origin-www.hsbc.com.ph Open in urlscan Pro
203.112.93.20 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://origin-www.hsbc.com.ph/
Submission Tags: falconsandbox
Submission: On December 13 via api (December 13th 2024, 9:08:33 am UTC) from US — Scanned from DE

Summary HTTP 50 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 19 IPs in 4 countries across 15 domains to perform 50 HTTP transactions. The main IP is 203.112.93.20, located in Hong Kong and belongs to HSBC-HK-AS HSBC HongKong, HK. The main domain is origin-www.hsbc.com.ph.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 8th 2024. Valid for: a year.

This is the only time origin-www.hsbc.com.ph was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
15	203.112.93.20 203.112.93.20	9221 (HSBC-HK-A...) (HSBC-HK-AS HSBC HongKong)
14	2600:9000:276... 2600:9000:2761:f400:7:2bfb:7c00:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:4139	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	23.45.104.216 23.45.104.216	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2606:4700::68... 2606:4700::6812:4239	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	18.245.60.89 18.245.60.89	16509 (AMAZON-02) (AMAZON-02)
1	34.49.241.189 34.49.241.189	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	2a00:1450:400... 2a00:1450:4001:82f::2008	15169 (GOOGLE) (GOOGLE)
1	142.250.185.98 142.250.185.98	15169 (GOOGLE) (GOOGLE)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	157.240.253.1 157.240.253.1	32934 (FACEBOOK) (FACEBOOK)
2	18.66.122.49 18.66.122.49	16509 (AMAZON-02) (AMAZON-02)
1	18.176.161.80 18.176.161.80	16509 (AMAZON-02) (AMAZON-02)
1	178.249.97.23 178.249.97.23	11054 (LIVEPERSON) (LIVEPERSON)
1	142.250.186.132 142.250.186.132	15169 (GOOGLE) (GOOGLE)
2	157.240.253.35 157.240.253.35	32934 (FACEBOOK) (FACEBOOK)
1	52.25.137.149 52.25.137.149	16509 (AMAZON-02) (AMAZON-02)
1	54.178.84.216 54.178.84.216	16509 (AMAZON-02) (AMAZON-02)
50	19

15 203.112.93.20 (Hong Kong)

ASN9221 (HSBC-HK-AS HSBC HongKong, HK)

origin-www.hsbc.com.ph	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2600:9000:2761:f400:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4139 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.45.104.216 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-216.deploy.static.akamaitechnologies.com

akamai.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:4239 (United States)

ASN13335 (CLOUDFLARENET, US)

a19069622224.cdn.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.60.89 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-89.fra60.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.49.241.189 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 189.241.49.34.bc.googleusercontent.com

logx.optimizely.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.98 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.66.122.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-122-49.fra60.r.cloudfront.net

csp.prod.ap.dynp.cloud1.vv1865.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.176.161.80 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-176-161-80.ap-northeast-1.compute.amazonaws.com

collect-ap-northeast-1.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 178.249.97.23 (United States)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.132 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.25.137.149 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-25-137-149.us-west-2.compute.amazonaws.com

col.eum-appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.178.84.216 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-178-84-216.ap-northeast-1.compute.amazonaws.com

visitor-service-ap-northeast-1.tealiumiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
15	tiqcdn.com tags.tiqcdn.com — Cisco Umbrella Rank: 1341 akamai.tiqcdn.com — Cisco Umbrella Rank: 12141	87 KB
15	hsbc.com.ph origin-www.hsbc.com.ph	459 KB
3	optimizely.com cdn.optimizely.com — Cisco Umbrella Rank: 1024 a19069622224.cdn.optimizely.com — Cisco Umbrella Rank: 114985 logx.optimizely.com — Cisco Umbrella Rank: 1766	89 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	216 B
2	tealiumiq.com collect-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 177548 visitor-service-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 170959	7 KB
2	vv1865.com csp.prod.ap.dynp.cloud1.vv1865.com — Cisco Umbrella Rank: 363635	833 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	79 KB
2	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 333 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	1 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	177 KB
1	eum-appdynamics.com col.eum-appdynamics.com — Cisco Umbrella Rank: 3737	796 B
1	google.com www.google.com — Cisco Umbrella Rank: 3
1	liveperson.net lptag.liveperson.net — Cisco Umbrella Rank: 4672	10 KB
1	doubleclick.net cm.g.doubleclick.net — Cisco Umbrella Rank: 284	409 B
1	appdynamics.com cdn.appdynamics.com — Cisco Umbrella Rank: 4206	15 KB
0	tiktok.com Failed analytics.tiktok.com Failed
50	15

	Domain	Requested by
15	origin-www.hsbc.com.ph	origin-www.hsbc.com.ph
14	tags.tiqcdn.com	origin-www.hsbc.com.ph tags.tiqcdn.com
2	www.facebook.com
2	csp.prod.ap.dynp.cloud1.vv1865.com	tags.tiqcdn.com
2	connect.facebook.net	tags.tiqcdn.com connect.facebook.net
2	www.googletagmanager.com	tags.tiqcdn.com www.googletagmanager.com
1	visitor-service-ap-northeast-1.tealiumiq.com	tags.tiqcdn.com
1	col.eum-appdynamics.com	origin-www.hsbc.com.ph
1	www.google.com	www.googletagmanager.com
1	lptag.liveperson.net	tags.tiqcdn.com
1	collect-ap-northeast-1.tealiumiq.com	origin-www.hsbc.com.ph
1	px4.ads.linkedin.com
1	px.ads.linkedin.com	1 redirects
1	cm.g.doubleclick.net
1	logx.optimizely.com	origin-www.hsbc.com.ph
1	cdn.appdynamics.com	origin-www.hsbc.com.ph
1	a19069622224.cdn.optimizely.com	cdn.optimizely.com
1	akamai.tiqcdn.com	origin-www.hsbc.com.ph
1	cdn.optimizely.com	tags.tiqcdn.com
0	analytics.tiktok.com Failed	tags.tiqcdn.com
50	20

This site contains links to these domains. Also see Links.

Domain
www.hsbc.com.ph
www.business.hsbc.com.ph
www.privatebanking.hsbc.com
www.services.online-banking.hsbc.com.ph
www.homeandaway.hsbc.com
www.about.hsbc.com.ph
www.fatca.hsbc.com
www.hsbcprivatebank.com
www.hsbc.com

Subject Issuer	Validity	Valid
www.hsbc.com.ph DigiCert EV RSA CA G2	`2024-03-08` - `2025-04-08`	a year	crt.sh
tags.tiqcdn.com Amazon RSA 2048 M02	`2024-03-19` - `2025-04-17`	a year	crt.sh
cdn.optimizely.com WE1	`2024-10-21` - `2025-01-19`	3 months	crt.sh
*.tiqcdn.com DigiCert TLS RSA SHA256 2020 CA1	`2024-11-05` - `2025-11-04`	a year	crt.sh
*.appdynamics.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-20` - `2025-07-21`	a year	crt.sh
logx.optimizely.com WR3	`2024-11-13` - `2025-02-11`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-22` - `2024-12-21`	3 months	crt.sh
csp.prod.ap.dynp.cloud1.vv1865.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-22` - `2025-09-22`	a year	crt.sh
*.tealiumiq.com Amazon RSA 2048 M02	`2024-06-21` - `2025-07-19`	a year	crt.sh
*.liveperson.net Sectigo RSA Organization Validation Secure Server CA	`2024-09-17` - `2025-09-17`	a year	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.eum-appdynamics.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-13` - `2025-07-14`	a year	crt.sh

This page contains 4 frames:

Primary Page: https://origin-www.hsbc.com.ph/
Frame ID: F82AF99EC6D5D837654AF107B7C0EB36
Requests: 48 HTTP requests in this frame

Frame: https://a19069622224.cdn.optimizely.com/client_storage/a19069622224.html
Frame ID: 4E325D758A61ADE5DCC99EC5AB3241CD
Requests: 1 HTTP requests in this frame

Frame: https://csp.prod.ap.dynp.cloud1.vv1865.com/
Frame ID: 4B127AC5F3B08EA84240E5D00D035EEF
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 4546D253AAFF61B1F172C50443D5C28B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/

AppDynamics (Analytics) Expand

Overall confidence: 100%
Detected patterns

adrum

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Optimizely (Analytics) Expand

Overall confidence: 100%
Detected patterns

optimizely\.com.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

50
Requests

96 %
HTTPS

26 %
IPv6

15
Domains

20
Subdomains

19
IPs

4
Countries

926 kB
Transfer

3353 kB
Size

11
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.hsbc.com.ph/privacy-statement/#cookie-policy
Title: Cookie PolicyCookie Policy for the details of the cookie and privacy policy at HSBC

Search URL Search Domain Scan URL

URL: https://www.business.hsbc.com.ph/en-gb
Title: Business

Search URL Search Domain Scan URL

URL: https://www.privatebanking.hsbc.com/
Title: Private Banking

Search URL Search Domain Scan URL

URL: https://www.services.online-banking.hsbc.com.ph/gpib
Title: Back to my accounts

Search URL Search Domain Scan URL

URL: https://www.services.online-banking.hsbc.com.ph/gpib/channel/?idv_cmd=idv.Logoff&nextPage=saasextention/resolveHomePage/PH/HBPH/PREMIER
Title: Log Out

Search URL Search Domain Scan URL

URL: https://www.homeandaway.hsbc.com/1/2/hna2/local/ph?WT.mc_id=ASPHA_2009PH_002
Title: home&Away programme

Search URL Search Domain Scan URL

URL: http://www.about.hsbc.com.ph/
Title: About HSBC Careers, media, investor and corporate information

Search URL Search Domain Scan URL

URL: https://www.fatca.hsbc.com/
Title: FATCA

Search URL Search Domain Scan URL

URL: https://www.hsbcprivatebank.com/en
Title: Private Banking

Search URL Search Domain Scan URL

URL: https://www.hsbc.com/
Title: HSBC Group

Search URL Search Domain Scan URL

URL: https://www.hsbc.com.ph/legal/cross-border-banking
Title: This website is designed for use in the Philippines

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 35

https://px.ads.linkedin.com/collect/?pid=3346012&conversionId=&fmt=gif&_rnd=0.22222526700808287 HTTP 302
https://px4.ads.linkedin.com/collect/?pid=3346012&conversionId=&fmt=gif&_rnd=0.22222526700808287&e_ipv6=AQIv-02RhIJnLAAAAZO_Rs4VFAm-4ngUilu4cVc3pk1uPmeRhjMyGx1h73pJaWEFXmqgCp5_dQ

50 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request / Show response
origin-www.hsbc.com.ph/ 101 KB
14 KB 3895ms
234ms Document
text/html 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

7543b21213cacf94281479f0c7786ef2a1e2d6c7d3e9ee6cef30d4cbd82fbf28

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' .hsbc.com.hk .mastercard.com.au .demdex.net .lpsnmedia.net .liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' .tiqcdn.com .tealiumiq.com .liveperson.net .googletagmanager.com .hsbc.co.uk .hsbc.com.hk .doubleclick.net .googleadservices.com .lpsnmedia.net .optimizely.com .facebook.net .google.com .gstatic.com .appdynamics.com .googleapis.com .ads-twitter.com .hsbc.ae .awswaf.com players.brightcove.net vjs.zencdn.net .callsign.com .g.doubleclick.net sy.v.liveperson.net connect.facebook.net googleads.g.doubleclick.net tags.tiqcdn.com .google-analytics.com ssl.google-analytics.com www.google.com cdn-assets-prod.s3.amazonaws.com; img-src data: ; connect-src 'self' .tiqcdn.com .tealiumiq.com .hsbc.com.hk .eum-appdynamics.com .optimizely.com wss://.liveperson.net .cloud.hsbc .googleapis.com .hsbc.ae .omtrdc.net .demdex.net .hsbc.co.om .awswaf.com players.brightcove.net edge.api.brightcove.com .brightcovecdn.com .callsign.com http://127.0.0.1:5000/* .hsbc.com.ph .googletagmanager.com .g.doubleclick.net .google.com.ph .google.com .google-analytics.com .analytics.google.com www.google.com .security.online-banking.hsbc.com.ph www.facebook.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: .lpsnmedia.net .optimizely.com .liveperson.net .google.com .doubleclick.net players.brightcove.net www.facebook.com connect.facebook.net bid.g.doubleclick.net; frame-ancestors 'self'; font-src 'self' data: .hsbc.com.hk .gstatic.com .avast.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' .hsbc.com.hk .googleapis.com players.brightcove.net; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: .brightcovecdn.com .boltdns.net .media.brightcove.com .llnw.net .llnwd.net .akafms.net .akamaihd.net .cf.brightcove.com *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control: no-cache, no-store, must-revalidate
Connection: Keep-Alive
Content-Encoding: gzip
Content-Length: 10643
Content-Security-Policy: default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.callsign.com *.g.doubleclick.net sy.v.liveperson.net connect.facebook.net googleads.g.doubleclick.net tags.tiqcdn.com *.google-analytics.com ssl.google-analytics.com www.google.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.callsign.com http://127.0.0.1:5000/* *.hsbc.com.ph *.googletagmanager.com *.g.doubleclick.net *.google.com.ph *.google.com *.google-analytics.com *.analytics.google.com www.google.com *.security.online-banking.hsbc.com.ph www.facebook.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net www.facebook.com connect.facebook.net bid.g.doubleclick.net; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Content-Type: text/html; charset=UTF-8
Cross-Origin-Opener-Policy: same-origin-allow-popups
Cross-Origin-Resource-Policy: same-site
Date: Fri, 13 Dec 2024 09:08:26 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive: timeout=5, max=91
Referrer-Policy: strict-origin-when-cross-origin
S: hkp1v-prod-tko-aempub
Strict-Transport-Security: max-age=16070400; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css
origin-www.hsbc.com.ph/etc/designs/dpws/ 841 KB
95 KB 230ms
228ms Stylesheet
text/css 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

efe373642c0dd4ff67f20a4163439a1fcc82e4ee21035485e0a8ef87b9ad00a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=100
Date: Fri, 13 Dec 2024 09:08:26 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:23 GMT
Vary: Accept-Encoding
Content-Type: text/css
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 2 KB
1 KB 54ms
11ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.sync.js
Requested by: Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cde1679db20793a5c1b7688f73819f0c7582326a552db735fbbc713cb343d647

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"3bc8470293ba9c001e92dea64b7ceb39"
x-amz-version-id: u_mxeBiDch27dt7IkGOaF.7juZo_hGQ3
age: 95
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: aZkh2uXUSTIiKSBtWz8RRo1VEbGdz70v5OI5_nk1dQZTBEqlgHFQKw==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js Show response
origin-www.hsbc.com.ph/etc/designs/hsbc/appd/ 37 KB
12 KB 588ms
197ms Script
application/x-javascript 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=99
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Sun, 08 Dec 2024 06:44:18 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Content-Length: 11811
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK hsbc-logo.svg
origin-www.hsbc.com.ph/content/dam/hsbc/ph/images/logos/ 5 KB
3 KB 626ms
209ms Image
image/svg+xml 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://origin-www.hsbc.com.ph/content/dam/hsbc/ph/images/logos/hsbc-logo.svg

