab6a4daf74399f6c86b0f65afd5137879cc649dad55ad01b6c92a3929cb7

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Tue, 17 Mar 2020 17:16:04 GMT
Cache-Control
max-age=60, must-revalidate
Last-Modified
Fri, 10 Jan 2020 17:47:28 GMT
Server
Jetty(9.4.z-SNAPSHOT)
Accept-Ranges
bytes
Content-Length
41775
Content-Type
application/javascript
enforce
onlinebank.report-uri.com/r/t/csp/ 		0
237 B 		Other
General
Check archive.org
Download Go to
Full URL
https://onlinebank.report-uri.com/r/t/csp/enforce
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:b958 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
Origin
https://flagstar.onlinebank.com
Sec-Fetch-Dest
report
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 17 Mar 2020 17:16:04 GMT
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
access-control-allow-origin
*
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
status
201
strict-transport-security
max-age=63113904; includeSubDomains; preload
cf-ray
57585c0f98c41f31-FRA
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
content-length
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
equal-housing.png
flagstar.onlinebank.com/App_Themes/Theme4/images/ 		387 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/images/equal-housing.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
50643218771ecacfbc4589c853574765f447e0c9ff848a58d540eafb8fb2afac
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Referer
https://flagstar.onlinebank.com/App_Themes/theme4-css/template.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 May 2019 18:42:02 GMT
Server
Microsoft-IIS/8.5
ETag
"03928e4966d51:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
X-Iinfo
0-3805548-3805549 ENNN RT(1584465362447 1705) q(0 0 0 -1) r(1 1) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
max-age=604800
Date
Tue, 17 Mar 2020 17:16:04 GMT
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Accept-Ranges
bytes
Content-Length
387
X-CDN
Incapsula
need-help.png
www.flagstar.com/content/dam/flagstar/components/need-help/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, 3DES_EDE_CBC
Server
63.78.207.114 , United States, ASN23291 (FLAGSTAR-BANK-, US),
Reverse DNS
flagstar.com
Software
Apache /
Resource Hash
d52a2358d1ecb3ae964abc0ce54afec5d4cc05b71c7880e51b9ababebeca1c2a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 17 Mar 2020 17:16:04 GMT
Last-Modified
Tue, 17 Mar 2020 13:40:54 GMT
Server
Apache
ETag
"9a106-32f9-5a10d15af2580"
Content-Type
image/png
Expires
Thu, 16 Apr 2020 17:16:04 GMT
Cache-Control
max-age=2592000
X-UA-Compatible
IE=Edge
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=99
Content-Length
13049
x-xss-protection
1; mode=block
clientname
flagstar
MCMRequest.aspx
flagstar.onlinebank.com/ 		194 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/MCMRequest.aspx
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
Microsoft-IIS/8.5 /
Resource Hash
b9a1df962710853b696d4434ca29bc7f69dcd1197c9b0a500a8ee6227eec9f3b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://flagstar.onlinebank.com/SignIn.aspx
Origin
https://flagstar.onlinebank.com
X-Requested-With
XMLHttpRequest
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Server
Microsoft-IIS/8.5
Date
Tue, 17 Mar 2020 17:16:04 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
