URL: https://hakemus.tfbank.fi/
Submission: On August 07 via automatic, source certstream-suspicious — Scanned from FI

Summary

This website contacted 5 IPs in 3 countries across 5 domains to perform 23 HTTP transactions. The main IP is 20.50.2.44, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is hakemus.tfbank.fi.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on August 7th 2024. Valid for: 6 months.
This is the only time hakemus.tfbank.fi was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
12 20.50.2.44 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 185.195.94.202 42649 (BBN)
8 20.50.88.238 8075 (MICROSOFT...)
23 5
Apex Domain
Subdomains
Transfer
12 tfbank.fi
hakemus.tfbank.fi
3 MB
8 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 853
662 B
1 tfbank.se
prodcustomerdataapi.tfbank.se
910 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
75 KB
0 google-analytics.com Failed
www.google-analytics.com Failed
23 5
Domain Requested by
12 hakemus.tfbank.fi hakemus.tfbank.fi
8 dc.services.visualstudio.com hakemus.tfbank.fi
1 prodcustomerdataapi.tfbank.se hakemus.tfbank.fi
1 www.googletagmanager.com hakemus.tfbank.fi
0 www.google-analytics.com Failed www.googletagmanager.com
23 5

This site contains links to these domains. Also see Links.

Domain
tfbank.se
Subject Issuer Validity Valid
hakemus.tfbank.fi
GeoTrust Global TLS RSA4096 SHA256 2022 CA1
2024-08-07 -
2025-02-07
6 months crt.sh
*.google-analytics.com
WR2
2024-07-30 -
2024-10-22
3 months crt.sh
*.tfbank.se
GlobalSign RSA OV SSL CA 2018
2024-04-15 -
2025-05-17
a year crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 04
2024-06-24 -
2025-06-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://hakemus.tfbank.fi/
Frame ID: 47E8E6889598908740DFB83B8E770BEF
Requests: 19 HTTP requests in this frame

Screenshot

Page Title

Omat sivut | TF Bank

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

23
Requests

96 %
HTTPS

25 %
IPv6

5
Domains

5
Subdomains

5
IPs

3
Countries

2959 kB
Transfer

4855 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

23 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
hakemus.tfbank.fi/
646 B
2 KB
Document
General
Full URL
https://hakemus.tfbank.fi/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8141c6c92ce118d9799499e04d4511ca4afa306875d17f6afa4ad6971a6a0ad3
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Content-Encoding
gzip
Content-Length
503
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Content-Type
text/html
Date
Wed, 07 Aug 2024 18:43:16 GMT
ETag
"08f4c6434dcda1:0"
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
Permissions-Policy
camera=(self)
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
main.31afec79.js
hakemus.tfbank.fi/static/js/
2 MB
894 KB
Script
General
Full URL
https://hakemus.tfbank.fi/static/js/main.31afec79.js
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e28c7e195d7c6872385eb4165c85807add445c4f6745dcb6c2285fb1446f4af1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:16 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
main.8b313607.css
hakemus.tfbank.fi/static/css/
284 KB
86 KB
Stylesheet
General
Full URL
https://hakemus.tfbank.fi/static/css/main.8b313607.css
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8d797087f15b64a21b4480a07d38d5032884f8a3dbb3266ab0521d4c9b03acf5
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:16 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
gtm.js
www.googletagmanager.com/
206 KB
75 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5PHJMBM&l=PageDataLayer&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
805ea312bbfe26d9fde43e87f359160358a267adbf6ac5d3e0ab92c957ffee69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 07 Aug 2024 18:43:17 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
76013
x-xss-protection
0
last-modified
Wed, 07 Aug 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 07 Aug 2024 18:43:17 GMT
translation.json
hakemus.tfbank.fi/locales/fi/
21 KB
10 KB
Fetch
General
Full URL
https://hakemus.tfbank.fi/locales/fi/translation.json
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d01ad11f99172bcf19fceec138a7133ada695ddfe53fa6e5e50f8c08944b6c16
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/application
traceparent
00-b607d45cc9744dc18e5a2f1c287f1b63-0e5a2e843cbf4891-01
request-id
|b607d45cc9744dc18e5a2f1c287f1b63.0e5a2e843cbf4891
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Mon, 22 Jul 2024 12:34:34 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"029cd8133dcda1:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
9130
forms.json
hakemus.tfbank.fi/locales/fi/
4 KB
3 KB
Fetch
General
Full URL
https://hakemus.tfbank.fi/locales/fi/forms.json
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
865fd34cdd9485d68e5310fc0f2e78b92afad989d223a2eea68b9202ae1ab640
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/application
traceparent
00-b607d45cc9744dc18e5a2f1c287f1b63-35146b37464743ef-01
request-id
|b607d45cc9744dc18e5a2f1c287f1b63.35146b37464743ef
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Mon, 22 Jul 2024 12:34:34 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"029cd8133dcda1:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
2300
dropdown.json
hakemus.tfbank.fi/locales/fi/
4 KB
2 KB
Fetch
General
Full URL
https://hakemus.tfbank.fi/locales/fi/dropdown.json
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
53960ad12638f6bb8eecfe119677ba9f2bb873ecb61baa8becdc7953fd0a7503
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/application
traceparent
00-b607d45cc9744dc18e5a2f1c287f1b63-7e6ab163e7704422-01
request-id
|b607d45cc9744dc18e5a2f1c287f1b63.7e6ab163e7704422
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Content-Encoding
gzip
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Last-Modified
Mon, 22 Jul 2024 12:34:34 GMT
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"029cd8133dcda1:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1558
next
prodcustomerdataapi.tfbank.se/api/customerservice/maintenance/
0
910 B
XHR
General
Full URL
https://prodcustomerdataapi.tfbank.se/api/customerservice/maintenance/next?market=Finland
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
185.195.94.202 , Sweden, ASN42649 (BBN, SE),
Reverse DNS
vbdc-n.baffinbaynetworks.com
Software
baffin-bay-inlet / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=14515200

