bank.marksandspencer.com Open in urlscan Pro
91.214.5.36 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://comms.mandsbank.com/r/?id=hfcb6614,35738aa,311747a
Effective URL:
https://bank.marksandspencer.com/
Submission: On February 18 via manual (February 18th 2020, 9:51:23 am UTC) from GB

Summary HTTP 80 Redirects Links 7 Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 9 domains to perform 80 HTTP transactions. The main IP is 91.214.5.36, located in Leeds, United Kingdom and belongs to HSBC-UK, GB. The main domain is bank.marksandspencer.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 4th 2019. Valid for: a year.

This is the only time bank.marksandspencer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	195.68.228.145 195.68.228.145	12703 (PULSANT-AS) (PULSANT-AS)
60	91.214.5.36 91.214.5.36	20705 (HSBC-UK) (HSBC-UK)
5	152.199.23.241 152.199.23.241	15133 (EDGECAST) (EDGECAST)
1 3	34.253.43.81 34.253.43.81	16509 (AMAZON-02) (AMAZON-02)
2	178.249.101.23 178.249.101.23	11054 (LIVEPERSON) (LIVEPERSON)
1	108.128.72.119 108.128.72.119	16509 (AMAZON-02) (AMAZON-02)
1	18.140.85.34 18.140.85.34	16509 (AMAZON-02) (AMAZON-02)
1	2a03:6400:10:... 2a03:6400:10:0:178:249:97:98	11054 (LIVEPERSON) (LIVEPERSON)
1	2a03:6400:10:... 2a03:6400:10:0:178:249:97:99	11054 (LIVEPERSON) (LIVEPERSON)
3	178.249.97.70 178.249.97.70	11054 (LIVEPERSON) (LIVEPERSON)
1	143.204.101.125 143.204.101.125	16509 (AMAZON-02) (AMAZON-02)
1	66.117.29.6 66.117.29.6	15224 (OMNITURE) (OMNITURE)
2	34.248.244.132 34.248.244.132	16509 (AMAZON-02) (AMAZON-02)
80	12

1 195.68.228.145 (United Kingdom) 1 redirects

ASN12703 (PULSANT-AS, GB)
PTR: mta145.fwdto.net

comms.mandsbank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

60 91.214.5.36 (Leeds, United Kingdom)

ASN20705 (HSBC-UK, GB)

bank.marksandspencer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 152.199.23.241 (United States)

ASN15133 (EDGECAST, US)

tags.tiqcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.253.43.81 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-43-81.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 178.249.101.23 (Netherlands)

ASN11054 (LIVEPERSON, US)

lptag.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.72.119 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-72-119.eu-west-1.compute.amazonaws.com

hsbcbankglobal.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.140.85.34 (Singapore, Singapore)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-140-85-34.ap-southeast-1.compute.amazonaws.com

hsbcbankglobal.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:6400:10:0:178:249:97:98 (United Kingdom)

ASN11054 (LIVEPERSON, US)

lpcdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:6400:10:0:178:249:97:99 (United Kingdom)

ASN11054 (LIVEPERSON, US)

accdn.lpsnmedia.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 178.249.97.70 (United Kingdom)

ASN11054 (LIVEPERSON, US)
PTR: lo.v.liveperson.net

lo.v.liveperson.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.125 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-101-125.fra50.r.cloudfront.net

cdn.appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.6 (United States)

ASN15224 (OMNITURE, US)

hsbcbankglobal.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.248.244.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-248-244-132.eu-west-1.compute.amazonaws.com

col.eum-appdynamics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
60	marksandspencer.com bank.marksandspencer.com	945 KB
5	liveperson.net lptag.liveperson.net lo.v.liveperson.net	99 KB
5	tiqcdn.com tags.tiqcdn.com	155 KB
4	demdex.net 1 redirects dpm.demdex.net hsbcbankglobal.demdex.net	2 KB
2	eum-appdynamics.com col.eum-appdynamics.com	2 KB
2	lpsnmedia.net lpcdn.lpsnmedia.net accdn.lpsnmedia.net	547 B
2	omtrdc.net hsbcbankglobal.sc.omtrdc.net hsbcbankglobal.tt.omtrdc.net	761 B
1	appdynamics.com cdn.appdynamics.com	20 KB
1	mandsbank.com 1 redirects comms.mandsbank.com	695 B
80	9

	Domain	Requested by
60	bank.marksandspencer.com	bank.marksandspencer.com
5	tags.tiqcdn.com	bank.marksandspencer.com tags.tiqcdn.com
3	lo.v.liveperson.net	lptag.liveperson.net
3	dpm.demdex.net	1 redirects bank.marksandspencer.com
2	col.eum-appdynamics.com	cdn.appdynamics.com
2	lptag.liveperson.net	tags.tiqcdn.com
1	hsbcbankglobal.tt.omtrdc.net	bank.marksandspencer.com
1	cdn.appdynamics.com	bank.marksandspencer.com
1	accdn.lpsnmedia.net	lptag.liveperson.net
1	lpcdn.lpsnmedia.net	lptag.liveperson.net
1	hsbcbankglobal.sc.omtrdc.net	bank.marksandspencer.com
1	hsbcbankglobal.demdex.net	tags.tiqcdn.com
1	comms.mandsbank.com	1 redirects
80	13

This site contains links to these domains. Also see Links.

Domain
mortgagecalculator.bank.marksandspencer.com
marksandspencer.insure-systems.co.uk
lifeinsurance.marksandspencer.com
www.marksandspencer.com
www7.marksandspencer.com

Subject Issuer	Validity	Valid
bank.marksandspencer.com DigiCert SHA2 Extended Validation Server CA	`2019-03-04` - `2020-03-14`	a year	crt.sh
*.tiqcdn.com DigiCert SHA2 Secure Server CA	`2017-10-25` - `2020-05-13`	3 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2017-12-17` - `2020-12-16`	3 years	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2019-04-23` - `2020-04-14`	a year	crt.sh
*.lpsnmedia.net COMODO RSA Organization Validation Secure Server CA	`2018-02-26` - `2021-02-25`	3 years	crt.sh
*.v.liveperson.net COMODO RSA Organization Validation Secure Server CA	`2018-05-08` - `2020-05-07`	2 years	crt.sh
*.appdynamics.com DigiCert SHA2 Secure Server CA	`2019-04-15` - `2020-06-17`	a year	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-19` - `2020-11-25`	3 years	crt.sh
*.eum-appdynamics.com DigiCert SHA2 Secure Server CA	`2019-04-15` - `2020-06-10`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://bank.marksandspencer.com/
Frame ID: 64F0DEAE802304582B99F6168ED08FFA
Requests: 78 HTTP requests in this frame

Frame: https://hsbcbankglobal.demdex.net/dest5.html?d_nsid=0
Frame ID: CCA2EBF1949F7B2B1A7A7F534B0226CB
Requests: 1 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.9.0.12-release_5021/storage.secure.min.html?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&env=prod
Frame ID: 833342EB709251F6585D0D43BFBB940D
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

http://comms.mandsbank.com/r/?id=hfcb6614,35738aa,311747a HTTP 302
https://bank.marksandspencer.com/ Page URL

Detected technologies

Mustache (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

script /mustache(?:\.min)?\.js/i

Modernizr (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /([\d.]+)?\/modernizr(?:.([\d.]+))?.*\.js/i

Tealium (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /^(?:https?:)?\/\/tags\.tiqcdn\.com\//i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

script /jquery[.-]([\d.]*\d)[^\/]*\.js/i
script /jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?/i

Page Statistics

80
Requests

100 %
HTTPS

15 %
IPv6

9
Domains

13
Subdomains

12
IPs

5
Countries

1223 kB
Transfer

2245 kB
Size

10
Cookies

7 Outgoing links

These are links going to different origins than the main page.