X-Iinfo
8-11880776-11880779 ENNN RT(1584465362447 1779) q(0 0 0 -1) r(2 2) U5
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Cache-Control
private
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Length
194
X-CDN
Incapsula
_Incapsula_Resource
flagstar.onlinebank.com/ 		1 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/_Incapsula_Resource?SWKMTFSR=1&e=0.8461301498632567
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
45.60.34.53 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Cache-Control
no-cache, no-store
X-Robots-Tag
noindex
Content-Length
1
Content-Type
text/plain
analytics.js
www.google-analytics.com/ 		44 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-34304025-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
2552
date
Tue, 17 Mar 2020 16:33:32 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
18174
expires
Tue, 17 Mar 2020 18:33:32 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1575877723&t=pageview&_s=1&dl=https%3A%2F%2Fflagstar.onlinebank.com%2FSignIn.aspx&ul=en-us&de=UTF-8&dt=Sign%20In%20-%20Flagstar%20Bank&sd=24-...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_gid=598338932.1584465365&gjid=415170525&_v=j81&z=1005686934
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_v=j81&z=1005686934
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_v=j81&z=1005686934&slf_rd=1&random=1808130238
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_v=j81&z=1005686934&slf_rd=1&random=1808130238
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 17 Mar 2020 17:16:04 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 17 Mar 2020 17:16:04 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-34304025-1&cid=1346772177.1584465365&jid=723690930&_v=j81&z=1005686934&slf_rd=1&random=1808130238
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
MultiNoun.jsonp
d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/ 		477 B
741 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=5721M000000XZBZ&org_id=00DG0000000Bvr7&version=44
Requested by
Host: c.la2-c2cs-iad.salesforceliveagent.com
URL: https://c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/deployment.js?_=1584465364074
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.108.232.254 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl2-iad.la2-c2-iad.salesforceliveagent.com
Software
/
Resource Hash
d1b4b60005742e62579395c0b5073f8c7b41995d51cfec40622907d435661e36
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
need-help.png
www.flagstar.com/content/dam/flagstar/components/need-help/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.png
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, 3DES_EDE_CBC
Server
63.78.207.114 , United States, ASN23291 (FLAGSTAR-BANK-, US),
Reverse DNS
flagstar.com
Software
Apache /
Resource Hash
d52a2358d1ecb3ae964abc0ce54afec5d4cc05b71c7880e51b9ababebeca1c2a
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Tue, 17 Mar 2020 17:16:06 GMT
Last-Modified
Tue, 17 Mar 2020 13:40:54 GMT
Server
Apache
ETag
"9a106-32f9-5a10d15af2580"
Content-Type
image/png
Expires
Thu, 16 Apr 2020 17:16:06 GMT
Cache-Control
max-age=2592000
X-UA-Compatible
IE=Edge
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=15, max=98
Content-Length
13049
x-xss-protection
1; mode=block
clientname
flagstar