Request headers

Accept
application/json, text/plain, */*
Referer
Accept-Language
fi
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=14515200
Server
baffin-bay-inlet
X-Powered-By
ASP.NET
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-contenttype
Connection
keep-alive
Request-Context
appId=cid-v1:90efdaad-7981-4750-b06c-44c489670db0
tfbank21-logo-white.799bf51a13cdf5ad3702fad22db4f40d.svg
hakemus.tfbank.fi/static/media/
3 KB
4 KB
Image
General
Full URL
https://hakemus.tfbank.fi/static/media/tfbank21-logo-white.799bf51a13cdf5ad3702fad22db4f40d.svg
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a1c5ae128a15c00c005f02cab2836792f33932f4ff2b4ffde7dda864641d169e
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
3048
tfbank21-logo-symbol-white.09b8947dc04f9234e2f3ebdf3211be66.svg
hakemus.tfbank.fi/static/media/
893 B
2 KB
Image
General
Full URL
https://hakemus.tfbank.fi/static/media/tfbank21-logo-symbol-white.09b8947dc04f9234e2f3ebdf3211be66.svg
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
61005b093700502390f55675aff651e43cd4158810125024f1b43ef76ac1695d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
893
woman_hanging_outside_car_window.9b0506a76f7b5929e85d.webp
hakemus.tfbank.fi/static/media/
2 MB
2 MB
Image
General
Full URL
https://hakemus.tfbank.fi/static/media/woman_hanging_outside_car_window.9b0506a76f7b5929e85d.webp
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/css/main.8b313607.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a6bcbccd8410b2044e7a005c74c71c09c8ffc2021f516b191c84f2744e6f3cc1
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/static/css/main.8b313607.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/webp
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1600548
signicat-fi-logo2_2.2280d7937253c66c7206.svg
hakemus.tfbank.fi/static/media/
10 KB
11 KB
Image
General
Full URL
https://hakemus.tfbank.fi/static/media/signicat-fi-logo2_2.2280d7937253c66c7206.svg
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/css/main.8b313607.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7054e3119cfe6e7d3fa20570caf2488bde4358f4303fd11b3e07f29ed0dc742b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/static/css/main.8b313607.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
10444
Raleway-VariableFont_wght.575ec9e676c7a85494bb.ttf
hakemus.tfbank.fi/static/media/
302 KB
303 KB
Font
General
Full URL
https://hakemus.tfbank.fi/static/media/Raleway-VariableFont_wght.575ec9e676c7a85494bb.ttf
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/css/main.8b313607.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e7948221210e0bff86b70de2a2e893e24e0d9c5a16a5db0aa47834b88bf1998
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/static/css/main.8b313607.css
Origin
https://hakemus.tfbank.fi
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 22 Jul 2024 12:40:54 GMT
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"08f4c6434dcda1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
309720
analytics.js
www.google-analytics.com/
0
0