URL: https://mortgagecalculator.bank.marksandspencer.com/
Title: How much could I borrow?

Search URL Search Domain Scan URL

URL: https://marksandspencer.insure-systems.co.uk/SelfService/Security/Login/LoginRegister
Title: Log in to your account

Search URL Search Domain Scan URL

URL: https://lifeinsurance.marksandspencer.com/Client/Login/
Title: Log in to your account

Search URL Search Domain Scan URL

URL: https://www.marksandspencer.com/
Title: Shop M&S(opens in a new window)

Search URL Search Domain Scan URL

URL: https://lifeinsurance.marksandspencer.com/Client/Login
Title: Lifeinsurance (opens in a new window)(opens in a new window)

Search URL Search Domain Scan URL

URL: https://www7.marksandspencer.com/security/
Title: Sign into internet banking (opens in a new window)

Search URL Search Domain Scan URL

URL: https://www7.marksandspencer.com/1/2/?idv_cmd=idv.Logoff&nextPage=msb.sc.registerlanding
Title: Registerfor internet banking (opens in a new window)

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://comms.mandsbank.com/r/?id=hfcb6614,35738aa,311747a HTTP 302
https://bank.marksandspencer.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 38

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408

80 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
bank.marksandspencer.com/
Redirect Chain

http://comms.mandsbank.com/r/?id=hfcb6614,35738aa,311747a
https://bank.marksandspencer.com/

37 KB
7 KB

336ms
29ms

Document
text/html

91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

78f6ec9db0d33344b21a25aa00077a96f7d1df506fec26a69de1944ed0015b27

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: bank.marksandspencer.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: max-age=86400,no-cache, no-store, must-revalidate
Content-Type: text/html
Content-Encoding: gzip
Last-Modified: Wed, 12 Feb 2020 11:34:24 GMT
Accept-Ranges: bytes
ETag: "060c6098e1d51:0"
Vary: Accept-Encoding
Server: gbw00120157
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Date: Tue, 18 Feb 2020 09:49:42 GMT
Content-Length: 6898

Redirect headers

Date: Tue, 18 Feb 2020 09:51:06 GMT
Server: ProfusionHTTPServer
X-Xss-Protection: 1; mode=block
X-Robots-Tag: noindex
P3P: CP="CAO DSP COR CURa DEVa TAIa OUR BUS IND UNI COM NAV"
Location: https://bank.marksandspencer.com/
Connection: close
Content-length: 17
X-Frame-Options: SAMEORIGIN
Pragma: no-cache
Cache-control: no-cache, no-store, private, must-revalidate
X-Content-Type-Options: nosniff
Set-Cookie: uuid230=cd3cd29b-a464-48d2-abc2-6fe0f1d94076; Domain=mandsbank.com; Path=/; Expires=Sun, 07-Mar-2088 13:05:13 GMT;HttpOnly;Secure nlid=fcb6614|35738aa; Domain=mandsbank.com; Path=/;HttpOnly;Secure
Content-Type: text/plain; charset=utf-8

GET
H/1.1 200
OK reset.css
bank.marksandspencer.com/styles/ 1 KB
1 KB 31ms
28ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/reset.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

c1381fac7ac6e67d833cde753fec2a207cc29863acc3a54ecc80775c5d66243b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 768
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:01:20 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "c3d5ad56db5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_masthead.css
bank.marksandspencer.com/styles/ 22 KB
4 KB 63ms
31ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_masthead.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

f384c79fe658a0094355ac2083b8e67db67aa28884d1419b08c7fda504525d93

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3628
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 12 Jun 2018 09:48:40 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "04cbf8a322d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_footer.css
bank.marksandspencer.com/styles/ 2 KB
1 KB 102ms
42ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_footer.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e37bfa19b285d915bcf0cfa400ba6554a1ee7d3864288b971f5afa273d9cb3f5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 636
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Apr 2018 15:20:15 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "56c31c271d2d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_body.css
bank.marksandspencer.com/styles/ 80 KB
12 KB 131ms
71ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_body.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

22b1892347e34e4f0279c8334ba7920c2fbc0f90507a862a607f1bad1d6d4054

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 11995
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 07 Feb 2020 12:14:27 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "80534824b0ddd51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_fonts.css
bank.marksandspencer.com/styles/ 41 KB
5 KB 118ms
57ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_fonts.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

724b5b3259e8ee735c6dfa7b97cc0c2e58ffc8c78b02cb5d00a5f8d34dfff352

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4687
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 13 Jan 2017 11:25:33 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "8074d3c08f6dd21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK content_pws_global.css
bank.marksandspencer.com/styles/ 54 KB
9 KB 116ms
56ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/content_pws_global.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

64eecd75f0e9e47e4040156f3d423c8b159a1a6a1d65bc3cc3b51f4bddbd5c39

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 8256
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 12 Nov 2019 12:02:11 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "8063a735199d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK adrum.js Show response
bank.marksandspencer.com/script/ 68 KB
21 KB 133ms
73ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/adrum.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

982e3986bcc4d98f466b329d6cbb3f5f0ad6310f6493244075e0b6355f205274

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 21087
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 06 Nov 2018 13:52:31 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "80f939f6d775d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK modernizr-min.js Show response
bank.marksandspencer.com/script/ 15 KB
7 KB 105ms
40ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/modernizr-min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e8614c709a86f38b9a0a553561e4deb3bfb673b4b6ca515b3241f9cbb29a45ed

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 6297
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:00:26 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0714236db5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK jquery-3.1.1.min.js Show response
bank.marksandspencer.com/script/ 85 KB
30 KB 159ms
57ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/jquery-3.1.1.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 30164
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 25 Nov 2016 06:31:38 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0414e93e546d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 utag.sync.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 4 KB
1 KB 62ms
17ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.sync.js
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8B46) /
Resource Hash: 0c62e517f098f4998668a92962742cdeb5e085d7546fff91ccd4207a0111c47a

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
last-modified: Thu, 30 Jan 2020 14:37:34 GMT
server: ECAcc (ama/8B46)
age: 156
etag: "3856397577"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 1118
expires: Tue, 18 Feb 2020 09:56:07 GMT

