urlscan.io logo urlscan.io
SecurityTrails logo

www.bancastato.ch Open in urlscan Pro
217.26.33.87  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bancastato.ch/
Effective URL: https://www.bancastato.ch/
Submission: On October 19 via manual from CH — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 4 domains to perform 46 HTTP transactions. The main IP is 217.26.33.87, located in Switzerland and belongs to BSOURCE-AS, CH. The main domain is www.bancastato.ch.
TLS certificate: Issued by Thawte EV RSA CA 2018 on January 20th 2023. Valid for: a year.
This is the only time www.bancastato.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 27 217.26.33.87 197312 (BSOURCE-AS)
1 7 217.26.33.63 197312 (BSOURCE-AS)
13 104.18.130.236 13335 (CLOUDFLAR...)
1 104.18.32.137 13335 (CLOUDFLAR...)
46 5
Apex Domain
Subdomains		 Transfer
27 bancastato.ch
bancastato.ch
www.bancastato.ch
prd-analytics.bancastato.ch
2 MB
13 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 385
171 KB
7 inlinea.ch
www.inlinea.ch
787 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 655
314 B
46 4
Domain Requested by
23 www.bancastato.ch www.bancastato.ch
13 cdn.cookielaw.org www.bancastato.ch
cdn.cookielaw.org
7 www.inlinea.ch 1 redirects www.bancastato.ch
www.inlinea.ch
3 prd-analytics.bancastato.ch 1 redirects www.bancastato.ch
1 geolocation.onetrust.com cdn.cookielaw.org
1 bancastato.ch 1 redirects
46 6

This site contains links to these domains. Also see Links.

Domain
www.inlinea.ch
www.instagram.com
www.facebook.com
www.onetrust.com
Subject Issuer Validity Valid
www.bancastato.ch
Thawte EV RSA CA 2018		 2023-01-20 -
2024-02-20		 a year crt.sh
www.inlinea.ch
Thawte EV RSA CA 2018		 2023-02-02 -
2024-03-04		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2023-04-01 -
2024-03-31		 a year crt.sh
prd-analytics.bancastato.ch
Thawte RSA CA 2018		 2023-05-15 -
2024-06-14		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-12-13 -
2023-12-13		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.bancastato.ch/
Frame ID: DF6F83A9FBFA544367A85FD8387E78F5
Requests: 46 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Homepage | www.bancastato.chBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. http://bancastato.ch/ HTTP 307
    https://bancastato.ch/ HTTP 301
    https://www.bancastato.ch/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

46
Requests

93 %
HTTPS

0 %
IPv6

4
Domains

6
Subdomains

5
IPs

2
Countries

3362 kB
Transfer

4896 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bancastato.ch/ HTTP 307
    https://bancastato.ch/ HTTP 301
    https://www.bancastato.ch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://www.inlinea.ch/unblu/js-api/v2/visitor/visitor-api.min.js HTTP 302
  • https://www.inlinea.ch/unblu/static/js-api/xmd1697553314569/v2/visitor-js-api.min.js
Request Chain 27
  • https://prd-analytics.bancastato.ch/matomo.php?action_name=Homepage%20%7C%20www.bancastato.ch&idsite=1&rec=1&r=977686&h=11&m=27&s=13&url=https%3A%2F%2Fwww.bancastato.ch%2F&_id=162fc53533f2ead1&_idts=1697707634&_idvc=1&_idn=0&_refts=0&_viewts=1697707634&send_image=1&pdf=1&qt=0&realp=0&wma=0&dir=0&fla=0&java=0&gears=0&ag=0&cookie=1&res=1600x1200&gt_ms=108&pv_id=4yxx3y HTTP 303
  • https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=ZTD2cTKjbUdiECLT7ZrAAAAAAJc

46 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.bancastato.ch/
Redirect Chain
  • http://bancastato.ch/
  • https://bancastato.ch/
  • https://www.bancastato.ch/
89 KB
92 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
4227ca7805dc1f895935aa2b521877ea568381f8595a76cd4099498502aa2774
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
accept-language
de-CH,de;q=0.9