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

392961169ed068757ca4ccfba64f9a1e5cfd0e5c2467039ec5f0315afcb4de50

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=98
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:23 GMT
Vary: Accept-Encoding
Content-Type: image/svg+xml
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=2592000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Content-Length: 1966
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-jquery.5ea5c4f95742f26a1d6b25eb830feb0c.js Show response
origin-www.hsbc.com.ph/etc/designs/dpws/ 111 KB
38 KB 662ms
219ms Script
application/x-javascript 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-jquery.5ea5c4f95742f26a1d6b25eb830feb0c.js

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

d5c2c8d7956e2af9082fe02f239bd97c426f12e7a867d1b4f1a405c124d26cea

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=97
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Sun, 08 Dec 2024 06:13:38 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Content-Length: 37902
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK v2_2_0.min.25e7676b14f56aa25050f77c6b594232.js Show response
origin-www.hsbc.com.ph/etc/designs/hsbc/cpi/clientlib-site/ 18 KB
6 KB 197ms
195ms Script
application/x-javascript 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/hsbc/cpi/clientlib-site/v2_2_0.min.25e7676b14f56aa25050f77c6b594232.js

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

912f4c51a8c69eb08640d401656cb0ee974d0feb6f69a05635326843530ca06f

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=96
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Mon, 09 Dec 2024 17:44:30 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Content-Length: 5504
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK v2_2_0.min.d391cf12edbe9cb0aa6a5cd650eb0567.js Show response
origin-www.hsbc.com.ph/etc/designs/hsbc/cpi-masthead/clientlib-site/ 15 KB
4 KB 240ms
209ms Script
application/x-javascript 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/hsbc/cpi-masthead/clientlib-site/v2_2_0.min.d391cf12edbe9cb0aa6a5cd650eb0567.js

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

2cea73b7c9b18c93be931fbf1fd5c6bf1c44a0d0e34c343446162725983a1939

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=95
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Sun, 08 Dec 2024 06:13:39 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Content-Length: 3090
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-all.min.72b73cbe882c7b5dbbe17fce78aaeff6.js Show response
origin-www.hsbc.com.ph/etc/designs/dpws/ 576 KB
145 KB 592ms
204ms Script
application/x-javascript 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-all.min.72b73cbe882c7b5dbbe17fce78aaeff6.js

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

48f364ef034cf0c9cf115d0a022682eae3745c67e098f13ed9b4167f184b05b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=96
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Sun, 08 Dec 2024 06:44:38 GMT
Vary: Accept-Encoding
Content-Type: application/x-javascript
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=31536000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
X-XSS-Protection: 1; mode=block

GET
H2 200 20354480610.js Show response
cdn.optimizely.com/js/ 285 KB
89 KB 48ms
18ms Script
text/javascript 2606:4700::6812:4139
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.optimizely.com/js/20354480610.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.sync.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4139 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 332eca8f9123785840a6052ecbda590a22dbddfdb05e5d70abb9ac8b243b2b73

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

access-control-max-age: 86400
access-control-expose-headers: x-amz-meta-revision
content-encoding: gzip
cf-cache-status: HIT
etag: "801874e48baa7066a893ddc118447e6b"
x-amz-version-id: 9EdZTmhmrZTU6Kr_FxZzEciofg0zQHNA
age: 410
access-control-allow-methods: GET, HEAD
date: Fri, 13 Dec 2024 09:08:27 GMT
x-amz-meta-revision: 83
content-type: text/javascript; charset=utf-8
last-modified: Tue, 04 Jun 2024 14:49:10 GMT
vary: Accept-Encoding
x-amz-id-2: C2y0cQ83isvsDhmeZvggHsAL26ANkWBMeNyoh0pLqh5EynArb0K9LjrlgvS+1ChAh1fgd40ex9c=
access-control-allow-headers: *
x-amz-replication-status: COMPLETED
cache-control: max-age=120
timing-allow-origin: *
x-amz-meta-pci_enabled: False
access-control-allow-credentials: false
x-amz-request-id: WK5T6H53V3G736CP
cf-ray: 8f14cf471c58d9d6-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 90274
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 148 KB
32 KB 11ms
11ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Requested by: Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: c93918f7402d06a3258114269b57e74e5f30b3dd844d0c217b0e9af7da0be4d8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=300
content-encoding: br
etag: W/"a962c3da845ca03ae5cf2e4420ae7382"
x-amz-version-id: TWR9ekaJN983zNVzQX4rJl8OHIbmZUR5
age: 96
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: RI9BK2leemHw_zF9eaENd5ggd-6DP9XjuFQhjaaW3soSLV6QZJvkOA==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:58 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H/1.1 200
OK UniversNextforHSBCW02-Rg.woff
origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/ 27 KB
27 KB 245ms
214ms Font
application/font-woff 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Rg.woff

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://origin-www.hsbc.com.ph
Referer: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Response headers

X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=94
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:23 GMT
Content-Type: application/font-woff
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=7776000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 27464
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK UniversNextforHSBCW02-Bd.woff
origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/ 26 KB
26 KB 361ms
204ms Font
application/font-woff 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Bd.woff

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://origin-www.hsbc.com.ph
Referer: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Response headers

X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=93
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:27 GMT
Content-Type: application/font-woff
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=7776000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 26328
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK HSBCIcon-Font-Extension.woff
origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/ 37 KB
38 KB 408ms
208ms Font
application/font-woff 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/HSBCIcon-Font-Extension.woff?ee39a20e77cff3aec879befe2cd1d29d

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://origin-www.hsbc.com.ph
Referer: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Response headers

X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=92
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:23 GMT
Content-Type: application/font-woff
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=7776000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 38384
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK UniversNextforHSBCW02-Lt.woff
origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/ 26 KB
26 KB 455ms
209ms Font
application/font-woff 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Lt.woff

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://origin-www.hsbc.com.ph
Referer: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Response headers

X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=91
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:23 GMT
Content-Type: application/font-woff
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=7776000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 26300
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK location.js Show response
akamai.tiqcdn.com/location/ 18 B
563 B 36ms
9ms XHR
application/x-javascript 23.45.104.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://akamai.tiqcdn.com/location/location.js
Requested by: Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.45.104.216 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-216.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

X-EdgeScape-Location: country_code=DE,region_code=HE,city=FRANKFURT,areacode=0,zip=0,bandwidth=5000
Cache-Control: max-age=1296000
Access-Control-Expose-Headers: X-EdgeScape-Location
ETag: "6c98be5fda77913799e8ef24b86a7abd:1525129759"
Connection: keep-alive
Expires: Sat, 28 Dec 2024 09:08:27 GMT
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 18
Date: Fri, 13 Dec 2024 09:08:27 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 30 Apr 2018 23:09:19 GMT
Server: AkamaiNetStorage

GET
H2 200 a19069622224.html
a19069622224.cdn.optimizely.com/client_storage/ Frame 4E32 0
0 56ms
28ms Document
text/html 2606:4700::6812:4239
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://a19069622224.cdn.optimizely.com/client_storage/a19069622224.html
Requested by: Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20354480610.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:4239 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Referer: https://origin-www.hsbc.com.ph/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 304
cache-control: max-age=120
cf-cache-status: HIT
cf-ray: 8f14cf47fff0bb97-FRA
content-encoding: gzip
content-length: 1207
content-type: text/html; charset=utf-8
date: Fri, 13 Dec 2024 09:08:27 GMT
etag: "743d20ed5092af1923de31caf9a13221"
last-modified: Fri, 13 Dec 2024 08:20:44 GMT
server: cloudflare
server-timing: cfCacheStatus;desc="HIT"
vary: Accept-Encoding
x-amz-id-2: GTuIjw2FAqdIA7Ag9yJeTzX9A+fC9cvY5vXd1/vPjipo4/0mwAPzCr7/gP3hd+kP/rcrbnav5Qc=
x-amz-meta-pci_enabled: False
x-amz-replication-status: COMPLETED
x-amz-request-id: HJF98V4YQXGCV8T3
x-amz-server-side-encryption: AES256
x-amz-version-id: 7aaj0BrvRYBHzdzt0.hUY4ZJcP3hc0bm

GET
H/1.1 200
OK HSBCIcon-Font.woff
origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/ 22 KB
23 KB 209ms
208ms Font
application/font-woff 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/common/fonts/HSBCIcon-Font.woff?ee39a20e77cff3aec879befe2cd1d29d

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://origin-www.hsbc.com.ph
Referer: https://origin-www.hsbc.com.ph/etc/designs/dpws/clientlib-default.min.91f7ec1e1f900424d14d513cd9754029.css

Response headers

X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=90
Date: Fri, 13 Dec 2024 09:08:27 GMT
Last-Modified: Fri, 13 Dec 2024 09:08:24 GMT
Content-Type: application/font-woff
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=7776000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Content-Length: 22532
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK authorize.auth.json Show response
origin-www.hsbc.com.ph/ 20 B
566 B 196ms
196ms XHR
application/json 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/authorize.auth.json?q&_=1734080907486

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://origin-www.hsbc.com.ph/
X-Requested-With: XMLHttpRequest
ADRUM: isAjax:true
Accept: */*
Content-Type: json
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=16070400; includeSubDomains
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
Accept-Ranges: bytes
Content-Length: 20
Keep-Alive: timeout=5, max=95
Date: Fri, 13 Dec 2024 09:08:28 GMT
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 15 Nov 2024 16:29:59 GMT
Vary: Cookie
Content-Type: application/json

GET
H2 200 adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js Show response
cdn.appdynamics.com/ 45 KB
15 KB 39ms
9ms Script
text/javascript 18.245.60.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.appdynamics.com/adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.60.89 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-60-89.fra60.r.cloudfront.net

Software

AmazonS3 /

Resource Hash

7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

strict-transport-security: max-age=31536000
cache-control: public, max-age=31536000, immutable
content-encoding: gzip
etag: W/"989cc223341935e903706cd798e666c7"
age: 5939
cross-origin-resource-policy: cross-origin
via: 1.1 7dbea139a5c4f501bc4b0e9d19a50c9a.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: BQLH5ZQ_FU_cHUd_fljrQuShggllexfZ0cHvaL9szmHNe3EzseEbIw==
date: Fri, 13 Dec 2024 07:29:30 GMT
content-type: text/javascript
last-modified: Thu, 15 Sep 2016 22:05:47 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
vary: accept-encoding, Origin

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
432 B 8ms
7ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/ph-rbwm/202410081708&cb=1734080908619
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

x-amz-version-id: 2XUX04X5QEw0.xFya64khU._sHTRl_Pz
etag: "7bc0ee636b3b83484fc3b9348863bd22"
age: 195
x-cache: Hit from cloudfront
x-amz-cf-id: kLphc1_TjfK1oXhCn7dYguC_VSTDMMzNlzOZJKnGpSoe8et-xUP8hQ==
date: Fri, 13 Dec 2024 09:05:14 GMT
content-type: application/javascript
vary: accept-encoding
last-modified: Sat, 11 Mar 2023 06:57:46 GMT
cache-control: max-age=300
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
accept-ranges: bytes
content-length: 2
x-amz-cf-pop: FRA60-P8
server: AmazonS3
x-amz-server-side-encryption: AES256

GET
H2 200 utag.482.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 9 KB
3 KB 12ms
10ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.482.js?utv=ut4.47.202206282039
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e8fd7e6407224f778f2f65b29f97fa41e1445912ba17a964e1b951c1cf235ac

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"2a596d09e3360f21873aca2687fbcf17"
x-amz-version-id: VatM_RFsBAZfCu7smI1tNQHuc5kJmIHR
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: Imxz4lC2PDD05rH6jCBGcuyLVScvSN9vwLV_A2OcxckW2U5yLJ8LDA==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.553.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 4 KB
2 KB 14ms
12ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.553.js?utv=ut4.47.202201211517
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 03c557d2f6410bf4a64d57e4cb052e1104c5f1eab827d39e2f66c161c8554d02

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"0b168e410b4b7a0e31df74ce1913a810"
x-amz-version-id: 7gnsQhCb0du4Gbk2dAKuiKn3MJcpkdCy
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: WxfIsUK3fo4f2JZ4sDsbfGsh1K6LvaazNr5A7wapcS87yUKHLg6RKA==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.489.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 23 KB
8 KB 15ms
13ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.489.js?utv=ut4.47.202402071143
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d94687db22aef3d107459ba2dff0c310ca78045e0a0e21b12c5ea83d164262e2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"986c64e7cec40acce273c0df1ca4e91e"
x-amz-version-id: JcQfgWcRjZDwwTowUpivJiNoTtjF.6t8
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: oNiagMXYijOnCDWp0NfyU2gwp_DfmBWaKLRAz9fI32WzrGkymgEsGw==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.175.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 9 KB
4 KB 15ms
14ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.175.js?utv=ut4.47.202209131614
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 908ba257ee8fe27411d8d3d9512a3a8eb03ee2720a72778b3ba90c5a6c1e8dc8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"a5f6735647ea602d516043bab78ca41f"
x-amz-version-id: 8LRyQiYpRfTHA.BBIf1ZdIm3Jqe4g2Et
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: ASL1dJBXavZTtJL54oBXy-YMt1T1-ms1liw6dTAG0tPtrO3AnkDtpw==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:57 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.454.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 2 KB
2 KB 18ms
17ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.454.js?utv=ut4.47.202109020833
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: d82b7a75fe3005d690e2bb63ae5f0dadd53e2d087669d93f2a61420d5c739354

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"8e1d827be806e6ba508e3693f40b9125"
x-amz-version-id: Bcbn3A9etaSycoITzpo9n26P2Kaf7b3Q
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: fhALvB1qncVbTA6yJua0s3_E2k_SjhLRFef2pueVVBvJulm4LeQPMw==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:45 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.568.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 5 KB
2 KB 19ms
18ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.568.js?utv=ut4.47.202402071143
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 20d38d62fed0c509b52ee6186cb46931836ca6649527b969708a83303878c901

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"43d101815a5140e658f3b8661d1b8d45"
x-amz-version-id: ke2le1yEyHWiNm29QqEDEh1s4HIplc._
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: nje5d0Lb8XvFnUZ4P8Gh36mWyQIZpZIDa23pRAcdkXaV8I6H-tS_Ng==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:43 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.610.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 14 KB
5 KB 21ms
21ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.610.js?utv=ut4.47.202208191621
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 572bbbe0857797a60ccc84e19dc9cd5d783393a359bdd63b19fa941a1c20cf3c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"c035c8fa9485081baa5f2467518d77e4"
x-amz-version-id: TXjy9NNwbzt8zLkDRQ6w3WLXaCyDnYY3
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: LWreMGdqd-tiBVdinHs4TGE_a5i_mH1rjvJL8a0S0r7WBhZ9as0wVw==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:44 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.637.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 10 KB
4 KB 18ms
18ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.637.js?utv=ut4.47.202206282039
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: aa815892b30ec8e32f0d665c39cbe6b96799906b356a65007ee7f25023f5e35d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"26b8a5c0fb5afd2015c633b465f42804"
x-amz-version-id: WsyxZ6.2YbBZ6yCc4Ovo0k3TiU8rIPPO
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: 27OoayDQn_lpcdTIs5lhPhSjGLZ_iaVqsYAX4ZxfcSqOunmEE6MHYA==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:46 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.668.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 47 KB
13 KB 18ms
17ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.668.js?utv=ut4.47.202402071143
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f7f61bd802fa3fc03169034d4ddc6bd3ab3aef2cb358296743fcdbb82f3e4c89

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"3377ab2dc15eaf2fbf4a31f9124c049e"
x-amz-version-id: k_7ye4bgjIrBpBodthmpxHIgcLy41iGA
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: YZ_ErJwiNH99OQkrxAZYWP8ndNnbXlFE0Fd8fYAm_6umCU18fzNrpA==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:55 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.798.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 11 KB
3 KB 17ms
17ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.798.js?utv=ut4.47.202410081708
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0c12aa3dd77cbd6d48ca44917576f996fd44ff71e168ab56ef227a9c7c2376b6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"8a0d06db461cb1fe0ebeec110a6de9c0"
x-amz-version-id: CgW4RX55e7B6dmx8ulOJ6EapHHn.q9Ga
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: qgqkPrrdoUsuZYo-A7W_qmWZL6VL3VgIOmZGGWHMeNZS9L84mpPVzQ==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:54 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

GET
H2 200 utag.805.js Show response
tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/ 16 KB
6 KB 22ms
21ms Script
application/javascript 2600:9000:2761:f400:7:2bfb:7c00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.805.js?utv=ut4.47.202404221600
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2761:f400:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 803e10db3fbc3b24d5e5a0d4d434cbf482a282d4df5d583b1637b1eb9ee15a98

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

vary: accept-encoding
cache-control: max-age=1296000
content-encoding: br
etag: W/"7b27320f1f08c7f69b521239ce18c62c"
x-amz-version-id: 5qtLBIrR7jG449Kml87FdjkkLePP_kms
age: 97
via: 1.1 7011da69940360ddebc87f61490ffecc.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: PEBumyxuz2KwiX3aWlIcnJkB_yR6OIh3C1JsctcrU0q28gx0Rezu5A==
date: Fri, 13 Dec 2024 09:06:52 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 17:10:56 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P8
x-amz-server-side-encryption: AES256

POST
H2 204 events Show response
logx.optimizely.com/v1/ 0
391 B 221ms
116ms XHR
text/plain 34.49.241.189
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://logx.optimizely.com/v1/events
Requested by: Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 189.241.49.34.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://origin-www.hsbc.com.ph/

Response headers

x-request-id: d2ff70c9-4ff9-43a4-b11b-8744f3a2c388
access-control-expose-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
timing-allow-origin: *
access-control-allow-credentials: true
access-control-allow-methods: POST,OPTIONS
via: 1.1 google
access-control-allow-origin: https://origin-www.hsbc.com.ph
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: text/plain
access-control-allow-headers: X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict

GET
H/1.1 200
OK favicon.ico
origin-www.hsbc.com.ph/etc/designs/dpws/common/favicons/ 15 KB
2 KB 201ms
199ms Other
image/x-icon 203.112.93.20
HSBC-HK-AS HSBC H...

General

Check archive.org

Show headers Download Go to

Full URL

https://origin-www.hsbc.com.ph/etc/designs/dpws/common/favicons/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

203.112.93.20 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),

Reverse DNS

Software

Resource Hash

6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b

Security Headers

Name	Value
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

Content-Encoding: gzip
X-Content-Type-Options: nosniff
Keep-Alive: timeout=5, max=94
Date: Fri, 13 Dec 2024 09:08:28 GMT
Last-Modified: Sun, 08 Dec 2024 09:08:59 GMT
Vary: Accept-Encoding
Content-Type: image/x-icon
Strict-Transport-Security: max-age=16070400; includeSubDomains
Cache-Control: max-age=7776000
Cross-Origin-Opener-Policy: same-origin-allow-popups
S: hkp1v-prod-tko-aempub
Cross-Origin-Resource-Policy: same-site
Connection: Keep-Alive
Referrer-Policy: strict-origin-when-cross-origin
Accept-Ranges: bytes
Content-Length: 1072
X-XSS-Protection: 1; mode=block

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
83 KB 121ms
35ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-8726068

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.482.js?utv=ut4.47.202206282039

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

999a4898bf17cf4670fec86d0be2416519ad659f32b8383eb76b8c6d8493b510

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 09:08:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 83819
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 pixel
cm.g.doubleclick.net/ 170 B
409 B 117ms
26ms Image
image/png 142.250.185.98
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=0193bf46c889002258cd47d62c7005065001f05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ph

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.98 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f2.1e100.net

Software

HTTP server (unknown) /

Resource Hash

0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

cache-control: no-cache, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 170
date: Fri, 13 Dec 2024 09:08:28 GMT
x-xss-protection: 0
content-type: image/png
server: HTTP server (unknown)

GET
H2

200

/
px4.ads.linkedin.com/collect/
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=3346012&conversionId=&fmt=gif&_rnd=0.22222526700808287
https://px4.ads.linkedin.com/collect/?pid=3346012&conversionId=&fmt=gif&_rnd=0.22222526700808287&e_ipv6=AQIv-02RhIJnLAAAAZO_Rs4VFAm-4ngUilu4cVc3pk1uPmeRhjMyGx1h73pJaWEFXmqgCp5_dQ

43 B
349 B

144ms
112ms

Image
image/gif

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect/?pid=3346012&conversionId=&fmt=gif&_rnd=0.22222526700808287&e_ipv6=AQIv-02RhIJnLAAAAZO_Rs4VFAm-4ngUilu4cVc3pk1uPmeRhjMyGx1h73pJaWEFXmqgCp5_dQ
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
content-encoding: gzip
x-msedge-ref: Ref A: AFBD126FA2A94A73A956F8DEB2DEAE44 Ref B: FRAEDGE1212 Ref C: 2024-12-13T09:08:28Z
x-li-fabric: prod-lva1
x-li-uuid: AAYpIyyXWATx6rpivScODA==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 65
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: image/gif
vary: Accept-Encoding

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-lva1-x
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
location: https://px4.ads.linkedin.com/collect/?pid=3346012&conversionId=&fmt=gif&_rnd=0.22222526700808287&e_ipv6=AQIv-02RhIJnLAAAAZO_Rs4VFAm-4ngUilu4cVc3pk1uPmeRhjMyGx1h73pJaWEFXmqgCp5_dQ
x-msedge-ref: Ref A: CF660AC677A74A32A34AB4A0A14DEC2C Ref B: DUS30EDGE0713 Ref C: 2024-12-13T09:08:28Z
x-li-fabric: prod-lva1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-uuid: AAYpIyyU39fJ7wMp3wJJbQ==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Fri, 13 Dec 2024 09:08:28 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 62ms
9ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.489.js?utv=ut4.47.202402071143

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-1MDZ5gGY' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-1MDZ5gGY' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=23, mss=1232, tbw=4615, tp=11, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: SeE6+kAbB0iUGUXX3xRvx75IhB9lSpOfYIqbqRIW3vlVN9qQqD8dYOWSYjbVjBQaWf3eXpq1gLtKxGF9HNJW/g==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
content-length: 62212
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 204 /
csp.prod.ap.dynp.cloud1.vv1865.com/ 0
410 B 691ms
618ms Other
text/plain 18.66.122.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.prod.ap.dynp.cloud1.vv1865.com/
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.805.js?utv=ut4.47.202404221600
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-49.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/csp-report
Referer: https://origin-www.hsbc.com.ph/

Response headers

x-amz-apigw-id: CuPuIHm_nUYEWXw=
x-amzn-trace-id: Root=1-675bf98d-2d7978f12aedfc3a1fb99ea8;Parent=756b68d7665d007c;Sampled=0;Lineage=1:4a10ca3a:0
x-amzn-requestid: 3e350456-ae42-42cb-a69d-3fdd4961feee
via: 1.1 0afa2d721972ae312ad1dd54e47c43ca.cloudfront.net (CloudFront), 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-id: 6vwf3qQvwSfEfLgxys7n66XOq10ztQYnEZdSowV-YBAEy4XQtTmsGA==
date: Fri, 13 Dec 2024 09:08:29 GMT
x-amz-cf-pop: FRA56-P5, FRA60-P2

GET events.js
analytics.tiktok.com/i18n/pixel/ 0
0

POST
H2 200 i.gif Show response
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-ph/2/ 43 B
790 B 1041ms
503ms XHR
image/gif 18.176.161.80
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-ph/2/i.gif
Requested by: Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.176.161.80 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-18-176-161-80.ap-northeast-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryGAZStQ3utTZbwjDY
Referer: https://origin-www.hsbc.com.ph/

Response headers

access-control-expose-headers: X-Region
expires: Fri, 13 Dec 2024 09:08:29 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-serverid: uconnect_uconnect-fd689526-1cb8-400f-8088-2d883a15ef7c
date: Fri, 13 Dec 2024 09:08:29 GMT
content-type: image/gif
vary: Origin
x-uuid: fb732346-7b51-4fbd-95a5-7ded285b7dbd
cache-control: no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
pragma: no-cache
access-control-allow-credentials: true
x-tid: 0193bf46c889002258cd47d62c7005065001f05d00b08
access-control-allow-origin: https://origin-www.hsbc.com.ph
content-length: 43
x-acc: hsbc:wpb-stream-ph:2:datacloud
x-ulver: 4b30025fa6cbac02f5af484a88badb85ba805cc0-SNAPSHOT
x-did: 0193bf46c889002258cd47d62c7005065001f05d00b08
x-region: ap-northeast-1

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 27 KB
10 KB 120ms
34ms Script
application/javascript 178.249.97.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL

https://lptag.liveperson.net/tag/tag.js?site=70542925

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.610.js?utv=ut4.47.202208191621

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),

Reverse DNS

Software

ws /

Resource Hash

2823fbfa7b9256867e21af1ecbfbb98583c8ef0e0b495f6f01d862ef58e3d93d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
content-encoding: gzip
etag: "6657cfc2-253d"
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, PATCH
x-content-type-options: nosniff
content-length: 9533
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: application/javascript
last-modified: Thu, 30 May 2024 01:00:50 GMT
server: ws
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H3 200 293463111214913 Show response
connect.facebook.net/signals/config/ 86 KB
18 KB 75ms
75ms Script
application/x-javascript 157.240.253.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/293463111214913?v=2.9.178&r=stable&domain=origin-www.hsbc.com.ph&hme=28abfdc7e582ae2a8fdd6ac5ebb406923cf601dc2ee488049b0628e75e0f6b36&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra5.fbcdn.net

Software

Resource Hash

073aeac7abb1fe2321e2f9b8b79fa4c5158fb014fbfc30703d781df1479a5b3c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src 'nonce-zjLHKX2m' .fbcdn.net .facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-zjLHKX2m' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=7, rtx=0, c=71, mss=1232, tbw=71394, tp=70, tpl=0, uplat=64, ullat=0
pragma: public
x-fb-debug: voedl8WS+I/Ga7xiwUq8gQm7nF9pElGLL7bIIUYNWx7AUqpP0kTXAiAgkI8fQxvddTRSqNmdKU/xzIyNARwFvA==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 271 KB
95 KB 63ms
60ms Script
application/javascript 2a00:1450:4001:82f::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8726068

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bfee5ecca3b05ded887bc50aca320a1504839c404bac82e04347309c52725db3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Fri, 13 Dec 2024 09:08:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Fri, 13 Dec 2024 09:08:28 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 96804
x-xss-protection: 0
server: Google Tag Manager

POST
H3 200 collect
www.google.com/ccm/ 0
0 60ms
22ms Ping
text/plain 142.250.186.132
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Forigin-www.hsbc.com.ph%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=1957984234.1734080909&auid=1699107648.1734080909&navt=n&npa=1&gtm=45fe4cb0v9190284431za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734080908889&tfd=6055&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8726068
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.186.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s07-in-f4.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

GET
H3 200 /
www.facebook.com/tr/ 0
18 B 47ms
16ms Image
text/plain 157.240.253.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=293463111214913&ev=PageView&dl=https%3A%2F%2Forigin-www.hsbc.com.ph&rl=&if=false&ts=1734080908950&sw=1600&sh=1200&ud[external_id]=b0c4a286dd011ce5257c1a121d04efdcc80beeefcddb21e27cb2fc6c54101d6e&v=2.9.178&r=stable&a=tmtealium&ec=0&o=12316&fbp=fb.2.1734080908935.305052450788674270&pm=1&hrl=4247fb&ler=empty&cdl=API_unavailable&it=1734080908785&coo=false&eid=529071b4d77706b11ca7861a421700d7&tm=1&cs_cc=1&cas=25399813182998842%2C7369958926450960%2C8943441135673408%2C5416124538507905%2C5425984360755485%2C5343740079017692%2C3190195324397956%2C2861781333897453%2C2657033011091297%2C2413762652047488&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=0, c=23, mss=1232, tbw=4532, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Fri, 13 Dec 2024 09:08:29 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
198 B 216ms
187ms Image
image/png 157.240.253.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=293463111214913&ev=PageView&dl=https%3A%2F%2Forigin-www.hsbc.com.ph&rl=&if=false&ts=1734080908950&sw=1600&sh=1200&ud[external_id]=b0c4a286dd011ce5257c1a121d04efdcc80beeefcddb21e27cb2fc6c54101d6e&v=2.9.178&r=stable&a=tmtealium&ec=0&o=12316&fbp=fb.2.1734080908935.305052450788674270&pm=1&hrl=4247fb&ler=empty&cdl=API_unavailable&it=1734080908785&coo=false&eid=529071b4d77706b11ca7861a421700d7&tm=1&cs_cc=1&cas=25399813182998842%2C7369958926450960%2C8943441135673408%2C5416124538507905%2C5425984360755485%2C5343740079017692%2C3190195324397956%2C2861781333897453%2C2657033011091297%2C2413762652047488&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com https://paywithmybank.com/ https://.paywithmybank.com/;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7447820793809879594"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3971df51e16dac9d","source_keys":["1"]}],"aggregatable_values":{"1":10922},"aggregatable_source_registration_time":"exclude","filters":{"3":["24074267692216555"]},"debug_reporting":true,"debug_key":"2665917690733188053"}
date: Fri, 13 Dec 2024 09:08:29 GMT
content-type: image/png
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7447820793809879594", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-debug: bpR8aTpfeCWvPmXDGaP5Py1Mm0AEs9f993NPqzciRsDUmX6f22psG+zVKlduztwQ8wZ1Vlr3JKJDU+VAMZCuew==
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=23, mss=1232, tbw=4900, tp=13, tpl=0, uplat=174, ullat=0
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 500 /
csp.prod.ap.dynp.cloud1.vv1865.com/ Frame 4B12 0
423 B 614ms
612ms Other
application/json 18.66.122.49
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://csp.prod.ap.dynp.cloud1.vv1865.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.66.122.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-66-122-49.fra60.r.cloudfront.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/csp-report
Referer

Response headers

x-amz-apigw-id: CuPuMFgrnUYEWtw=
x-amzn-trace-id: Root=1-675bf98d-55a5f7ff123a3c2870d2796d;Parent=2ca16b1b230dae62;Sampled=0;Lineage=1:4a10ca3a:0
x-amzn-requestid: 2846a945-39f3-4dae-8512-263293f8eab8
via: 1.1 f7d063966b06905209f8790f5fd607e2.cloudfront.net (CloudFront), 1.1 7a17e7bab97826b103c75b700dd638e2.cloudfront.net (CloudFront)
x-cache: Error from cloudfront
content-length: 0
x-amz-cf-id: JwFH7j7iDIBS7IkmgiwDK9hY_-66oeh51sAfVoT9rsYJcijmim8YyA==
date: Fri, 13 Dec 2024 09:08:29 GMT
content-type: application/json
x-amz-cf-pop: FRA56-P5, FRA60-P2

GET
DATA 200
OK truncated
/ Frame 4546 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 4546 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/png

POST
H2 200 adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAD-DCB/ 0
796 B 562ms
193ms XHR
text/html 52.25.137.149
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAD-DCB/adrum

Requested by

Host: origin-www.hsbc.com.ph
URL: https://origin-www.hsbc.com.ph/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.25.137.149 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-25-137-149.us-west-2.compute.amazonaws.com

Software

envoy /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536010; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type: text/plain
Referer: https://origin-www.hsbc.com.ph/

Response headers

strict-transport-security: max-age=31536010; includeSubDomains
cache-control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
pragma: no-cache
x-envoy-upstream-service-time: 0
x-content-type-options: nosniff
expires: 0
access-control-allow-origin: *
date: Fri, 13 Dec 2024 09:08:30 GMT
content-type: text/html
vary: *
server: envoy
access-control-allow-headers: origin, content-type, accept

GET
H2 200 0193bf46c889002258cd47d62c7005065001f05d00b08 Show response
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-ph/ 6 KB
6 KB 766ms
248ms Script
application/javascript 54.178.84.216
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-ph/0193bf46c889002258cd47d62c7005065001f05d00b08?callback=utag.ut%5B%22writevawpb-stream-ph%22%5D&rnd=1734080909758

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.178.84.216 Tokyo, Japan, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-178-84-216.ap-northeast-1.compute.amazonaws.com

Software

Resource Hash

086bd6ede0301cc2db51b3a878e280238ff7fa3b2536c55d6363324f7002b631

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubdomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://origin-www.hsbc.com.ph/

Response headers

x-nodeid: i-0b73c4c59383d9be0
strict-transport-security: max-age=31536000; includeSubdomains
x-version: 05a492a604fee02b4d1b841d31d859f9e2d887d7-SNAPSHOT
content-length: 5693
date: Fri, 13 Dec 2024 09:08:30 GMT
content-type: application/javascript; charset=utf-8
x-region: ap-northeast-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9J3RTBC77U7AD8VQB10&lib=ttq

Verdicts & Comments Add Verdict or Comment

73 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
origin-www.hsbc.com.ph/	1970-01-21 01:41:20	Name: SameSite Value: None
origin-www.hsbc.com.ph/	1969-12-31 23:59:59	Name: MNP-Coexistence-TPDP Value: !5L5qrdCVnXoU6bDsh8AhZV4lfQQl/x/ka/2YiNmVgZ1UyCwLmua80erzuOsUUpLJ7qA1W0eItC5i9g==
origin-www.hsbc.com.ph/	1969-12-31 23:59:59	Name: TS01f477b4 Value: 01f5f4db8c78bbc8e4ac0d0f3aa93faaee7afcc5bc16887b051aef1d082bb8d85d525104896d5fc76813e06e06264a3017135a35bb
.hsbc.com.ph/	1970-01-21 06:00:32	Name: optimizelyEndUserId Value: oeu1734080907453r0.48762114663801714
.linkedin.com/	1970-01-21 10:26:56	Name: bcookie Value: "v=2&24662867-12b3-492d-8016-2ecfd702986f"
.linkedin.com/	1970-01-21 06:00:32	Name: li_gc Value: MTswOzE3MzQwODA5MDg7MjswMjF1DcRnLkEa+kH/6kZcNkxalpdS8XBxjQJpxfYQH+uXFA==
.linkedin.com/	1970-01-21 01:42:47	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=3119:u=1:x=1:i=1734080908:t=1734167308:v=2:sig=AQHvUQolQLA7EtS2AYN5iTY7opvuGYJQ"
.hsbc.com.ph/	1970-01-21 03:50:56	Name: _gcl_au Value: 1.1.1699107648.1734080909
.hsbc.com.ph/	1970-01-21 03:50:56	Name: _fbp Value: fb.2.1734080908935.305052450788674270
.tealiumiq.com/	1970-01-21 10:26:56	Name: TAPID Value: hsbc/wpb-stream-ph>0193bf46c889002258cd47d62c7005065001f05d00b08\|
.hsbc.com.ph/	1970-01-21 10:26:56	Name: utag_main Value: v_id:0193bf46c889002258cd47d62c7005065001f05d00b08$_sn:1$_se:1$_ss:1$_st:1734082707402$ses_id:1734080907402%3Bexp-session$_pn:1%3Bexp-session$sskey:undefined%3Bexp-1736672908595$dcsyncran:1%3Bexp-session$dc_group:40$_prevpage:404%3Ahttps%3A%2F%2Forigin-www.hsbc.com.ph%2F%3Bexp-session$dc_visit:1$dc_event:1%3Bexp-session$dc_region:ap-northeast-1%3Bexp-session

13 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://origin-www.hsbc.com.ph/ Message: Failed to load resource: the server responded with a status of 404 (Not Found)
security	error	URL: https://tags.tiqcdn.com/utag/hsbc/ph-rbwm/prod/utag.805.js?utv=ut4.47.202404221600(Line 30) Message: Refused to load the script 'https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=C9J3RTBC77U7AD8VQB10&lib=ttq' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' .tiqcdn.com .tealiumiq.com .liveperson.net .googletagmanager.com .hsbc.co.uk .hsbc.com.hk .doubleclick.net .googleadservices.com .lpsnmedia.net .optimizely.com .facebook.net .google.com .gstatic.com .appdynamics.com .googleapis.com .ads-twitter.com .hsbc.ae .awswaf.com players.brightcove.net vjs.zencdn.net .callsign.com .g.doubleclick.net sy.v.liveperson.net connect.facebook.net googleads.g.doubleclick.net tags.tiqcdn.com *.google-analytics.com ssl.google-analytics.com www.google.com cdn-assets-prod.s3.amazonaws.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' blob: .lpsnmedia.net .optimizely.com .liveperson.net .google.com *.doubleclick.net players.brightcove.net www.facebook.com connect.facebook.net bid.g.doubleclick.net".
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
network	error	URL: https://csp.prod.ap.dynp.cloud1.vv1865.com/ Message: Failed to load resource: the server responded with a status of 500 ()
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security	warning	URL: https://www.googletagmanager.com/gtag/js?id=AW-993049096&l=dataLayer&cx=c&gtm=45fe4cb0v9190284431za200(Line 436) Message: Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' .hsbc.com.hk .mastercard.com.au .demdex.net .lpsnmedia.net .liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' .tiqcdn.com .tealiumiq.com .liveperson.net .googletagmanager.com .hsbc.co.uk .hsbc.com.hk .doubleclick.net .googleadservices.com .lpsnmedia.net .optimizely.com .facebook.net .google.com .gstatic.com .appdynamics.com .googleapis.com .ads-twitter.com .hsbc.ae .awswaf.com players.brightcove.net vjs.zencdn.net .callsign.com .g.doubleclick.net sy.v.liveperson.net connect.facebook.net googleads.g.doubleclick.net tags.tiqcdn.com .google-analytics.com ssl.google-analytics.com www.google.com cdn-assets-prod.s3.amazonaws.com; img-src data: ; connect-src 'self' .tiqcdn.com .tealiumiq.com .hsbc.com.hk .eum-appdynamics.com .optimizely.com wss://.liveperson.net .cloud.hsbc .googleapis.com .hsbc.ae .omtrdc.net .demdex.net .hsbc.co.om .awswaf.com players.brightcove.net edge.api.brightcove.com .brightcovecdn.com .callsign.com http://127.0.0.1:5000/* .hsbc.com.ph .googletagmanager.com .g.doubleclick.net .google.com.ph .google.com .google-analytics.com .analytics.google.com www.google.com .security.online-banking.hsbc.com.ph www.facebook.com cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: .lpsnmedia.net .optimizely.com .liveperson.net .google.com .doubleclick.net players.brightcove.net www.facebook.com connect.facebook.net bid.g.doubleclick.net; frame-ancestors 'self'; font-src 'self' data: .hsbc.com.hk .gstatic.com .avast.com themes.googleusercontent.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' .hsbc.com.hk .googleapis.com players.brightcove.net; object-src 'self' blob:; child-src 'self'; media-src 'self' blob: .brightcovecdn.com .boltdns.net .media.brightcove.com .llnw.net .llnwd.net .akafms.net .akamaihd.net .cf.brightcove.com *.lpsnmedia.net; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Strict-Transport-Security	max-age=16070400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a19069622224.cdn.optimizely.com
akamai.tiqcdn.com
analytics.tiktok.com
cdn.appdynamics.com
cdn.optimizely.com
cm.g.doubleclick.net
col.eum-appdynamics.com
collect-ap-northeast-1.tealiumiq.com
connect.facebook.net
csp.prod.ap.dynp.cloud1.vv1865.com
logx.optimizely.com
lptag.liveperson.net
origin-www.hsbc.com.ph
px.ads.linkedin.com
px4.ads.linkedin.com
tags.tiqcdn.com
visitor-service-ap-northeast-1.tealiumiq.com
www.facebook.com
www.google.com
www.googletagmanager.com
analytics.tiktok.com
13.107.42.14
142.250.185.98
142.250.186.132
157.240.253.1
157.240.253.35
178.249.97.23
18.176.161.80
18.245.60.89
18.66.122.49
203.112.93.20
23.45.104.216
2600:9000:2761:f400:7:2bfb:7c00:93a1
2606:4700::6812:4139
2606:4700::6812:4239
2620:1ec:21::14
2a00:1450:4001:82f::2008
34.49.241.189
52.25.137.149
54.178.84.216
03c557d2f6410bf4a64d57e4cb052e1104c5f1eab827d39e2f66c161c8554d02
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
073aeac7abb1fe2321e2f9b8b79fa4c5158fb014fbfc30703d781df1479a5b3c
086bd6ede0301cc2db51b3a878e280238ff7fa3b2536c55d6363324f7002b631
0b8a20373c6dd04e091902226d922b3688143a8938afb9d283d889de7b55ceb5
0c12aa3dd77cbd6d48ca44917576f996fd44ff71e168ab56ef227a9c7c2376b6
0e8fd7e6407224f778f2f65b29f97fa41e1445912ba17a964e1b951c1cf235ac
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
20d38d62fed0c509b52ee6186cb46931836ca6649527b969708a83303878c901
2823fbfa7b9256867e21af1ecbfbb98583c8ef0e0b495f6f01d862ef58e3d93d
2cea73b7c9b18c93be931fbf1fd5c6bf1c44a0d0e34c343446162725983a1939
332eca8f9123785840a6052ecbda590a22dbddfdb05e5d70abb9ac8b243b2b73
392961169ed068757ca4ccfba64f9a1e5cfd0e5c2467039ec5f0315afcb4de50
48f364ef034cf0c9cf115d0a022682eae3745c67e098f13ed9b4167f184b05b1
572bbbe0857797a60ccc84e19dc9cd5d783393a359bdd63b19fa941a1c20cf3c
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6
7543b21213cacf94281479f0c7786ef2a1e2d6c7d3e9ee6cef30d4cbd82fbf28
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
803e10db3fbc3b24d5e5a0d4d434cbf482a282d4df5d583b1637b1eb9ee15a98
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
908ba257ee8fe27411d8d3d9512a3a8eb03ee2720a72778b3ba90c5a6c1e8dc8
912f4c51a8c69eb08640d401656cb0ee974d0feb6f69a05635326843530ca06f
999a4898bf17cf4670fec86d0be2416519ad659f32b8383eb76b8c6d8493b510
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aa815892b30ec8e32f0d665c39cbe6b96799906b356a65007ee7f25023f5e35d
bfee5ecca3b05ded887bc50aca320a1504839c404bac82e04347309c52725db3
c4eb49795f7a703429e7012cec0a556e6faf6f551f07cd337f66c5a1ec3a5847
c93918f7402d06a3258114269b57e74e5f30b3dd844d0c217b0e9af7da0be4d8
cde1679db20793a5c1b7688f73819f0c7582326a552db735fbbc713cb343d647
d5c2c8d7956e2af9082fe02f239bd97c426f12e7a867d1b4f1a405c124d26cea
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
d82b7a75fe3005d690e2bb63ae5f0dadd53e2d087669d93f2a61420d5c739354
d94687db22aef3d107459ba2dff0c310ca78045e0a0e21b12c5ea83d164262e2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4
efe373642c0dd4ff67f20a4163439a1fcc82e4ee21035485e0a8ef87b9ad00a7
f7f61bd802fa3fc03169034d4ddc6bd3ab3aef2cb358296743fcdbb82f3e4c89

origin-www.hsbc.com.ph Open in urlscan Pro 203.112.93.20 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

96 %HTTPS

26 %IPv6

15 Domains

20 Subdomains

19 IPs

4 Countries

926 kBTransfer

3353 kBSize

11 Cookies

11 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

origin-www.hsbc.com.ph Open in urlscan Pro
203.112.93.20 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

96 %
HTTPS

26 %
IPv6

15
Domains

20
Subdomains

19
IPs

4
Countries

926 kB
Transfer

3353 kB
Size

11
Cookies

50 HTTP transactions
2 data transactions