GET
H/1.1 200
OK mands_menu_object.json Show response
bank.marksandspencer.com/data/ 52 KB
5 KB 30ms
29ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/data/mands_menu_object.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

3b02cc13a6f32f7fc09dc0d6dcf4c5c39d3eab1bcfe2c735c1e1749abc3ee86e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4857
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 06 Jan 2020 10:17:03 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: max-age=86400
ETag: "803983707ac4d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK MSB_Logo_Black.png
bank.marksandspencer.com/images/content/ 3 KB
3 KB 30ms
29ms Image
image/png 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/content/MSB_Logo_Black.png

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

66f03426203ededebb1db0a7cb7aec7bf7c28ac1bd0f311d5a03819357419495

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 10 May 2016 13:47:18 GMT
Server: gbw00120157
ETag: "3ed0d577c2aad11:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:42 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 2808
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK PC-Homepage-Left.jpg
bank.marksandspencer.com/images/backgrounds/ 34 KB
34 KB 34ms
34ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/PC-Homepage-Left.jpg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

05b7410beccee234b54f9e84f33296437828d4ab5ad4a89d389460d1dbcd4150

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 07 Feb 2020 10:20:15 GMT
Server: gbw00120157
ETag: "101f8030a0ddd51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:42 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 34307
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK PC-Homepage-Right.jpg
bank.marksandspencer.com/images/backgrounds/ 77 KB
78 KB 33ms
32ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/PC-Homepage-Right.jpg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

a59e37d3be15e89737a24212251a2cf9d1c0d913a1224c96b08e52653376bb82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 07 Feb 2020 10:20:27 GMT
Server: gbw00120157
ETag: "fb7f9d37a0ddd51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:42 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 79351
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK security-matters-c.svg
bank.marksandspencer.com/images/icons/ 8 KB
4 KB 31ms
30ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/security-matters-c.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

a230661c69aa4c2c4a14597be94227ac1d1cc5e474822bd93476e9e917888376

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 3211
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 14 Jun 2019 14:14:05 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "80b4636cbb22d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK Insurance.svg
bank.marksandspencer.com/images/icons/ 13 KB
10 KB 35ms
34ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/Insurance.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

f171b213f4bfe43dcc12665c8b6a6a9422e5aae140f3203063ee2bd28180e4b5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 10037
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 12 Sep 2018 14:18:20 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "05ec874a34ad41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK giftbox--premiumclub.svg
bank.marksandspencer.com/images/icons/ 2 KB
2 KB 30ms
29ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/giftbox--premiumclub.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

72e37c4732ea559135e7b406a26753b558e642c6d1157ee15c2331ffbd096128

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1295
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 26 Nov 2018 14:10:25 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "3965d2c69185d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK giftboxes--loans.svg
bank.marksandspencer.com/images/icons/ 4 KB
3 KB 166ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/giftboxes--loans.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

c55195aaef3ae7622b8866f31a82f583b55cb39bbbe5f5e4a809b5d3f09cfccd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1986
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:26:16 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "054d1813d51d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK cc-active-new-cards.svg
bank.marksandspencer.com/images/icons/ 3 KB
2 KB 194ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/cc-active-new-cards.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

ab0367094d3ffe1c20b8a562d04a5f480f0f623b70f2026ae5fcb7219aa69bdd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1357
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 07 Feb 2020 13:44:28 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "08687b7bcddd51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK factory--mortgages.svg
bank.marksandspencer.com/images/icons/ 1 KB
2 KB 95ms
29ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/factory--mortgages.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e6ad50c771ffe3626e6753956dcb076085d47d908e4496175691473196584021

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1195
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Nov 2017 14:14:13 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "af46967fe569d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK ca-high-rate-saver.svg
bank.marksandspencer.com/images/icons/ 5 KB
3 KB 133ms
27ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/ca-high-rate-saver.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

584808125d42c09ddbed947d8960767cd3ee267b436722cf1df5b2fbaba332e6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 2306
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 22 Jan 2020 10:17:52 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "085434dd1d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK piggy-bank--savings.svg
bank.marksandspencer.com/images/icons/ 2 KB
2 KB 95ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/piggy-bank--savings.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

7502317530895d8ba774dc3e3254d045df8279d5e3ec76d99a4211874c0b6a1e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1596
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 24 Oct 2017 13:25:17 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "2db34c88cb4cd31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK travel-globe2.svg
bank.marksandspencer.com/images/icons/ 2 KB
2 KB 97ms
27ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/icons/travel-globe2.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

b82852c5605c4d5572d3321eedd0ad69690ff220db301964dc6b387200dc285c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1613
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 09 Jan 2020 15:19:05 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "92b961210c7d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_twitter_blue.svg
bank.marksandspencer.com/images/css_images/ 821 B
1 KB 79ms
27ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_twitter_blue.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e5f4fc7c487afba251ce9db7ac18212f9b8b5c1b712909d97b05f72e0cd063cd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 686
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 17 May 2017 16:31:33 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "8f1a6c2bcfd21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_facebook.svg
bank.marksandspencer.com/images/css_images/ 1 KB
2 KB 75ms
31ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_facebook.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e5b30dc2b8d42f65117ac3f38748f5d46322b5624eab15a257591d2d5015a48d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1049
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:25:37 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "d7fb206b3d51d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK FSCS_999x243px.png
bank.marksandspencer.com/images/ 327 KB
328 KB 113ms
59ms Image
image/png 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/FSCS_999x243px.png

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

7a255f0ba8e99b68fd908cc373a3f56cb6b44da9f7800f552294ab14a2fe5ac7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 20 May 2019 09:34:54 GMT
Server: gbw00120157
ETag: "4616e547efed51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:43 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 334763
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK default-1.1.js Show response
bank.marksandspencer.com/script/ 5 KB
2 KB 83ms
28ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/default-1.1.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

47077b461f6dc616e52af917e8a9530f198cfe2adbcc162d9feef7dab3e908be

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1496
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 03 Dec 2019 14:26:14 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "047f59de5a9d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK print.css
bank.marksandspencer.com/styles/ 1 KB
1 KB 38ms
29ms Stylesheet
text/css 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/styles/print.css

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

a6df6c2664bada199c4946ff58fec8e95f240eee85f28e78a60493c440fcdaa9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 795
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:01:19 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: text/css
Cache-Control: no-cache,max-age=86400
ETag: "626a4956db5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/hsbc/lib-sync/prod/ 296 KB
97 KB 15ms
14ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/lib-sync/prod/utag.js
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.sync.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8B11) /
Resource Hash: 32385e4c01e091cdb71c64d0da51d1b1a46b87eddd262a93f2aab37a9bd39023

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
last-modified: Thu, 13 Feb 2020 04:45:35 GMT
server: ECAcc (ama/8B11)
age: 262
etag: "1061157516"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 99253
expires: Tue, 18 Feb 2020 09:56:07 GMT