Response headers

Cache-Control
max-age=600, public
Connection
Keep-Alive
Content-Length
90988
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Type
text/html;charset=UTF-8
Date
Thu, 19 Oct 2023 09:27:11 GMT
Expires
Thu, 19 Oct 2023 09:37:11 GMT
Keep-Alive
timeout=10, max=500
Last-Modified
Thu, 19 Oct 2023 08:51:52 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Magnolia-Registration
Registered
X-XSS-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
233
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 19 Oct 2023 09:27:11 GMT
Keep-Alive
timeout=10, max=500
Location
https://www.bancastato.ch
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
all.min~2023-05-12-08-18-54-000~cache.css
www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/ 		580 KB
74 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
b04b960a9b932b6d4f8be46306f98cd99fe3f3853717c7311236aa26084e6438
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:11 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=31536000, public
Keep-Alive
timeout=10, max=499
Expires
Fri, 18 Oct 2024 09:27:11 GMT
style-integration~2023-05-12-08-18-54-000~cache.css
www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/ 		5 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/style-integration~2023-05-12-08-18-54-000~cache.css
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
ef83cb697d53e094cd0240d15be9e29e81557c8d4c9c212f1c2acc4cc2ca1ac8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:11 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=31536000, public
Keep-Alive
timeout=10, max=498
Expires
Fri, 18 Oct 2024 09:27:12 GMT
jquery-3.5.1.min~2023-05-12-08-18-54-000~cache.js
www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/vendor/ 		87 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/vendor/jquery-3.5.1.min~2023-05-12-08-18-54-000~cache.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=31536000, public
Keep-Alive
timeout=10, max=500
Expires
Fri, 18 Oct 2024 09:27:12 GMT
visitor.js
www.inlinea.ch/unblu/ 		2 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inlinea.ch/unblu/visitor.js?x-unblu-apikey=0PB5EOF5RnKfbCrL8wtEgw
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
cda24caaef3445a394c122bb49b072443ad502c0ffa4e257cb20f3d7110df04e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

pragma
no-cache
Date
Thu, 19 Oct 2023 09:27:12 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
Server
Apache
x-unblu-start-time
1697553314569
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
Transfer-Encoding
chunked
cache-control
no-cache, no-store, must-revalidate, max-age=1
Connection
Keep-Alive
Keep-Alive
timeout=10, max=500
X-XSS-Protection
1; mode=block
expires
Wed, 18 Oct 2023 09:27:13 GMT
visitor-js-api.min.js
www.inlinea.ch/unblu/static/js-api/xmd1697553314569/v2/
Redirect Chain
  • https://www.inlinea.ch/unblu/js-api/v2/visitor/visitor-api.min.js
  • https://www.inlinea.ch/unblu/static/js-api/xmd1697553314569/v2/visitor-js-api.min.js
32 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inlinea.ch/unblu/static/js-api/xmd1697553314569/v2/visitor-js-api.min.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Server
217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
3ca390e599307e3d3c40ce26738c025d3363f9956d18918de74b29ae5d33903d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
Connection
Keep-Alive
Content-Length
32916
X-XSS-Protection
1; mode=block
last-modified
Wed, 20 Apr 2022 16:22:50 GMT
Server
Apache
vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
cache-control
max-age=315619200,public
accept-ranges
bytes
Keep-Alive
timeout=10, max=499
expires
Mon, 17 Oct 2033 14:35:25 GMT