track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://hakemus.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Wed, 07 Aug 2024 18:43:17 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
87f523c3f10e56557a4e945ff61a825a58b7ddfd80b82aeaed9e32dcfcc47250
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
Sdk-Context
appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Wed, 07 Aug 2024 18:43:17 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://hakemus.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Wed, 07 Aug 2024 18:43:17 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
200 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
a3764316a1788393963500e782b2400d70d8e3a2d899eb9bfa919ecb6cf99786
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
Sdk-Context
appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Wed, 07 Aug 2024 18:43:17 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://hakemus.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Wed, 07 Aug 2024 18:43:17 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
a3764316a1788393963500e782b2400d70d8e3a2d899eb9bfa919ecb6cf99786
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
Sdk-Context
appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Wed, 07 Aug 2024 18:43:17 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
favicon.ico
hakemus.tfbank.fi/
1 KB
2 KB
Other
General
Full URL
https://hakemus.tfbank.fi/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.50.2.44 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1431b53f53544a5c47d19c148c9624b389fa5722f3605e22afd7161e3c5e0b24
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://hakemus.tfbank.fi/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 07 Aug 2024 18:43:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Referrer-Policy
same-origin
X-Content-Type-Options
nosniff
Last-Modified
Mon, 22 Jul 2024 12:34:34 GMT
Content-Security-Policy
default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
ETag
"029cd8133dcda1:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
Permissions-Policy
camera=(self)
Accept-Ranges
bytes
Content-Length
1150
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://hakemus.tfbank.fi
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Wed, 07 Aug 2024 18:43:17 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: hakemus.tfbank.fi
URL: https://hakemus.tfbank.fi/static/js/main.31afec79.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.238 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
3f2923dfaac52f5abd731ef928dffc7d3a086a28a3b62a62066b1709d66c17b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
Sdk-Context
appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Wed, 07 Aug 2024 18:43:17 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google-analytics.com
URL
https://www.google-analytics.com/analytics.js

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunkapplicationpages_webui string| __reactRouterVersion object| FontAwesomeConfig object| ___FONT_AWESOME___ object| __dynProto$Gbl object| __localeData__ object| regeneratorRuntime object| PageDataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga

4 Cookies

Domain/Path Name / Value
.hakemus.tfbank.fi/ Name: ARRAffinity
Value: e2c634607e44851e81f065fce3b73507fbe50f2156fd569962cb7167b11f16b9
.hakemus.tfbank.fi/ Name: ARRAffinitySameSite
Value: e2c634607e44851e81f065fce3b73507fbe50f2156fd569962cb7167b11f16b9
hakemus.tfbank.fi/ Name: ai_user
Value: MrDb81Q+z5dsB3imqWIe6G|2024-08-07T18:43:16.839Z
hakemus.tfbank.fi/ Name: ai_session
Value: zi1pPcPTPwJeilp/rNTgvf|1723056197157|1723056197157

1 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtm.js?id=GTM-5PHJMBM&l=PageDataLayer&gtm_auth=&gtm_preview=&gtm_cookies_win=x(Line 88)
Message:
Refused to load the script 'https://www.google-analytics.com/analytics.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: *.tfbank.fi; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.googletagmanager.com https://consent.cookiebot.com https://consentcdn.cookiebot.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https:; frame-ancestors 'self'; img-src 'self' data: https://www.googletagmanager.com https://content.ethoca.com; manifest-src 'self'; media-src 'self'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN