Submitted URL: https://mabanqueprivee.mondemain.bnpparibas/
Effective URL: https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11e9-8a67-00505600a8e7...
Submission: On November 12 via api from US — Scanned from US

Summary

This website contacted 5 IPs in 1 countries across 7 domains to perform 27 HTTP transactions. The main IP is 23.212.251.10, located in and belongs to . The main domain is connexion-mabanque.bnpparibas.
TLS certificate: Issued by Entrust Certification Authority - L1K on September 27th 2023. Valid for: a year.
This is the only time connexion-mabanque.bnpparibas was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
10 mabanqueprivee.mondemain.bnpparibas 1 redirects mabanqueprivee.mondemain.bnpparibas
2 connexion-mabanque.bnpparibas 1 redirects mabanqueprivee.mondemain.bnpparibas
connexion-mabanque.bnpparibas
2 fr-sesame-websso.bnpparibascardif.com 2 redirects
1 api-nav.bddf.bnpparibas 1 redirects
1 cdn.cookielaw.org www.googletagmanager.com
1 www.googletagmanager.com mabanqueprivee.mondemain.bnpparibas
0 mabanque.bnpparibas Failed connexion-mabanque.bnpparibas
27 7

This site contains no links.

Subject Issuer Validity Valid
bnp20b.bnpparibas.com
DigiCert TLS RSA SHA256 2020 CA1
2023-10-24 -
2024-03-23
5 months crt.sh
*.google-analytics.com
GTS CA 1C3
2023-10-16 -
2024-01-08
3 months crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2023-04-01 -
2024-03-31
a year crt.sh
tpc-connexion.mabanque.bnpparibas
Entrust Certification Authority - L1K
2023-09-27 -
2024-09-27
a year crt.sh

This page contains 1 frames:

Primary Page: https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11e9-8a67-00505600a8e7%26redirect_uri%3Dhttps%253A%252F%252Fapi-nav.bddf.bnpparibas%252Fpgg%252Fas-front%252Fv2%252FOIDCToken%26response_type%3Dcode%26state%3D863fb877-3fdc-4bf2-a946-aa40205d884c%26client_name%3DCasOAuthClient
Frame ID: 610612FA2B4484B83D7C405AD8E2B23C
Requests: 28 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://mabanqueprivee.mondemain.bnpparibas/ Page URL
  2. https://mabanqueprivee.mondemain.bnpparibas/bff/login?returnUrl=https%3A%2F%2Fmabanqueprivee.mondemain.bnpparibas%2Fchec... HTTP 302
    https://fr-sesame-websso.bnpparibascardif.com/auth/realms/Cardif-fr-prod/protocol/openid-connect/auth?client_id=FR-CARDIF-... HTTP 303
    https://fr-sesame-websso.bnpparibascardif.com/auth/realms/Cardif-fr-prod/broker/oidc-client-mabanqueprivee-mondemain-bcef/... HTTP 303
    https://api-nav.bddf.bnpparibas/pgg/as-front/v2/retail-bpf/authorize?scope=openid+ikpi&state=eEtqsSdUS7nFtzU... HTTP 302
    https://connexion-mabanque.bnpparibas/oidc/authorize?client_id=76f34ea8-8097-11e9-8a67-00505600a8e7&scope=+openid%... HTTP 302
    https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org

Page Statistics

27
Requests

44 %
HTTPS

50 %
IPv6

7
Domains

7
Subdomains

5
IPs

1
Countries

3704 kB
Transfer

8329 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mabanqueprivee.mondemain.bnpparibas/ Page URL
  2. https://mabanqueprivee.mondemain.bnpparibas/bff/login?returnUrl=https%3A%2F%2Fmabanqueprivee.mondemain.bnpparibas%2Fcheck-customer HTTP 302
    https://fr-sesame-websso.bnpparibascardif.com/auth/realms/Cardif-fr-prod/protocol/openid-connect/auth?client_id=FR-CARDIF-MONDEMAIN-CLIENT-MABANQUE-PRIVEE&redirect_uri=https%3A%2F%2Fmabanqueprivee.mondemain.bnpparibas%2Fsignin-oidc&response_type=code&scope=openid%20profile%20offline_access&code_challenge=DaPsACX24pFDowdpfEa5dcwNPIKWKSclhGASIPMOip8&code_challenge_method=S256&nonce=638353716467156983.MmQ0Yzk4ZDktNGJiNi00Nzc2LTlkOTgtY2MzZTE3MDc5MzNhMGM2ZmM1M2QtNjBkMi00OWFkLTkxNzItYWY1Mjk4YTE0MGVi&state=CfDJ8B6XgHCY_OlBkzGYeeqRJiHwnCorVyDnqZTC85nhjpicdkc_yfw6aqdJht9OMIY6ud4El2TTNtAtP9ANHhqVAQZq6cHaMdGJaS-s80GZNy2eoTDhSUDcOqOQTVdt_gKFoXWENdCpMao5nGYS_pBVVi0JY7eJvvzWdyM3Py0mDm7mQ8IypMPhB0Ofmr-cJIgQ0yJN_LbDii0QpUIw4Ygy5ZpD3is7X08h0fKg5wgelqzGNul2-aX10gAjilV0UovLqCP86row4Ox-xpjvJr9US89FMChnjij5vTQsdxCutvgLelhQ80x2l9uF-O1VMpeZjXgvE3YbTHxD0ktGzeHyq7utoFBH5NVG9IkEASuRptOtsJpHGFlcCyjb4rWELJpUZwhm87V6PsdTOImz-OlkoNZjzKOfsaIW5JHrsue4atp27Yq3DG7vuowdPxlaoeHLYzxGY6cb5NeG1vOBcEpgqYpKiWLGjFRvP5247E0t4inM&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=6.10.0.0 HTTP 303
    https://fr-sesame-websso.bnpparibascardif.com/auth/realms/Cardif-fr-prod/broker/oidc-client-mabanqueprivee-mondemain-bcef/login?session_code=W1Z_0cytZoMKDA66UQfqJCe9EiBshSGp8Wet-LskYy0&client_id=FR-CARDIF-MONDEMAIN-CLIENT-MABANQUE-PRIVEE&tab_id=HK4lD8ebfEc HTTP 303
    https://api-nav.bddf.bnpparibas/pgg/as-front/v2/retail-bpf/authorize?scope=openid+ikpi&state=eEtqsSdUS7nFtzUrOKKuaEOG4N5K4Z97AQslPqBrzdA.HK4lD8ebfEc.FR-CARDIF-MONDEMAIN-CLIENT-MABANQUE-PRIVEE&response_type=code&client_id=a0fd1ef3-b3b5-45db-877f-dde5859165cb&redirect_uri=https%3A%2F%2Ffr-sesame-websso.bnpparibascardif.com%2Fauth%2Frealms%2FCardif-fr-prod%2Fbroker%2Foidc-client-mabanqueprivee-mondemain-bcef%2Fendpoint&nonce=DkgEw3o7FErpsq6aDLSvcA HTTP 302
    https://connexion-mabanque.bnpparibas/oidc/authorize?client_id=76f34ea8-8097-11e9-8a67-00505600a8e7&scope=+openid%20bnpp_mabanque%20ikpi+&response_type=code&state=863fb877-3fdc-4bf2-a946-aa40205d884c&redirect_uri=https://api-nav.bddf.bnpparibas/pgg/as-front/v2/OIDCToken&ui=classic%20bpf HTTP 302
    https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11e9-8a67-00505600a8e7%26redirect_uri%3Dhttps%253A%252F%252Fapi-nav.bddf.bnpparibas%252Fpgg%252Fas-front%252Fv2%252FOIDCToken%26response_type%3Dcode%26state%3D863fb877-3fdc-4bf2-a946-aa40205d884c%26client_name%3DCasOAuthClient Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

27 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
mabanqueprivee.mondemain.bnpparibas/
3 KB
3 KB
Document
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
cda5e1bae1361799c8c5e16e3d734b8386e1d0f260b6ea52c0ab0bb4efd7602c
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000 max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff nosniff nosniff
X-Frame-Options DENY SAMEORIGIN SAMEORIGIN
X-Xss-Protection 0 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1823
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Content-Type
text/html
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Date
Sun, 12 Nov 2023 07:40:38 GMT
ETag
"65322456-b2a"
Last-Modified
Fri, 20 Oct 2023 06:55:18 GMT
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=2592000 max-age=63072000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff nosniff nosniff
X-Correlation-ID
8004ddd5-0000-f100-b63f-84710c7967bb
X-Frame-Options
DENY SAMEORIGIN SAMEORIGIN
X-XSS-Protection
0 0
x-robots-tag
noindex, nofollow, nosnippet, noarchive
onetrust.css
mabanqueprivee.mondemain.bnpparibas/
10 KB
3 KB
Stylesheet
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/onetrust.css
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4b38cdd7d676b451f521c82bc6d612b4593cc95f1a62067764b0184b8804e81f
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 0, 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=2592000, max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:38 GMT
X-Correlation-ID
8004ddd6-0000-f100-b63f-84710c7967bb
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
1900
X-XSS-Protection
0, 0
Referrer-Policy
no-referrer
Last-Modified
Fri, 20 Oct 2023 06:52:53 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"653223c5-2654"
Vary
Accept-Encoding
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
text/css
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Accept-Ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
main.f59926bc.js
mabanqueprivee.mondemain.bnpparibas/static/js/
7 MB
3 MB
Script
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/static/js/main.f59926bc.js
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
679293a7ad9fad5489377c83d040aa371e0050f2dd7f142072071528bd79985b
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 0, 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=2592000, max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:39 GMT
X-Correlation-ID
80037547-0000-ee00-b63f-84710c7967bb
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
require-corp
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive, Transfer-Encoding
X-XSS-Protection
0, 0
Referrer-Policy
no-referrer
Last-Modified
Fri, 20 Oct 2023 06:55:18 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"65322456-703104"
Vary
Accept-Encoding
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
application/javascript
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Accept-Ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
main.6ea3ae7f.css
mabanqueprivee.mondemain.bnpparibas/static/css/
544 KB
191 KB
Stylesheet
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/static/css/main.6ea3ae7f.css
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
81ae037c78f72a7f5a020ae51c4d27c4cb3503137a361184fe4f334c8a5d0adb
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 0, 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=2592000, max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:39 GMT
X-Correlation-ID
8004ddd7-0000-f100-b63f-84710c7967bb
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
require-corp
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive, Transfer-Encoding
X-XSS-Protection
0, 0
Referrer-Policy
no-referrer
Last-Modified
Fri, 20 Oct 2023 06:55:18 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"65322456-880f7"
Vary
Accept-Encoding
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
text/css
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Accept-Ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
logo.png
mabanqueprivee.mondemain.bnpparibas/
12 KB
14 KB
Image
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/logo.png
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4f8b07ef48126cbb6aecf78207724133a0f45226893b5a806a31dce2378733ed
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 0, 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=2592000, max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:39 GMT
X-Correlation-ID
8004ddd8-0000-f100-b63f-84710c7967bb
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
12726
X-XSS-Protection
0, 0
Referrer-Policy
no-referrer
Last-Modified
Fri, 20 Oct 2023 06:52:53 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"653223c5-31b6"
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
image/png
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Accept-Ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
gtm.js
www.googletagmanager.com/
301 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5X4ZH2Q
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c08::61 Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
dc3f9610e316a623ef6665a569109ae698636ab211392e7a63cd8ee452102fe6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 07:40:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86712
x-xss-protection
0
last-modified
Sun, 12 Nov 2023 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sun, 12 Nov 2023 07:40:38 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/undefined/
0
0
Script
General
Full URL
https://cdn.cookielaw.org/consent/undefined/OtAutoBlock.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5X4ZH2Q
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:82ec , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://mabanqueprivee.mondemain.bnpparibas
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

date
Sun, 12 Nov 2023 07:40:40 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
content-type
application/xml
access-control-allow-origin
*
x-ms-request-id
14e050d3-701e-00a3-2d3b-155c46000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
cf-ray
824d20cdd9214bc1-BUF
expires
Mon, 13 Nov 2023 07:40:40 GMT
tenant
mabanqueprivee.mondemain.bnpparibas/api/
681 B
2 KB
XHR
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/api/tenant
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/static/js/main.f59926bc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c1cbcf9d17cd7e84674346269aca15dbc35284e2fae586d898ce3c3371fec422
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:45 GMT
X-Correlation-ID
8004ddda-0000-f100-b63f-84710c7967bb
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
681
X-XSS-Protection
0
Referrer-Policy
no-referrer
Cross-Origin-Opener-Policy
same-origin
X-Frame-Options
DENY, SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/json
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
user
mabanqueprivee.mondemain.bnpparibas/bff/
0
848 B
XHR
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/bff/user
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/static/js/main.f59926bc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept
application/json, text/plain, */*
Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff, nosniff
X-Correlation-ID
80037548-0000-ee00-b63f-84710c7967bb
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Embedder-Policy
require-corp
Date
Sun, 12 Nov 2023 07:40:46 GMT
X-Frame-Options
DENY, SAMEORIGIN
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
0
X-XSS-Protection
0
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6f545ec8f260644d07b268e7e056e987492aa83e61e9e6121f489a74d642b353

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Content-Type
image/png
OpenSans-Bold.6e27168fc8a5a200a026.ttf
mabanqueprivee.mondemain.bnpparibas/static/media/
127 KB
128 KB
Font
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/static/media/OpenSans-Bold.6e27168fc8a5a200a026.ttf
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/static/css/main.6ea3ae7f.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 0, 0

Request headers

Referer
Origin
https://mabanqueprivee.mondemain.bnpparibas
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=2592000, max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:46 GMT
X-Correlation-ID
8004dddb-0000-f100-b63f-84710c7967bb
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
129784
X-XSS-Protection
0, 0
Referrer-Policy
no-referrer
Last-Modified
Fri, 20 Oct 2023 06:55:18 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"65322456-1faf8"
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
application/octet-stream
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Accept-Ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
OpenSans-Regular.d7d7b8359eeb9cddfba6.ttf
mabanqueprivee.mondemain.bnpparibas/static/media/
127 KB
128 KB
Font
General
Full URL
https://mabanqueprivee.mondemain.bnpparibas/static/media/OpenSans-Regular.d7d7b8359eeb9cddfba6.ttf
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/static/css/main.6ea3ae7f.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1408:ec00:10::1730:cb12 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000, max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff, nosniff, nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 0, 0

Request headers

Referer
Origin
https://mabanqueprivee.mondemain.bnpparibas
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36

Response headers

Strict-Transport-Security
max-age=2592000, max-age=63072000; includeSubDomains
Content-Security-Policy
default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
X-Content-Type-Options
nosniff, nosniff, nosniff
Date
Sun, 12 Nov 2023 07:40:46 GMT
X-Correlation-ID
8003754a-0000-ee00-b63f-84710c7967bb
Cross-Origin-Embedder-Policy
require-corp
Cross-Origin-Resource-Policy
same-origin
Connection
keep-alive
Content-Length
129796
X-XSS-Protection
0, 0
Referrer-Policy
no-referrer
Last-Modified
Fri, 20 Oct 2023 06:55:18 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"65322456-1fb04"
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
application/octet-stream
Permissions-Policy
accelerometer=(), geolocation=(self), fullscreen=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(self)
Accept-Ranges
bytes
x-robots-tag
noindex, nofollow, nosnippet, noarchive
Primary Request login
connexion-mabanque.bnpparibas/
Redirect Chain
  • https://mabanqueprivee.mondemain.bnpparibas/bff/login?returnUrl=https%3A%2F%2Fmabanqueprivee.mondemain.bnpparibas%2Fcheck-customer
  • https://fr-sesame-websso.bnpparibascardif.com/auth/realms/Cardif-fr-prod/protocol/openid-connect/auth?client_id=FR-CARDIF-MONDEMAIN-CLIENT-MABANQUE-PRIVEE&redirect_uri=https%3A%2F%2Fmabanqueprivee....
  • https://fr-sesame-websso.bnpparibascardif.com/auth/realms/Cardif-fr-prod/broker/oidc-client-mabanqueprivee-mondemain-bcef/login?session_code=W1Z_0cytZoMKDA66UQfqJCe9EiBshSGp8Wet-LskYy0&client_id=FR...
  • https://api-nav.bddf.bnpparibas/pgg/as-front/v2/retail-bpf/authorize?scope=openid+ikpi&state=eEtqsSdUS7nFtzUrOKKuaEOG4N5K4Z97AQslPqBrzdA.HK4lD8ebfEc.FR-CARDIF-MONDEMAIN-CLIENT-MABANQUE-PRIVEE&respo...
  • https://connexion-mabanque.bnpparibas/oidc/authorize?client_id=76f34ea8-8097-11e9-8a67-00505600a8e7&scope=+openid%20bnpp_mabanque%20ikpi+&response_type=code&state=863fb877-3fdc-4bf2-a946-aa40205d88...
  • https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11e9-8a67-00505600a8e7%26redirect_uri%3Dhttps%253A%252F%252Fapi-nav.bddf.bnpparibas%2...
22 KB
0
Document
General
Full URL
https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11e9-8a67-00505600a8e7%26redirect_uri%3Dhttps%253A%252F%252Fapi-nav.bddf.bnpparibas%252Fpgg%252Fas-front%252Fv2%252FOIDCToken%26response_type%3Dcode%26state%3D863fb877-3fdc-4bf2-a946-aa40205d884c%26client_name%3DCasOAuthClient
Requested by
Host: mabanqueprivee.mondemain.bnpparibas
URL: https://mabanqueprivee.mondemain.bnpparibas/static/js/main.f59926bc.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.212.251.10 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.hellobankpro.fr *.hellobank.fr *.bnpparibas *.bnpparibas.net *.cardif-iard.fr *.biapi.pro *.mosaic.fr *.protection24.com *.facil-iti.com *.herokuapp.com *.matmut.com login.mabanque-s4.dev.echonet:8443
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.123 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Language
en
Content-Length
11314
Content-Security-Policy
frame-ancestors 'self' *.hellobankpro.fr *.hellobank.fr *.bnpparibas *.bnpparibas.net *.cardif-iard.fr *.biapi.pro *.mosaic.fr *.protection24.com *.facil-iti.com *.herokuapp.com *.matmut.com login.mabanque-s4.dev.echonet:8443
Content-Type
text/html;charset=UTF-8
Date
Sun, 12 Nov 2023 07:40:52 GMT
Expires
0
Pragma
no-cache
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block 0

Redirect headers

Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
keep-alive
Content-Length
0
Content-Security-Policy
frame-ancestors 'self' *.hellobankpro.fr *.hellobank.fr *.bnpparibas *.bnpparibas.net *.cardif-iard.fr *.biapi.pro *.mosaic.fr *.protection24.com *.facil-iti.com *.herokuapp.com *.matmut.com login.mabanque-s4.dev.echonet:8443
Date
Sun, 12 Nov 2023 07:40:52 GMT
Expires
0
Location
https://connexion-mabanque.bnpparibas/login?service=%2Foauth2.0%2FcallbackAuthorize%3Fclient_id%3D76f34ea8-8097-11e9-8a67-00505600a8e7%26redirect_uri%3Dhttps%253A%252F%252Fapi-nav.bddf.bnpparibas%252Fpgg%252Fas-front%252Fv2%252FOIDCToken%26response_type%3Dcode%26state%3D863fb877-3fdc-4bf2-a946-aa40205d884c%26client_name%3DCasOAuthClient
Pragma
no-cache
Strict-Transport-Security
max-age=63072000; includeSubDomains
Vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Content-Type-Options
nosniff nosniff
X-Frame-Options
DENY SAMEORIGIN
X-XSS-Protection
1; mode=block 0
style.css
mabanque.bnpparibas/rsc/contrib/identification/src/themes/mabanque-bpf/css/
0
0

cas-header-bpf.css
mabanque.bnpparibas/rsc/contrib/css/bpf/
0
0

cas-footer-bpf.css
mabanque.bnpparibas/rsc/contrib/css/bpf/
0
0

base_bpf.css
mabanque.bnpparibas/rsc/contrib/css/bpf/
0
0

fix.css
mabanque.bnpparibas/rsc/contrib/css/particuliers/
0
0

01_jquery-3.3.1-6a07da9fae934baf3f749e876bbfdd96.js
connexion-mabanque.bnpparibas/common/js/
0
0

publication-e4070c51eb28c1fd29d9698714cd783f.js
connexion-mabanque.bnpparibas/mabanque/js/
0
0

cas-8da6e3f4dedbd2a8e537fcf64deb8c38.js
connexion-mabanque.bnpparibas/common/js/
0
0

grille-705ed221746a2c5c6985f0a6326d17ed.js
connexion-mabanque.bnpparibas/common/js/
0
0

bjtdzi1212.js
connexion-mabanque.bnpparibas/common/threatMetrix/
0
0

pfbp.js
connexion-mabanque.bnpparibas/common/threatMetrix/
0
0

DependanceSatelliteLoader.js
mabanque.bnpparibas/rsc/contrib/script/generique/
0
0

satelliteLoader.js
mabanque.bnpparibas/rsc/contrib/script/generique/
0
0

cas.min.js
mabanque.bnpparibas/rsc/contrib/script/particuliers/min/
0
0

keepalive-9d8dc0169810b25ddc72bd43c32028e1.js
connexion-mabanque.bnpparibas/common/js/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/identification/src/themes/mabanque-bpf/css/style.css
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/css/bpf/cas-header-bpf.css
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/css/bpf/cas-footer-bpf.css
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/css/bpf/base_bpf.css
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/css/particuliers/fix.css
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/common/js/01_jquery-3.3.1-6a07da9fae934baf3f749e876bbfdd96.js
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/mabanque/js/publication-e4070c51eb28c1fd29d9698714cd783f.js
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/common/js/cas-8da6e3f4dedbd2a8e537fcf64deb8c38.js
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/common/js/grille-705ed221746a2c5c6985f0a6326d17ed.js
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/common/threatMetrix/bjtdzi1212.js
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/common/threatMetrix/pfbp.js
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/script/generique/DependanceSatelliteLoader.js
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/script/generique/satelliteLoader.js
Domain
mabanque.bnpparibas
URL
https://mabanque.bnpparibas/rsc/contrib/script/particuliers/min/cas.min.js
Domain
connexion-mabanque.bnpparibas
URL
https://connexion-mabanque.bnpparibas/common/js/keepalive-9d8dc0169810b25ddc72bd43c32028e1.js

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

5 Cookies

Domain/Path Name / Value
mabanqueprivee.mondemain.bnpparibas/signin-oidc Name: .AspNetCore.OpenIdConnect.Nonce.CfDJ8B6XgHCY_OlBkzGYeeqRJiE0vhTNQWvtRrbE7m09ZBX82DqGrEFL1CWpb3xZdcFiu_BRsTJzjne7EvgY8bjaDD4PnVIs4vPjbOX2PKD14xjOTwbjPCvpvlV931gKkdrUGm858yDy-w07p4b4Zop1iHB3HI-fle1Hz425zWRU4kfTnNyP0qDQgy04E52NBQD-6TZSqTdIvxBaeR1vN3hMd2i655gOlexCzmD3R0TCPtE7pfafcogQCC4uJTZ9W6q3DfA8If0tvo6nu0xp6SyMwos
Value: N
mabanqueprivee.mondemain.bnpparibas/signin-oidc Name: .AspNetCore.Correlation.8pOzNEVQmvmxa9txV_-NJ21Sb5ALiJbuptuMeq6VnV8
Value: N
mabanqueprivee.mondemain.bnpparibas/signin-oidc Name: TS01272518
Value: 014ba36abb53b7bacfb40a252b5d127e76ba6e5f1a8918ec69a6834851291f17308af9e1621ca1caf394c3cfb9d0af658f4da17e4b
mabanqueprivee.mondemain.bnpparibas/ Name: BIGipServer~CARDIF~AP26232P0P01_mabanque_monde_http_tcp_443~P_mabanqueprivee__http_443
Value: 1823666442.52008.0000
mabanqueprivee.mondemain.bnpparibas/ Name: TS01f80e20
Value: 014ba36abb53b7bacfb40a252b5d127e76ba6e5f1a8918ec69a6834851291f17308af9e1621ca1caf394c3cfb9d0af658f4da17e4b

5 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
network error URL: https://cdn.cookielaw.org/consent/undefined/OtAutoBlock.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://mabanqueprivee.mondemain.bnpparibas/
Message:
Refused to execute script from 'https://cdn.cookielaw.org/consent/undefined/OtAutoBlock.js' because its MIME type ('application/xml') is not executable, and strict MIME type checking is enabled.
network error URL: https://mabanqueprivee.mondemain.bnpparibas/bff/user
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' mabanque.mondemain.bnpparibas/* mabanqueprivee.mondemain.bnpparibas/* 'unsafe-inline' data: https: googletagmanager:*;
Strict-Transport-Security max-age=2592000 max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff nosniff nosniff
X-Frame-Options DENY SAMEORIGIN SAMEORIGIN
X-Xss-Protection 0 0