Redirect headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
Server
Apache
x-unblu-start-time
1697553314569
X-Frame-Options
SAMEORIGIN
location
https://www.inlinea.ch/unblu/static/js-api/xmd1697553314569/v2/visitor-js-api.min.js
cache-control
max-age=60,public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=500
Content-Length
0
X-XSS-Protection
1; mode=block
expires
Thu, 19 Oct 2023 09:28:13 GMT
polyfill.min.js
www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/polyfill.min.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
9230df14164558edda90752e80110204d9ce145fbea632d969493e54ab333a70
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=3600, public
Keep-Alive
timeout=10, max=500
Expires
Thu, 19 Oct 2023 10:27:12 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/OtAutoBlock.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c335a523f1b43df968c3efa0239d62d63c9df1c1bc99c0b25527ed36a59fb9b1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
32479
content-md5
5tYvKBYjfJsDLEo3+NY3ug==
content-length
1810
x-ms-lease-status
unlocked
last-modified
Mon, 12 Jun 2023 13:26:49 GMT
server
cloudflare
etag
0x8DB6B48AD88C493
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
aed2c557-301e-009d-1e0d-e8cb39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbe00a0101e7-ZRH
expires
Fri, 20 Oct 2023 09:27:12 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2fc7f40fe3b6fca4d842274e5c319024864535325c7484e201b7c53257209809
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
HAfQnQ1aKA6QX2rlLtw0Ew==
age
43176
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6821
x-ms-lease-status
unlocked
last-modified
Wed, 18 Oct 2023 10:39:27 GMT
server
cloudflare
etag
0x8DBCFC680C395A1
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
a3e83979-401e-0073-0dfc-016110000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbe00a0501e7-ZRH
logo-bancastato.svg
www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/logo-bancastato.svg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
7e13c30013899b6784ab280bdb537a991a0d97a7f5da27c1bc5c8d8f300cc586
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml;charset=UTF-8
Cache-Control
max-age=3600, public
Keep-Alive
timeout=10, max=500
Expires
Thu, 19 Oct 2023 10:27:12 GMT
Sicurezza%20informatica1.jpg
www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/home/Sicurezza-informatica1.jpg/jcr:content/ 		537 KB
540 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/home/Sicurezza-informatica1.jpg/jcr:content/Sicurezza%20informatica1.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
db31c0af8d1bd819693112cd226694260be1a7e42d2e81eecea0ef476ddb0b6b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=500
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 09:37:12 GMT
Twint%20-%20Web%20site%201920x704.jpg
www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/home/Twint---Web-site-1920x704.jpg/jcr:content/ 		486 KB
489 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/home/Twint---Web-site-1920x704.jpg/jcr:content/Twint%20-%20Web%20site%201920x704.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
ac4a30ea0ab7631964fa01b3976aa392445ffa48a193e696509d5ffbcd01908e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Thu, 19 Oct 2023 08:52:16 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=499
Content-Length
498163
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 09:37:12 GMT
Web-site-ipoteca%20GREEN.jpg
www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/Immagini/Web-site-ipoteca-GREEN.jpg/jcr:content/ 		259 KB
262 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/.imaging/mte/site-bancastato/1920x704/dam/site-bancastato/Immagini/Web-site-ipoteca-GREEN.jpg/jcr:content/Web-site-ipoteca%20GREEN.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
37f5a473e31c80b745ad45ddd92b416e40f0d06c892ff268a376419ccebda24b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Thu, 19 Oct 2023 08:52:16 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=499
Content-Length
265277
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 09:37:12 GMT
mandato-pubblico-garanziaStato.jpg
www.bancastato.ch/dam/jcr:6661634e-0ccf-4c32-9d3e-8cce6d99acb5/ 		69 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/dam/jcr:6661634e-0ccf-4c32-9d3e-8cce6d99acb5/mandato-pubblico-garanziaStato.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
902274bd47aefaa6d5445e26545afb9beb51be3235ba4328d0c03061a23d9ff8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition
attachment; filename="mandato-pubblico-garanziaStato.jpg"
Connection
Keep-Alive
Content-Length
71164
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Mon, 22 Jul 2019 08:44:32 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Keep-Alive
timeout=10, max=499
Expires
Thu, 19 Oct 2023 09:37:12 GMT
Pagina%20eventi%20635x554-02.jpg
www.bancastato.ch/dam/jcr:3aecbba4-7152-4395-9b39-3efce885577a/ 		144 KB
146 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/dam/jcr:3aecbba4-7152-4395-9b39-3efce885577a/Pagina%20eventi%20635x554-02.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
cc45ca4ae13e6ad389e97d0e27c166830d4670ba81a3e5240caa8df9e24ae102
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition
attachment; filename="Pagina eventi 635x554-02.jpg"
Connection
Keep-Alive
Content-Length
147125
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Tue, 25 Apr 2023 13:54:27 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Keep-Alive
timeout=10, max=497
Expires
Thu, 19 Oct 2023 09:37:12 GMT
TiHome.jpg
www.bancastato.ch/dam/jcr:48260176-d42f-4f32-b1a7-1a1ac7a0e620/ 		76 KB
79 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/dam/jcr:48260176-d42f-4f32-b1a7-1a1ac7a0e620/TiHome.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
22af2cb27167705fe5fb843dc6f737bdae9be8751437754e5145c2d87ba05dd0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition
attachment; filename="TiHome.jpg"
Connection
Keep-Alive
Content-Length
77860
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Mon, 22 Jul 2019 08:44:37 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Keep-Alive
timeout=10, max=500
Expires
Thu, 19 Oct 2023 09:37:12 GMT
logo-bancastato-white.svg
www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/ 		6 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/img/logo-bancastato-white.svg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
0166fcc93e70f0cc0d0e262b6d0bce75d7b0308062206192d6ff502f97401812
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml;charset=UTF-8
Cache-Control
max-age=3600, public
Keep-Alive
timeout=10, max=497
Expires
Thu, 19 Oct 2023 10:27:13 GMT
all.min~2023-05-12-08-18-54-000~cache.js
www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/ 		783 KB
187 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/all.min~2023-05-12-08-18-54-000~cache.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
010407839b3f2b7f7fcf11d28f4f914d09399d2eadc10433f541aac03eb54fff
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=UTF-8
Cache-Control
max-age=31536000, public
Keep-Alive
timeout=10, max=499
Expires
Fri, 18 Oct 2024 09:27:12 GMT
matomo.js
prd-analytics.bancastato.ch/ 		66 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://prd-analytics.bancastato.ch/matomo.js
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
e3c39364dd866add4ea7fdf25aecc692c8d738387f3bab1720012919aab3c835
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Last-Modified
Thu, 21 Mar 2019 07:50:00 GMT
Server
Apache
ETag
"106ad-58495fc36da00"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
67245
X-XSS-Protection
1; mode=block
49cf5428-5c54-406c-8ffe-2673ecccc5b4.json
cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/49cf5428-5c54-406c-8ffe-2673ecccc5b4.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
04735e3fe90a1382d9362c7f79eb98a0e93e759e6401971e45251c45f3915870
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
85537
content-md5
YesJg4Mabx96C2dCJuBNcw==
content-length
1593
x-ms-lease-status
unlocked
last-modified
Mon, 12 Jun 2023 13:26:49 GMT
server
cloudflare
etag
0x8DB6B48AD66E952
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
98c5b374-401e-0111-34ba-a5a9a8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbe40adb3c92-CDG
expires
Fri, 20 Oct 2023 09:27:13 GMT
FuturaBT-Medium.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 		49 KB
51 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/FuturaBT-Medium.woff2
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
7725847545e8e5bfe08e1f41aa34668c3c90e8f7a815310ac036c11d4fecb246
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff2;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=498
Content-Length
50014
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:12 GMT
icomoon.ttf
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 		47 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/icomoon.ttf?37muqp
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
bc4fa26850507441938bd826d4bba168c4a8daa86574424245d1abb1cfe29b62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
application/x-font-ttf;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=498
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:12 GMT
FuturaBT-Bold.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 		50 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/FuturaBT-Bold.woff2
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
6a5b82a4ddd95e8efc2243e4902a29e41e24ab18831249994bc98eb87825e92e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff2;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=496
Content-Length
51680
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:12 GMT
roboto-regular-webfont.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 		19 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/roboto-regular-webfont.woff2
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
785f232e41bcaa1c4abbd2996db9263bd1a4a57fb0388a81ab77171898fb8411
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff2;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=497
Content-Length
19652
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:12 GMT
roboto-bold-webfont.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 		19 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/roboto-bold-webfont.woff2
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
2c4181ff75a8e0b68afda47b2eb4fda8d2aa246863ce80236974f864e0e80a71
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:12 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff2;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=499
Content-Length
19872
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:12 GMT
roboto-medium-webfont.woff2
www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/ 		19 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/fonts/roboto-medium-webfont.woff2
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
180f7a7ef480678bbab7eb56bd1ea1d1f13a48355ba34845792f0f4582ec5a66
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/all.min~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff2;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=498
Content-Length
19716
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:13 GMT
Barra-bilancioSocialeAmbientale.jpg
www.bancastato.ch/dam/jcr:89549bf8-5a61-4e6f-b660-af5ee0e38b77/ 		120 KB
123 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bancastato.ch/dam/jcr:89549bf8-5a61-4e6f-b660-af5ee0e38b77/Barra-bilancioSocialeAmbientale.jpg
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
465b2c629f5df9e676ab35968ddf7fde988646e1b0b0dfa5ae8fb83600946d7b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Disposition
attachment; filename="Barra-bilancioSocialeAmbientale.jpg"
Connection
Keep-Alive
Content-Length
123016
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Last-Modified
Mon, 22 Jul 2019 08:44:50 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg;charset=UTF-8
Cache-Control
max-age=600, public
Keep-Alive
timeout=10, max=497
Expires
Thu, 19 Oct 2023 09:37:13 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		67 B
314 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46ff4557b978211a1f8769eacd629da0ccd1b42f7f4b517bc5440f84580ffe7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.bancastato.ch/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

date
Thu, 19 Oct 2023 09:27:13 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
8187fbe82b9d0208-ZRH
access-control-allow-headers
Content-Type
400.html
prd-analytics.bancastato.ch/error_path/
Redirect Chain
  • https://prd-analytics.bancastato.ch/matomo.php?action_name=Homepage%20%7C%20www.bancastato.ch&idsite=1&rec=1&r=977686&h=11&m=27&s=13&url=https%3A%2F%2Fwww.bancastato.ch%2F&_id=162fc53533f2ead1&_idt...
  • https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=ZTD2cTKjbUdiECLT7ZrAAAAAAJc
0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=ZTD2cTKjbUdiECLT7ZrAAAAAAJc
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/
Protocol
HTTP/1.1
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Redirect headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
Server
Apache
Content-Type
text/html
Location
/error_path/400.html?al_req_id=ZTD2cTKjbUdiECLT7ZrAAAAAAJc
Connection
Keep-Alive
Keep-Alive
timeout=10, max=499
Content-Length
123
Initializer.js
www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/ 		7 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/Initializer.js
Requested by
Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/visitor.js?x-unblu-apikey=0PB5EOF5RnKfbCrL8wtEgw
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
a4873963778e4f551c75d423b30652504b25cafa358b5e8c794183c43898fc6f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
Connection
Keep-Alive
Content-Length
7111
X-XSS-Protection
1; mode=block
last-modified
Wed, 20 Apr 2022 16:21:22 GMT
Server
Apache
vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
cache-control
max-age=315619200,public
accept-ranges
bytes
Keep-Alive
timeout=10, max=498
expires
Mon, 17 Oct 2033 14:35:25 GMT
IPCheckServlet
www.bancastato.ch/ 		135 B
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/IPCheckServlet?skp=t
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/js/vendor/jquery-3.5.1.min~2023-05-12-08-18-54-000~cache.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
41bfd3dc9dc0bf3e84a9635de7d343d9f8ee5968d1bd99437711eaee1f6c6735
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.bancastato.ch/
X-Requested-With
XMLHttpRequest
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
X-Magnolia-Registration
Registered
Server
Apache
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/html;charset=UTF-8
Cache-Control
max-age=600, public
Keep-Alive
timeout=10, max=496
Expires
Thu, 19 Oct 2023 09:37:13 GMT
icomoon.ttf
www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/fonts/ 		1 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/fonts/icomoon.ttf?gvp6vc
Requested by
Host: www.bancastato.ch
URL: https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/style-integration~2023-05-12-08-18-54-000~cache.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.87 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
41a1e46a4b828410cd723914bf68ddfe99e9105837a78236cd0155c64f609ad1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bancastato.ch/.resources/bancastato-templating-light/webresources/css/style-integration~2023-05-12-08-18-54-000~cache.css
Origin
https://www.bancastato.ch
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Last-Modified
Fri, 12 May 2023 08:18:54 GMT
Server
Apache
X-Magnolia-Registration
Registered
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
application/x-font-ttf;charset=UTF-8
Cache-Control
max-age=3600, public
Connection
Keep-Alive
Keep-Alive
timeout=10, max=495
X-XSS-Protection
1; mode=block
Expires
Thu, 19 Oct 2023 10:27:13 GMT
SiteIntegrationLazyMain.cfg
www.inlinea.ch/unblu/config/xmd1697704604672/all/it/null/de-CH/https$www.bancastato.ch/0PB5EOF5RnKfbCrL8wtEgw/null/null/null/ 		14 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inlinea.ch/unblu/config/xmd1697704604672/all/it/null/de-CH/https$www.bancastato.ch/0PB5EOF5RnKfbCrL8wtEgw/null/null/null/SiteIntegrationLazyMain.cfg
Requested by
Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/Initializer.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
62386d8a8273031b38e78554c43a8aed04537629db132c6d1c7bdd51822a4988
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
last-modified
Tue, 17 Oct 2023 14:35:14 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
cache-control
max-age=315619200,private
Connection
Keep-Alive
Keep-Alive
timeout=10, max=497
Content-Length
14838
X-XSS-Protection
1; mode=block
expires
Wed, 19 Oct 2033 09:27:13 GMT
SiteIntegrationLazyMain.js
www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/ 		720 KB
722 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/SiteIntegrationLazyMain.js
Requested by
Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/Initializer.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
b4b37801b95c0da035a6222a14b883cee80b755b9566ba73f773181ab11e6733
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