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated

Verdicts & Comments Add Verdict or Comment

269 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| IDS_Namespace function| DataGridKnockoutViewModel object| MessageBus object| PortalUtils function| IDS_DisableControl function| IDS_ConfirmButton function| IDS_PassValidation function| IDS_DisplaySplash function| IDS_ChangeFormTarget function| IDS_ButtonShouldSubmit function| IDS_LinkButtonClick function| IDS_ButtonClick function| IDS_DisableAllDisableWhenClickedButtons object| IDS function| $ function| jQuery object| ko object| orccMcmManager function| MessageDialog_init function| DP_jQuery_1584465364112 object| orccLogManager object| BusyIndicator function| customContinue function| ModalTooltip function| idStringEndsWith function| getLargestOptionLength function| UpgradeSelectBox function| FindDisabledSelectOptions function| GetModalContent function| ApplyModuleResizeModes function| ApplyModuleResizeMode object| jQuery112305121717002556394 object| PersonalizationDataManager object| PersonalizationDOMManager function| setupModuleToolbar string| Page_ValidationVer boolean| Page_IsValid boolean| Page_BlockSubmit object| Page_InvalidControlToBeFocused object| Page_TextTypes function| ValidatorUpdateDisplay function| ValidatorUpdateIsValid function| AllValidatorsValid function| ValidatorHookupControlID function| ValidatorHookupControl function| ValidatorHookupEvent function| ValidatorGetValue function| ValidatorGetValueRecursive function| Page_ClientValidate function| ValidatorCommonOnSubmit function| ValidatorEnable function| ValidatorOnChange function| ValidatedTextBoxOnKeyPress function| ValidatedControlOnBlur function| ValidatorValidate function| ValidatorSetFocus function| IsInVisibleContainer function| IsValidationGroupMatch function| ValidatorOnLoad function| ValidatorConvert function| ValidatorCompare function| CompareValidatorEvaluateIsValid function| CustomValidatorEvaluateIsValid function| RegularExpressionValidatorEvaluateIsValid function| ValidatorTrim function| RequiredFieldValidatorEvaluateIsValid function| RangeValidatorEvaluateIsValid function| ValidationSummaryOnSubmit function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint function| asyncpost_deviceprint string| _i_a string| localObjectName function| __if_a function| __if_b function| __if_c object| _i_d object| _i_o object| _i_z object| _i_aa object| _i_ac object| _i_cr function| __if_d object| io_adp function| __if_e object| _i_dt function| __if_f function| iov_fl_cb function| iov_fl_fn function| iov_fl_get_value function| __if_g object| io_dp function| __if_h function| ioGetBlackbox object| io_cm function| __if_i object| _i_fm object| _i_fn object| _i_fo object| _i_dl object| _i_fp function| __if_j function| __if_k number| _i_fq function| __if_l number| _i_fs function| __if_m string| io_last_error object| IGLOO boolean| io_install_stm boolean| io_install_flash number| io_exclude_stm string| io_stm_cab_url string| io_install_stm_error_handler string| io_flash_needs_update_handler boolean| io_enable_rip object| io_flash_blacklist object| io_flash_whitelist string| io_min_flash_in_firefox_version string| io_min_flash_in_firefox_linux_version string| io_min_flash_version string| _i_dw number| _i_g number| _i_bl object| MessageDialog function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events function| registerContainers function| WebForm_FindFirstFocusableChild function| WebForm_AutoFocus function| WebForm_CanFocus function| WebForm_IsFocusableTag function| WebForm_IsInVisibleContainer function| WebForm_OnSubmit object| antiClickjack object| setModuleToolbarObject boolean| gCurrentUserHasRoleAccountHolder boolean| gCurrentUserHasRoleNativeApp boolean| gCurrentUserHasRoleNonBankingUser boolean| gCurrentUserHasRoleDCBSegment string| gArchAppUrl string| gCurrentUserEAgreementNumber string| gCurrentUserDnaPersonNumber string| gCurrentUserDnaUserFieldFDBR boolean| usedcb string| pref object| PortalUtilValues object| Page_ValidationSummaries object| IDS_DisableWhenClicked object| Page_Validators object| M_layout_content_PCDZ_MMCA7G7_ctl00_validationSummary object| M_layout_content_PCDZ_MMCA7G7_ctl00_webInputForm_txtLoginName_RFV object| M_layout_content_PCDZ_MMCA7G7_ctl00_webInputForm_txtPassword_RFV boolean| Page_ValidationActive function| ValidatorOnSubmit string| portalUserName string| googleClientID function| gtag object| dataLayer function| initChatContent function| needHelpInit function| handleBtnKeyPress function| toggleNeedHelpClass boolean| screenCheck object| template string| templateHtml string| resultsHtml string| livePersonChatLibJs string| livePersonChatUrl string| livePersonChatParam1 string| livePersonChatParam2 string| livePersonChatOnlineImage object| _laq object| script object| theme4Model undefined| userActionConfig function| setBusyIndicator function| AppLoadCheck function| isIos7 function| getFastBalancesOffset function| saveModuleUserAction function| triggerMouseEvent number| offset object| $ele object| Typekit object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData boolean| liveAgentDeployment object| liveagent object| GLANCE

2 Cookies

Domain/Path Name / Value
flagstar.onlinebank.com/ Name: liveagent_vc
Value: 1
flagstar.onlinebank.com/ Name: liveagent_oref
Value:

3 Console Messages

Source Level URL
Text
console-api log URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=66847D695A3EC69200ED116E8C5CF8DE(Line 8)
Message:
JQMIGRATE: Migrate is installed, version 1.4.1
console-api error URL: https://s3.amazonaws.com/glancecdn/cobrowse/js/GlanceCobrowseLoader_4.2.0M.js(Line 21)
Message:
ERR_COBROWSE_NOT_SUPP
console-api error URL: https://s3.amazonaws.com/glancecdn/cobrowse/js/GlanceCobrowseLoader_4.2.0M.js(Line 21)
Message:
ERR_COBROWSE_NOT_SUPP

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.la2-c2cs-iad.salesforceliveagent.com
d.la2-c2-iad.salesforceliveagent.com
flagstar.onlinebank.com
fonts.gstatic.com
mpsnare.iesnare.com
onlinebank.report-uri.com
s3.amazonaws.com
stats.g.doubleclick.net
truncated
use.typekit.net
www.flagstar.com
www.glancecdn.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
truncated
13.108.232.254
13.108.235.253
23.37.33.211
2606:4700::6811:b958
2a00:1450:4001:800::2003
2a00:1450:4001:815::2003
2a00:1450:4001:815::200e
2a00:1450:4001:817::2008
2a00:1450:4001:824::2004
2a00:1450:400c:c0c::9d
35.153.153.196
45.60.34.53
52.129.74.14
52.216.238.245
63.78.207.114
0da5cf16d1a549dc5e4acffcd3f86700a298d6c6702a3b4fe89c5bab314f6c84
0f9ba58762585fb64d3252ba7a6a6e2fbf8b3853115028f7f1e8618b9adb14fa
12371d559ec2b98cc635e6a5fd67d78baa7f052e9abad5808eeaccd50224d335
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
16d8c6c10eca296a3addd2a2316aacd62946e9014e994f6c0a61c454c554f07f
2554fdbe29ce9b5f1fa7b8f38afa62e882edc0fcedc9edb3e396c90eb02776af
25d8216dcffe1420437fe6c11eaa1cde529708862d1420aa792ff41483cf0ff3
283c84201f419afd4b749093bea98993b525892798cb48b34647a74b7a8bcd1b
29174c3dc55eea46741571209fce99910e494e7a2a5fdfd325a8d20087ef89ed
29814dc70644b1c75e3c80f0e44bf3d93efca7ca16973612d761d5dbecf4e338
2e562036b690beaf9b3edd4daf553da86a3fc67d12d5649e32d7395b75f97e38
2ea7c05ebc9afbf695a66e0d86c1a4ec99c81bd71afd1c7c545165980b696557
367da0b2f03e6a6035c24189543b0cab1980e2e62b38c8ad1efa69cd06097562
38ceea9bbebce6221e6f9825e6a25ba40d75687767385f8e234ed70c4e2d9743
39cf40e6045db72c75ee95309db213c0e684dde33109f968ecf096681a64ea05
3a080f18685baaf2be511a9859d6bbeee808392ac034e12c9da7894aef487920
3e26445e54ee1ecac7d72de11eeccc19b47c6c31469770c872ad23f67e77a995
3e667460fefce5a2fe970fe89057f6c18e7b72e63067df7c3b4168b36d587a08
3f1e092150682eca81e30aea0e52a244aacabee55e51f938187b688495bc276d
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4181ba8af6f8e421d85560793c7dda28d3ec22b6e5f35eb1d21dfde6bf6f6eed
45b648ffbe4bda170b2cda93900228a1c57ea28583dcb6a0d2319ef5b6c868b7
50643218771ecacfbc4589c853574765f447e0c9ff848a58d540eafb8fb2afac
58d3ab6a4daf74399f6c86b0f65afd5137879cc649dad55ad01b6c92a3929cb7
5b00ef9e1ac889bb399f0578aa17a88b9a0318e0632bb16e862a111270b0cf2e
5c541e2e8634c45cd04c9cebc6f84b3c0a5bfe126b515cecc87ca428af1da52c
5ef32ff73136070a4d457187063dcb443eaa6edc7c9408feffa1ae3f19a66996
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
740a76f0e0aa28b9ca9377c8c741a7a5236c10e40f1aaa39cfc0e729a95180ff
8116cc35619b96c857b95da7585a85f6f3ae8dc0a5987ef8eb3ce0eb62c4e181
85c5b4224b245a27a2ed39a18a2b2be57bc4ee9a3e676a8cdbec9a3480732dff
8c947dfe2d6b2340979b1fb936896c186af4aaddd700be9091d017ce85941c8b
8dd496476d04b01e64e3042a5ecaa049b89601b02145a66c23ecca9d11dbb0c9
900c3453f4434eeed8a825da471927e0e8483768f2f91ca75b300d127c460f9b
90a5e085de08b76787107ea46a188afc417537f1903e36ef89b6c63d5b0581e2
926172c6f78bad8d437e449a3309ea0de03199f2bc0d2101899f3ce99df04f4b
93c99b1a62bdef426c6029d8eeaa796af079bd0b67c7bd67fda444e8afb6f562
94fb85c0bd3e70b7508434ba7625483252ed4e86dbde231b7917c9ef0a7ef781
9809c7b50f66d112c97b2ad1874f43561dbf2db7ed9155d30cf85e9be34810d1
98d6fc5c8e67416741c381481ab7ae2c3be8c67c2f82149b0ff1575009ecc0c2
acb761de56201714caf6714349449e651698b34b30b5274e6ff7eb3c755976a5
b7acb047f2d46898d4fe77b16ab0aeb7f66b0124d50bab9fa39ce26fa32bc3e9
b9a1df962710853b696d4434ca29bc7f69dcd1197c9b0a500a8ee6227eec9f3b
b9c775232213b8a4b7a63dfaf839757b2a8d1583a1af7b5766030da6e8c474b4
bc5427c8becdc12dbb8026919b68588038af5c479590819134593e007eadfa67
bfc59a75bccdb0ec1a57be01f8e7e6888b9fdfaccaf1f311bcf105bdbc5f4e2d
c0ff4817b1eb977c5bd7b1991006c69090ffdae73733a7d8829fec8d611f69fc
c5f47e16fa0d49b005eb6e5af9ab7ceb6eccd12b317c0ef221507dbd81b923f8
c9c2484b74bd1885ba68e33680ded5ee482470df6937369a4699c3f5ca9dbba6
cb5643ffff191bf755e4b0812525d2db86931ea3f666bc8f0bf244f2da2042b9
cd883dadd75506756b2704cc9688ec1a19fa80ca98d41ad754c81fcdf20478bb
d0cb17c92e5b60bd268f47a2715d9f6659f45dc26c4b9ae5767ee0b655a5bd1f
d1b4b60005742e62579395c0b5073f8c7b41995d51cfec40622907d435661e36
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d52a2358d1ecb3ae964abc0ce54afec5d4cc05b71c7880e51b9ababebeca1c2a
d65a44667683feb04ff9c1a60c5dd16a7451d3252ec2a8152efdc3ffee016e01
d91a13ea8b1257f34b0402fba9e9875131d80dfcf2ed3e335fb594d084216a68
dc62b6009c4b39570ce7e78ff114a134d8e56ba71b75deb0b971d736e3e9aaee
de9ae63fef36954e6cc48eaec6a023485b36043869cc598e042d8b2e67ba97c3
e0e05b87924fcc412258b9a24dfeab9e9e697ab69b55be8364cb591842459ce8
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
f24065e4c062aa2dac22f15324a0c76ae8cd8a173a5dce900aff248c169d0540
f31e15302a59e25862ffaff4e854830ad9759f948bf537ae5c0dba24a12f2406
f4f9f204aaab6f4fc1dfda7bc3bd4aad98d4236c7061b144b496dd991cbf12ae
fd12d3635bc3bf65453bf6361561d708058e9086cada4b27b5620c748719151e