GET
H2 200 utag.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 202 KB
51 KB 44ms
43ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8AF3) /
Resource Hash: 0ef6d7014670e69f71f0e44316c6947dcf7cf9eaea3893b8fdfa42486a0483d2

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
last-modified: Thu, 30 Jan 2020 14:37:34 GMT
server: ECAcc (ama/8AF3)
age: 149
etag: "1723636893"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=300
accept-ranges: bytes
content-length: 52221
expires: Tue, 18 Feb 2020 09:56:07 GMT

GET
H/1.1 200
OK nav_lock.png
bank.marksandspencer.com/images/background/ 342 B
946 B 65ms
28ms Image
image/png 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/background/nav_lock.png

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

ab30bb0fb492a9008aca0a6e27872308a54181be4251f44c9d9a68a72a496a4f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_masthead.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 10 Jan 2017 07:14:00 GMT
Server: gbw00120157
ETag: "d85aef1d116bd21:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:42 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 342
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK button-cta_arrow.svg
bank.marksandspencer.com/images/css_images/ 598 B
1 KB 113ms
29ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/button-cta_arrow.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

833b3aacb510cfc75d7152715977d65c6ab148c2af1ba9c06a3c12aaa92cf534

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_body.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 479
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:25:36 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:42 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "de83186a3d51d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_facebook_white.svg
bank.marksandspencer.com/images/css_images/ 574 B
1 KB 83ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_facebook_white.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

315ec5c4dd212c93c5a1e65ec2f46ca4564be6a36fd5f66b5b5ef944e87649dd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 535
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Apr 2018 15:19:28 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "46415da671d2d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_facebook_white_hover.svg
bank.marksandspencer.com/images/css_images/ 574 B
1 KB 68ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_facebook_white_hover.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e4c2c3607fea2e8799a06f771b8e2a7f35bc6af96629c67e2d8b89399c90791d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 540
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Apr 2018 15:19:28 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "cdc360a671d2d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_twitter_white.svg
bank.marksandspencer.com/images/css_images/ 823 B
1 KB 83ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_twitter_white.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

204498bae4a574e3530c71e787ddf731f2a3d546b3216518817886eb548b1fa1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 684
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:25:38 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "725c2b6b3d51d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK sm_twitter_white_hover.svg
bank.marksandspencer.com/images/css_images/ 823 B
1 KB 79ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/sm_twitter_white_hover.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

91815b50847ef7539f0707a81756a460ded4f166e8bcc68b8c5b23cea9f653df

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 687
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 12 Apr 2018 15:19:28 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "b12c67a671d2d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK padlock-dark.svg
bank.marksandspencer.com/images/css_images/ 2 KB
2 KB 46ms
28ms Image
image/svg+xml 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/css_images/padlock-dark.svg

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

53c204e63a0b4cf7b6c486188abd7e3e4e82d38e5bb34c060e28f1c7e7839c4a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_footer.css
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: close
Content-Length: 1424
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:25:37 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800
ETag: "2fec6b3d51d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK 36ccb1c7-c10c-4165-851f-a7fc4bfc0fe3.woff
bank.marksandspencer.com/fonts/ 23 KB
23 KB 105ms
57ms Font
font/x-woff 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/fonts/36ccb1c7-c10c-4165-851f-a7fc4bfc0fe3.woff

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

2b0bb367c06d59c201f4201566702bebbac2d8714684e239179ed4f41e229673

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/styles/content_pws_fonts.css
Origin: https://bank.marksandspencer.com
Sec-Fetch-Dest: font
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
X-Content-Type-Options: nosniff
Last-Modified: Mon, 14 Mar 2016 12:35:35 GMT
Server: gbw00120157
ETag: "c45db01ee7dd11:0"
X-Frame-Options: SAMEORIGIN
Content-Type: font/x-woff
Expires: Wed, 01 Jan 2020 00:00:00 GMT
Date: Tue, 18 Feb 2020 09:49:42 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 23153
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408
https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408

0
-1 B

127ms
32ms

XHR

34.253.43.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.43.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-43-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408
X-TID: biq/44L0TJk=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://bank.marksandspencer.com
X-TID: biq/44L0TJk=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 utag.v.js Show response
tags.tiqcdn.com/utag/tiqapp/ 2 B
124 B 14ms
14ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/lib-sync/202002130445&cb=1582019467420
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/lib-sync/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8B1F) /
Resource Hash: a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
last-modified: Thu, 14 Apr 2016 16:59:33 GMT
server: ECAcc (ama/8B1F)
age: 384269
etag: "2243872957"
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=600
accept-ranges: bytes
content-length: 2
expires: Tue, 18 Feb 2020 10:01:07 GMT

GET
H2 200 utag.87.js Show response
tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/ 16 KB
5 KB 14ms
14ms Script
text/javascript 152.199.23.241
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.87.js?utv=ut4.39.201909191219
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 152.199.23.241 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (ama/8B63) /
Resource Hash: 8ad073f19010b0c4fcc1b107e96c2110401ccee507843e48185886ee92eec02b

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
last-modified: Thu, 19 Sep 2019 12:20:04 GMT
server: ECAcc (ama/8B63)
age: 383929
etag: "841957733"
vary: Accept-Encoding
x-cache: HIT
content-type: text/javascript
status: 200
cache-control: max-age=1296000
accept-ranges: bytes
content-length: 5277
expires: Wed, 04 Mar 2020 09:51:07 GMT

GET
H2 200 tag.js Show response
lptag.liveperson.net/tag/ 18 KB
7 KB 48ms
14ms Script
application/javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/tag/tag.js?site=88016402
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.87.js?utv=ut4.39.201909191219
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
last-modified: Tue, 21 Aug 2018 07:47:45 GMT
server: ws
etag: "5b7bc3a1-198d"
access-control-allow-methods: GET, POST, PATCH
content-type: application/javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length: 6541

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 393 B
1 KB 35ms
34ms XHR
application/json 34.253.43.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=AE9446FC57CECBEE7F000101%40AdobeOrg&d_nsid=0&ts=1582019467408

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.253.43.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-253-43-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

5afdc6a6e78eb2726da8dc29cdc3794fb0c8cacf1ea0ffeda7975d936efd9a4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://bank.marksandspencer.com/
Origin: https://bank.marksandspencer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v060-0f7f6cf7e.edge-irl1.demdex.com 5.65.0.20200212140016 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: te2+LQmWTLk=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://bank.marksandspencer.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 323
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 .jsonp Show response
lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/ 245 KB
89 KB 24ms
24ms Script
application/x-javascript 178.249.101.23
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=PWS.MO&b=1
Requested by: Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/uk-rbwm-mands/prod/utag.87.js?utv=ut4.39.201909191219
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.101.23 , Netherlands, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 18e7f90a7e60c78f0467786a867dedd36d86c99f82bcfe721d059b0e9aa57e48