Date
Thu, 19 Oct 2023 09:27:13 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
Connection
Keep-Alive
Content-Length
737718
X-XSS-Protection
1; mode=block
last-modified
Wed, 20 Apr 2022 16:21:22 GMT
Server
Apache
vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript;charset=utf-8
cache-control
max-age=315619200,public
accept-ranges
bytes
Keep-Alive
timeout=10, max=496
expires
Mon, 17 Oct 2033 14:35:25 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202305.1.0/ 		403 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
fuN6EZWNAh2xn3yE+0HSRQ==
age
41126
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
99428
x-ms-lease-status
unlocked
last-modified
Tue, 11 Jul 2023 02:35:48 GMT
server
cloudflare
etag
0x8DB81B7897E828A
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
144c20d3-601e-002b-3b0c-b4ac5e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbe9b8c001e7-ZRH
it.json
cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/8fe93efa-3bef-4db9-9778-25d301ef2761/ 		31 KB
9 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/49cf5428-5c54-406c-8ffe-2673ecccc5b4/8fe93efa-3bef-4db9-9778-25d301ef2761/it.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc49a2d46c2a0591377c90a8b2488c0be83eaf1370022d34193e167bb3971c49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
5506
content-md5
Wu/bsuurmEVCiYqRJ/CF+w==
content-length
8598
x-ms-lease-status
unlocked
last-modified
Mon, 12 Jun 2023 13:26:51 GMT
server
cloudflare
etag
0x8DB6B48AE74D931
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
ab1830c0-e01e-0018-1bf1-ebe6e4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbea6cd63c92-CDG
expires
Fri, 20 Oct 2023 09:27:14 GMT
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4e0b51db940e096731fbe30fb3b9367be7f56e67005d654ad088512e1811ecd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Pti/u+fQP9FCIyxYOp1+Iw==
age
85538
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2640
x-ms-lease-status
unlocked
last-modified
Tue, 11 Jul 2023 02:35:42 GMT
server
cloudflare
etag
0x8DB81B785C7CC13
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
868fa484-101e-007e-52bf-d2a9c4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbeb3df23c92-CDG
otPcPanel.json
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/v2/ 		63 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/v2/otPcPanel.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00b7928237d68d4ee4ee4d9c48e47ca0295e1d93ad19da367f813595efc7c539
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ur92uSUH27h9n7U5aSbsSw==
age
85538
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12707
x-ms-lease-status
unlocked
last-modified
Tue, 11 Jul 2023 02:35:44 GMT
server
cloudflare
etag
0x8DB81B786B95D38
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
e1820ec4-501e-0032-72c9-d239f4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbeb7e503c92-CDG
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 		5 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCookieSettingsButton.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
6UUu9ITWusP/z8oTYDPzzQ==
age
85538
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1766
x-ms-lease-status
unlocked
last-modified
Tue, 11 Jul 2023 02:35:43 GMT
server
cloudflare
etag
0x8DB81B7865DB57F
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
7b8100f4-301e-009d-74c8-d2cb39000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbeb7e533c92-CDG
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202305.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202305.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
oWkBTLgDDXvrUsd93y/Zxg==
age
85538
x-ms-lease-status
unlocked
last-modified
Tue, 11 Jul 2023 02:35:52 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
dde4b3b3-101e-001c-44e4-e16be3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8187fbeb7e543c92-CDG
ot_close.svg
cdn.cookielaw.org/logos/static/ 		651 B
600 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
pcXWFGpuVeSg/jVnYCseRg==
age
40727
x-ms-lease-status
unlocked
last-modified
Wed, 18 Oct 2023 03:35:32 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
68d4784e-a01e-0044-0190-01b3bc000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8187fbec1bf401e7-ZRH
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
510 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202305.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
85538
x-ms-lease-status
unlocked
last-modified
Wed, 18 Oct 2023 03:35:32 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
69eacd83-301e-0034-63a7-010a4b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8187fbec3f333c92-CDG
logo-bancastato.jpg
cdn.cookielaw.org/logos/19903376-321d-48e4-bb04-fdfea1137229/c2303ba0-e6e3-496d-bacd-dd6544c8ebc5/e16f1d0b-fbff-4a55-aa81-4e75fada0566/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/19903376-321d-48e4-bb04-fdfea1137229/c2303ba0-e6e3-496d-bacd-dd6544c8ebc5/e16f1d0b-fbff-4a55-aa81-4e75fada0566/logo-bancastato.jpg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81dcc945def619ab8a342b22cfb70f5a93d0d417b79370d3431bfc817404b7c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
3hKdS1s6mJfSa1LnziVGww==
age
36271
content-length
29372
x-ms-lease-status
unlocked
cf-bgj
h2pri
last-modified
Wed, 24 May 2023 21:15:33 GMT
server
cloudflare
etag
0x8DB5C9C03105952
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
52b9d966-f01e-00a6-7427-9de0f8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
8187fbec6c6801e7-ZRH
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.130.236 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-CH,de;q=0.9
Referer
https://www.bancastato.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 19 Oct 2023 09:27:14 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
41140
x-ms-lease-status
unlocked
last-modified
Wed, 18 Oct 2023 10:39:32 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
fa82749f-401e-004c-49ed-01a9b3000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
8187fbec9ca901e7-ZRH
update
www.inlinea.ch/unblu/rpc/visitorTracking/ 		286 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.inlinea.ch/unblu/rpc/visitorTracking/update?xvh=x-unblu-client~INITIAL*x-unblu-page~INITIAL*x-unblu-apikey~0PB5EOF5RnKfbCrL8wtEgw*x-unblu-referer~aHR0cHM6Ly93d3cuYmFuY2FzdGF0by5jaC8%253D*x-unblu-locale~it*x-unblu-timezone~Europe%252FZurich*content-type~application%252Funblu-serialized-object
Requested by
Host: www.inlinea.ch
URL: https://www.inlinea.ch/unblu/static/js/wp/xmd1697553314569/SiteIntegrationLazyMain.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.63 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
ef7450f6e81d466d6b59676addde88d8ec6be2ad3e664bd1ce901d9ee5700ee8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/unblu-serialized-object
Referer
https://www.bancastato.ch/
accept-language
de-CH,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.5993.88 Safari/537.36
content-type
text/plain; charset=UTF-8