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
server: ws
x-cache-status: EXPIRED
access-control-allow-methods: GET, POST, PATCH
content-type: application/x-javascript
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control: public, max-age=630
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H/1.1 200
OK Cookie set dest5.html
hsbcbankglobal.demdex.net/ Frame CCA2 0
0 128ms
33ms Document
text/html 108.128.72.119
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbcbankglobal.demdex.net/dest5.html?d_nsid=0

Requested by

Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/lib-sync/prod/utag.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

108.128.72.119 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-72-119.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: hsbcbankglobal.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://bank.marksandspencer.com/
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=19728177900587758913581933524095855725
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://bank.marksandspencer.com/

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Mon, 17 Feb 2020 12:50:18 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=19728177900587758913581933524095855725;Path=/;Domain=.demdex.net;Expires=Sun, 16-Aug-2020 09:51:07 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: AZScgCXsSEw=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
hsbcbankglobal.sc.omtrdc.net/ 2 B
325 B 1148ms
261ms XHR
application/x-javascript 18.140.85.34
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://hsbcbankglobal.sc.omtrdc.net/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=AE9446FC57CECBEE7F000101%40AdobeOrg&mid=20021380576514987883538786044698035738&ts=1582019467575

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.140.85.34 Singapore, Singapore, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-18-140-85-34.ap-southeast-1.compute.amazonaws.com

Software

jag /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
Origin: https://bank.marksandspencer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Tue, 18 Feb 2020 09:51:08 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-5869d59d6c-k9jgq
vary: Origin
x-c: master-1158.Ib7fada.M0-347
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://bank.marksandspencer.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 2
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK mands.js
bank.marksandspencer.com/script/src/ 11 KB
11 KB 97ms
42ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3849
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 04 Feb 2019 11:46:50 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0319e507fbcd41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK browser-detect-min.js
bank.marksandspencer.com/script/ 4 KB
4 KB 86ms
29ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/browser-detect-min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2026
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:00:10 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "09b92cdb5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.focus.js
bank.marksandspencer.com/script/src/ 3 KB
3 KB 87ms
30ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.focus.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1073
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 15 Apr 2016 13:30:16 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e444f21a97d11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.sourcecode.js
bank.marksandspencer.com/widgets/source_code/js/ 4 KB
4 KB 87ms
30ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/widgets/source_code/js/mands.sourcecode.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1325
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2019 13:52:02 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "06d996b6de5d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.match-height.js
bank.marksandspencer.com/script/src/ 12 KB
12 KB 86ms
29ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.match-height.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3108
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 23 Aug 2017 15:44:12 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "06e93aa261cd31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.menu.js
bank.marksandspencer.com/script/src/ 25 KB
25 KB 30ms
28ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.menu.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4566
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 26 Apr 2019 10:32:41 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "806a44601bfcd41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mustache.min.js
bank.marksandspencer.com/script/ 9 KB
9 KB 29ms
27ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/mustache.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2809
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 25 Jan 2018 12:01:14 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e1b132d495d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.backgroundify.js
bank.marksandspencer.com/script/src/ 2 KB
2 KB 45ms
28ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/src/mands.backgroundify.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 812
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 24 May 2018 12:50:45 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "592e7d45df3d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK plugins_1.1.min.js
bank.marksandspencer.com/script/plugins/ 15 KB
15 KB 29ms
29ms Image
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/script/plugins/plugins_1.1.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4959
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:48:52 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "082eaa4051d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.9.0.12-release_5021/ Frame 8333 0
0 97ms
21ms Document
text/html 2a03:6400:10:0:178:249:97:98
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lpcdn.lpsnmedia.net/le_secure_storage/3.9.0.12-release_5021/storage.secure.min.html?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&env=prod
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=PWS.MO&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:98 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash

Request headers

:method: GET
:authority: lpcdn.lpsnmedia.net
:scheme: https
:path: /le_secure_storage/3.9.0.12-release_5021/storage.secure.min.html?loc=https%3A%2F%2Fbank.marksandspencer.com&site=88016402&env=prod
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest: iframe
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
referer: https://bank.marksandspencer.com/
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://bank.marksandspencer.com/

Response headers

status: 200
date: Tue, 18 Feb 2020 09:51:07 GMT
content-type: text/html
last-modified: Mon, 27 Jan 2020 16:46:40 GMT
content-encoding: gzip
server: ws
vary: Origin
access-control-allow-methods: GET, POST, PATCH
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
expires: Tue, 18 Feb 2020 10:01:07 GMT
cache-control: max-age=600

GET
H2 200 zones Show response
accdn.lpsnmedia.net/api/account/88016402/configuration/le-campaigns/ 2 KB
547 B 158ms
82ms Script
application/javascript 2a03:6400:10:0:178:249:97:99
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://accdn.lpsnmedia.net/api/account/88016402/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=PWS.MO&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a03:6400:10:0:178:249:97:99 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software: ws /
Resource Hash: 0570cd9d3add13e3cae334fb007971eb5990e2db4460906b80598aa442e4b0e7

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
server: ws
x-cache-status: HIT
vary: Accept
content-type: application/javascript
status: 200
expires: Tue, 18 Feb 2020 09:51:33 GMT

GET
H2 200 88016402 Show response
lo.v.liveperson.net/api/js/ 244 B
1 KB 138ms
72ms Script
application/json 178.249.97.70
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.v.liveperson.net/api/js/88016402?&cb=lpCb21019x47727&t=sp&ts=1582019467604&pid=6919394218&tid=8903579886&pt=Personal%20Banking%2C%20Insurance%20And%20Travel%20Services%20%7C%20M%26S%20Bank&u=https%3A%2F%2Fbank.marksandspencer.com%2F&sec=%5B%22PWS.MO%22%5D&df=0&os=1&sdes=%5B%7B%22type%22%3A%22ctmrinfo%22%2C%22info%22%3A%7B%22ctype%22%3A%22en%22%7D%7D%2C%7B%22type%22%3A%22cart%22%2C%22numItems%22%3A0%2C%22products%22%3A%5B%7B%22product%22%3A%7B%22name%22%3A%22site_region-Europe_UK_United_Kingdom_M%26S_Bank_M%26S_Bank%22%2C%22price%22%3Anull%7D%2C%22quantity%22%3Anull%7D%5D%7D%5D
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=PWS.MO&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.70 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo.v.liveperson.net
Software: ws /
Resource Hash: f1425a11bb83068a0c657a96efb6e9787b6cbd4151aa87424c4ebca24a40f594

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H/1.1 200
OK mands.js Show response
bank.marksandspencer.com/script/src/ 11 KB
4 KB 30ms
30ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

a7d432f36c40fe5c0262823107d36c99969abc22bc926f367f3c93c2a7ce9752

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3849
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 04 Feb 2019 11:46:50 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0319e507fbcd41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 88016402 Show response
lo.v.liveperson.net/api/js/ 110 B
830 B 23ms
23ms Script
application/json 178.249.97.70
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.v.liveperson.net/api/js/88016402?sid=tkgBqxyaTZ2tKnB9tHbDRg&cb=lpCb26881x90994&t=pl&ts=1582019467605&pid=6919394218&tid=8903579886&vid=ZhMzA0ZmUwZGNkNTU1MGQ0
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=PWS.MO&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.70 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo.v.liveperson.net
Software: ws /
Resource Hash: 12e6ec45645f1b3289a057e3772e8d0090b9701372037f594aeeca569d3c1876

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:07 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

GET
H/1.1 200
OK browser-detect-min.js Show response
bank.marksandspencer.com/script/ 4 KB
3 KB 29ms
29ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/browser-detect-min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

c2bfae428081009a33826ce5ec4e93b671a8de96fd063192bc9e00fdc00692d9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2026
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 02 Feb 2016 17:00:10 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "09b92cdb5dd11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.focus.js Show response
bank.marksandspencer.com/script/src/ 3 KB
2 KB 30ms
29ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.focus.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

f31ddafef29bd2e57f5e64bb199ac1c865a600670c2272496830e0bf7d03f24c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1073
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 15 Apr 2016 13:30:16 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e444f21a97d11:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H2 200 adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js Show response
cdn.appdynamics.com/ 50 KB
20 KB 83ms
33ms Script
application/javascript 143.204.101.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.125 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-143-204-101-125.fra50.r.cloudfront.net
Software: nginx/1.10.2 /
Resource Hash: c063cc48c10c59a43ee8f325053b7cf8041eec8704c02c2191d4d7c2be638121

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Sun, 19 Jan 2020 01:07:22 GMT
content-encoding: gzip
age: 2623469
x-cache: Hit from cloudfront
status: 200
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
last-modified: Wed, 26 Sep 2018 23:59:21 GMT
server: nginx/1.10.2
etag: W/"5bac1d59-c890"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=2678400, s-max-age=14400
x-amz-cf-pop: FRA50-C1
timing-allow-origin: *
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: CcMGXFd7_uOoZtyShpZFmc1O7JV7WUBrHrn7mx-wTjMIqgsqx8Av8w==

GET
H/1.1 200
OK mands.sourcecode.js Show response
bank.marksandspencer.com/widgets/source_code/js/ 4 KB
2 KB 32ms
31ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/widgets/source_code/js/mands.sourcecode.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

d26d127a2c4946c5de566c08d0a39f4f572fe9c7dfb8a832b2d462c58d78e67f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 1325
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 28 Mar 2019 13:52:02 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "06d996b6de5d41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.match-height.js Show response
bank.marksandspencer.com/script/src/ 12 KB
4 KB 31ms
30ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.match-height.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

7c8f3e046fc811027569f7e70c4ce9b28b26c740fc26d8ae6b999a2de59dcfce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 3108
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 23 Aug 2017 15:44:12 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "06e93aa261cd31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.menu.js Show response
bank.marksandspencer.com/script/src/ 25 KB
5 KB 30ms
29ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.menu.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

1df091a7ac49e3f80058dd16a17a0c24fdee3a5684e834a72715e8418ae5d106

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4566
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 26 Apr 2019 10:32:41 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "806a44601bfcd41:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mustache.min.js Show response
bank.marksandspencer.com/script/ 9 KB
3 KB 30ms
30ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/mustache.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

fdd131c764471b2262b55f468fb26d0da0bd53357238566b2b7939843b82d191

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 2809
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 25 Jan 2018 12:01:14 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "0e1b132d495d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands.backgroundify.js Show response
bank.marksandspencer.com/script/src/ 2 KB
1 KB 29ms
29ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/src/mands.backgroundify.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

7f19107952f416041b23bac31414892694191edbfc5918634f37b8c209cc78ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 812
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 24 May 2018 12:50:45 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "592e7d45df3d31:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK PC-Homepage-Left.jpg
bank.marksandspencer.com/images/backgrounds/ 34 KB
34 KB 35ms
34ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/PC-Homepage-Left.jpg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

05b7410beccee234b54f9e84f33296437828d4ab5ad4a89d389460d1dbcd4150

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 07 Feb 2020 10:20:15 GMT
Server: gbw00120157
ETag: "101f8030a0ddd51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:43 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 34307
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK PC-Homepage-Right.jpg
bank.marksandspencer.com/images/backgrounds/ 77 KB
78 KB 43ms
43ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/PC-Homepage-Right.jpg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

a59e37d3be15e89737a24212251a2cf9d1c0d913a1224c96b08e52653376bb82

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Fri, 07 Feb 2020 10:20:27 GMT
Server: gbw00120157
ETag: "fb7f9d37a0ddd51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:43 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 79351
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK plugins_1.1.min.js Show response
bank.marksandspencer.com/script/plugins/ 22 KB
5 KB 29ms
29ms Script
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/script/plugins/plugins_1.1.min.js

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/modernizr-min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

3708a104791a3ce16b3f53a437ff7dc90457eb61ee6b69b3bcf77a4eb469c0bb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4959
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 08 Dec 2016 10:48:52 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: no-cache,max-age=86400
ETag: "082eaa4051d21:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK mands_menu_object.json Show response
bank.marksandspencer.com/data/ 52 KB
5 KB 35ms
34ms XHR
application/javascript 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to

Full URL

https://bank.marksandspencer.com/data/mands_menu_object.json

Requested by

Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

3b02cc13a6f32f7fc09dc0d6dcf4c5c39d3eab1bcfe2c735c1e1749abc3ee86e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Referer: https://bank.marksandspencer.com/
Sec-Fetch-Dest: empty
X-Requested-With: XMLHttpRequest
ADRUM: isAjax:true
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Vary: Accept-Encoding
Content-Length: 4857
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 06 Jan 2020 10:17:03 GMT
Server: gbw00120157
X-Frame-Options: SAMEORIGIN
Date: Tue, 18 Feb 2020 09:49:43 GMT
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: max-age=86400
ETag: "803983707ac4d51:0"
Accept-Ranges: bytes
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK securityMattersBG.JPG
bank.marksandspencer.com/images/backgrounds/ 24 KB
25 KB 34ms
33ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/securityMattersBG.JPG

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

686bc3123f13953725613a7bbbfd1669d635c644b07a0315d28154b25d6d727c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 08 Jul 2019 13:53:17 GMT
Server: gbw00120157
ETag: "13d0c07e9435d51:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:43 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 24842
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK cups.jpg
bank.marksandspencer.com/images/backgrounds/ 36 KB
36 KB 48ms
48ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/cups.jpg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

94f0df7c5fb3359ae7d104c5a38de405cc538ec214c00029daf4c45b5ae19b00

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Jul 2018 05:08:11 GMT
Server: gbw00120157
ETag: "3b4ca4d68b12d41:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:43 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 36669
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

GET
H/1.1 200
OK paint.jpg
bank.marksandspencer.com/images/backgrounds/ 36 KB
37 KB 45ms
44ms Image
image/jpeg 91.214.5.36
HSBC-UK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bank.marksandspencer.com/images/backgrounds/paint.jpg

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

91.214.5.36 Leeds, United Kingdom, ASN20705 (HSBC-UK, GB),

Reverse DNS

Software

gbw00120157 /

Resource Hash

476b1ef4d543fa3f00108782dbae16341f0db28eec8e5595f52cf0e186622758

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com
Strict-Transport-Security: max-age=15552001; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Tue, 03 Jul 2018 05:08:11 GMT
Server: gbw00120157
ETag: "4715b5d68b12d41:0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=604800
Date: Tue, 18 Feb 2020 09:49:43 GMT
Connection: close
Accept-Ranges: bytes
Content-Length: 36918
X-XSS-Protection: 1; mode=block
x-content-security-policy: frame-ancestors *.marksandspencer.com *.hsbc *.adobe.com

POST
H2 200 delivery Show response
hsbcbankglobal.tt.omtrdc.net/rest/v1/ 287 B
436 B 284ms
41ms XHR
application/json 66.117.29.6
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://hsbcbankglobal.tt.omtrdc.net/rest/v1/delivery?client=hsbcbankglobal&sessionId=df8f2685aeb0408bba4ae3aa49905451&version=2.1.1
Requested by: Host: bank.marksandspencer.com
URL: https://bank.marksandspencer.com/script/adrum.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 66.117.29.6 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: /
Resource Hash: 2d928693210980ec58467e3cd5fac3abfa2130adcc1302aadb72f54a4426a7d9

Request headers

Referer: https://bank.marksandspencer.com/
Origin: https://bank.marksandspencer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: text/plain

Response headers

date: Tue, 18 Feb 2020 09:51:08 GMT
content-encoding: gzip
status: 200
vary: Origin,Accept-Encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://bank.marksandspencer.com
access-control-allow-credentials: true
x-request-id: f75073e1-70a1-4c66-8a66-a6f3514a3dbd

POST
H/1.1 200
OK adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/ 0
812 B 123ms
30ms XHR
text/html 34.248.244.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/adrum
Requested by: Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.244.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-244-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bank.marksandspencer.com/
Origin: https://bank.marksandspencer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 18 Feb 2020 09:51:09 GMT
Vary: *
Content-Type: text/html
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: 0

POST
H/1.1 200
OK adrum Show response
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/ 0
812 B 32ms
31ms XHR
text/html 34.248.244.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAM-UKR/adrum
Requested by: Host: cdn.appdynamics.com
URL: https://cdn.appdynamics.com/adrum-ext.15ad9e12c414858a5e6cfdfb1f2331b1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.244.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-248-244-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://bank.marksandspencer.com/
Origin: https://bank.marksandspencer.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type: text/plain

Response headers

Pragma: no-cache
Date: Tue, 18 Feb 2020 09:51:14 GMT
Vary: *
Content-Type: text/html
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
Connection: keep-alive
Content-Length: 0
Expires: 0

GET
H2 200 88016402 Show response
lo.v.liveperson.net/api/js/ 73 B
800 B 31ms
31ms Script
application/json 178.249.97.70
LIVEPERSON

General

Check archive.org

Show headers Download Go to

Full URL: https://lo.v.liveperson.net/api/js/88016402?sid=tkgBqxyaTZ2tKnB9tHbDRg&cb=lpCb16414x79957&t=ip&ts=1582019477770&pid=6919394218&tid=8903579886&vid=ZhMzA0ZmUwZGNkNTU1MGQ0
Requested by: Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/88016402/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=PWS.MO&b=1
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 178.249.97.70 , United Kingdom, ASN11054 (LIVEPERSON, US),
Reverse DNS: lo.v.liveperson.net
Software: ws /
Resource Hash: 8d66ba17106d4c694f2f25551bc6f68f7cff73cd5cd04a4804fb66c8f7dbb823

Request headers

Referer: https://bank.marksandspencer.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Tue, 18 Feb 2020 09:51:17 GMT
content-encoding: gzip
server: ws
access-control-allow-methods: GET, POST, PATCH
content-type: application/json
status: 200
access-control-expose-headers: X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.marksandspencer.com/	1969-12-31 23:59:59	Name: LPSID-88016402 Value: tkgBqxyaTZ2tKnB9tHbDRg
.demdex.net/	1970-01-19 11:46:11	Name: dextp Value: 1123-1-1582019467713
.marksandspencer.com/	1970-01-19 16:56:49	Name: AMCV_AE9446FC57CECBEE7F000101%40AdobeOrg Value: -330454231%7CMCIDTS%7C18311%7CMCMID%7C20021380576514987883538786044698035738%7CMCAAMLH-1582624267%7C6%7CMCAAMB-1582624267%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1582026667s%7CNONE%7CvVersion%7C3.1.2
.marksandspencer.com/	1969-12-31 23:59:59	Name: AMCVS_AE9446FC57CECBEE7F000101%40AdobeOrg Value: 1
.marksandspencer.com/	1969-12-31 23:59:59	Name: tms_ref Value:
.demdex.net/	1970-01-19 11:46:11	Name: demdex Value: 19728177900587758913581933524095855725
.marksandspencer.com/	1970-01-20 00:58:11	Name: LPVID Value: ZhMzA0ZmUwZGNkNTU1MGQ0
.marksandspencer.com/	1970-01-19 07:27:01	Name: mbox Value: session#df8f2685aeb0408bba4ae3aa49905451#1582021328
.marksandspencer.com/	1970-01-19 16:12:35	Name: utag_main Value: v_id:017057b55889002690f3724d72ea00079002107100b08$_sn:1$_se:1$_ss:0$_st:1582021267432$ses_id:1582019467402%3Bexp-session$_pn:2%3Bexp-session$sskey:undefined%3Bexp-1584611467439
.marksandspencer.com/	1969-12-31 23:59:59	Name: check Value: true

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
Strict-Transport-Security	max-age=15552001; includeSubDomains; preload
X-Content-Security-Policy	frame-ancestors .marksandspencer.com .hsbc *.adobe.com
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
bank.marksandspencer.com
cdn.appdynamics.com
col.eum-appdynamics.com
comms.mandsbank.com
dpm.demdex.net
hsbcbankglobal.demdex.net
hsbcbankglobal.sc.omtrdc.net
hsbcbankglobal.tt.omtrdc.net
lo.v.liveperson.net
lpcdn.lpsnmedia.net
lptag.liveperson.net
tags.tiqcdn.com
108.128.72.119
143.204.101.125
152.199.23.241
178.249.101.23
178.249.97.70
18.140.85.34
195.68.228.145
2a03:6400:10:0:178:249:97:98
2a03:6400:10:0:178:249:97:99
34.248.244.132
34.253.43.81
66.117.29.6
91.214.5.36
0570cd9d3add13e3cae334fb007971eb5990e2db4460906b80598aa442e4b0e7
05b7410beccee234b54f9e84f33296437828d4ab5ad4a89d389460d1dbcd4150
0c62e517f098f4998668a92962742cdeb5e085d7546fff91ccd4207a0111c47a
0ef6d7014670e69f71f0e44316c6947dcf7cf9eaea3893b8fdfa42486a0483d2
12e6ec45645f1b3289a057e3772e8d0090b9701372037f594aeeca569d3c1876
18e7f90a7e60c78f0467786a867dedd36d86c99f82bcfe721d059b0e9aa57e48
1df091a7ac49e3f80058dd16a17a0c24fdee3a5684e834a72715e8418ae5d106
204498bae4a574e3530c71e787ddf731f2a3d546b3216518817886eb548b1fa1
22b1892347e34e4f0279c8334ba7920c2fbc0f90507a862a607f1bad1d6d4054
2b0bb367c06d59c201f4201566702bebbac2d8714684e239179ed4f41e229673
2d928693210980ec58467e3cd5fac3abfa2130adcc1302aadb72f54a4426a7d9
315ec5c4dd212c93c5a1e65ec2f46ca4564be6a36fd5f66b5b5ef944e87649dd
32385e4c01e091cdb71c64d0da51d1b1a46b87eddd262a93f2aab37a9bd39023
3708a104791a3ce16b3f53a437ff7dc90457eb61ee6b69b3bcf77a4eb469c0bb
3b02cc13a6f32f7fc09dc0d6dcf4c5c39d3eab1bcfe2c735c1e1749abc3ee86e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
47077b461f6dc616e52af917e8a9530f198cfe2adbcc162d9feef7dab3e908be
476b1ef4d543fa3f00108782dbae16341f0db28eec8e5595f52cf0e186622758
53c204e63a0b4cf7b6c486188abd7e3e4e82d38e5bb34c060e28f1c7e7839c4a
584808125d42c09ddbed947d8960767cd3ee267b436722cf1df5b2fbaba332e6
5afdc6a6e78eb2726da8dc29cdc3794fb0c8cacf1ea0ffeda7975d936efd9a4d
64eecd75f0e9e47e4040156f3d423c8b159a1a6a1d65bc3cc3b51f4bddbd5c39
66f03426203ededebb1db0a7cb7aec7bf7c28ac1bd0f311d5a03819357419495
686bc3123f13953725613a7bbbfd1669d635c644b07a0315d28154b25d6d727c
724b5b3259e8ee735c6dfa7b97cc0c2e58ffc8c78b02cb5d00a5f8d34dfff352
72e37c4732ea559135e7b406a26753b558e642c6d1157ee15c2331ffbd096128
7502317530895d8ba774dc3e3254d045df8279d5e3ec76d99a4211874c0b6a1e
78f6ec9db0d33344b21a25aa00077a96f7d1df506fec26a69de1944ed0015b27
7a255f0ba8e99b68fd908cc373a3f56cb6b44da9f7800f552294ab14a2fe5ac7
7c8f3e046fc811027569f7e70c4ce9b28b26c740fc26d8ae6b999a2de59dcfce
7f19107952f416041b23bac31414892694191edbfc5918634f37b8c209cc78ef
833b3aacb510cfc75d7152715977d65c6ab148c2af1ba9c06a3c12aaa92cf534
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
8ad073f19010b0c4fcc1b107e96c2110401ccee507843e48185886ee92eec02b
8d66ba17106d4c694f2f25551bc6f68f7cff73cd5cd04a4804fb66c8f7dbb823
91815b50847ef7539f0707a81756a460ded4f166e8bcc68b8c5b23cea9f653df
94f0df7c5fb3359ae7d104c5a38de405cc538ec214c00029daf4c45b5ae19b00
982e3986bcc4d98f466b329d6cbb3f5f0ad6310f6493244075e0b6355f205274
a230661c69aa4c2c4a14597be94227ac1d1cc5e474822bd93476e9e917888376
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a59e37d3be15e89737a24212251a2cf9d1c0d913a1224c96b08e52653376bb82
a6df6c2664bada199c4946ff58fec8e95f240eee85f28e78a60493c440fcdaa9
a7d432f36c40fe5c0262823107d36c99969abc22bc926f367f3c93c2a7ce9752
ab0367094d3ffe1c20b8a562d04a5f480f0f623b70f2026ae5fcb7219aa69bdd
ab30bb0fb492a9008aca0a6e27872308a54181be4251f44c9d9a68a72a496a4f
b82852c5605c4d5572d3321eedd0ad69690ff220db301964dc6b387200dc285c
c063cc48c10c59a43ee8f325053b7cf8041eec8704c02c2191d4d7c2be638121
c1381fac7ac6e67d833cde753fec2a207cc29863acc3a54ecc80775c5d66243b
c2bfae428081009a33826ce5ec4e93b671a8de96fd063192bc9e00fdc00692d9
c55195aaef3ae7622b8866f31a82f583b55cb39bbbe5f5e4a809b5d3f09cfccd
cc490a8ef7deb4c7fba66f332ad8cdd39433675b95d2bd341300ab7b718f8e4e
d26d127a2c4946c5de566c08d0a39f4f572fe9c7dfb8a832b2d462c58d78e67f
e37bfa19b285d915bcf0cfa400ba6554a1ee7d3864288b971f5afa273d9cb3f5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c2c3607fea2e8799a06f771b8e2a7f35bc6af96629c67e2d8b89399c90791d
e5b30dc2b8d42f65117ac3f38748f5d46322b5624eab15a257591d2d5015a48d
e5f4fc7c487afba251ce9db7ac18212f9b8b5c1b712909d97b05f72e0cd063cd
e6ad50c771ffe3626e6753956dcb076085d47d908e4496175691473196584021
e8614c709a86f38b9a0a553561e4deb3bfb673b4b6ca515b3241f9cbb29a45ed
f1425a11bb83068a0c657a96efb6e9787b6cbd4151aa87424c4ebca24a40f594
f171b213f4bfe43dcc12665c8b6a6a9422e5aae140f3203063ee2bd28180e4b5
f31ddafef29bd2e57f5e64bb199ac1c865a600670c2272496830e0bf7d03f24c
f384c79fe658a0094355ac2083b8e67db67aa28884d1419b08c7fda504525d93
fdd131c764471b2262b55f468fb26d0da0bd53357238566b2b7939843b82d191

bank.marksandspencer.com Open in urlscan Pro 91.214.5.36 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

100 %HTTPS

15 %IPv6

9 Domains

13 Subdomains

12 IPs

5 Countries

1223 kBTransfer

2245 kBSize

10 Cookies

7 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

bank.marksandspencer.com Open in urlscan Pro
91.214.5.36 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

100 %
HTTPS

15 %
IPv6

9
Domains

13
Subdomains

12
IPs

5
Countries

1223 kB
Transfer

2245 kB
Size

10
Cookies

80 HTTP transactions
0 data transactions