Response headers

Date
Thu, 19 Oct 2023 09:27:17 GMT
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://afp-release-ipw.webcenter.contovista.com/ https://www.youtube.com/ https://www.bancastato.ch/ https://bancastato.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/ https://afp-release-ipw.webcenter.contovista.com/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
X-Content-Type-Options
nosniff
strict-transport-security
max-age=31536000
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
pragma
no-cache
Server
Apache
x-unblu-start-time
1697553314569
X-Frame-Options
SAMEORIGIN
Content-Type
application/unblu-serialized-object; charset=UTF-8
access-control-allow-origin
https://www.bancastato.ch
access-control-expose-headers
x-unblu-page, x-unblu-client, x-unblu-set-cookie
cache-control
no-cache, no-store, must-revalidate, max-age=1
access-control-allow-credentials
true
Keep-Alive
timeout=10, max=495
expires
Wed, 18 Oct 2023 09:27:17 GMT
update
www.inlinea.ch/unblu/rpc/visitorTracking/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.inlinea.ch
URL
https://www.inlinea.ch/unblu/rpc/visitorTracking/update?xvh=x-unblu-client~INITIAL*x-unblu-page~INITIAL*x-unblu-apikey~0PB5EOF5RnKfbCrL8wtEgw*x-unblu-referer~aHR0cHM6Ly93d3cuYmFuY2FzdGF0by5jaC8%253D*x-unblu-locale~it*x-unblu-timezone~Europe%252FZurich*content-type~application%252Funblu-serialized-object

Verdicts & Comments Add Verdict or Comment

48 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery function| startU object| ctryList object| _paq object| OneTrustStub function| OptanonWrapper object| nsOptions object| nslider function| NinjaSlider object| version function| setMaskAuditorium function| setMaskDateTime function| setMaskDate object| bootstrap function| browserReport function| browserReportSync object| picturefillCFG function| picturefill function| Dropkick object| dropkickjs boolean| jquery_mmenu_all_js function| StickySidebar function| ResizeSensor function| moment function| IMask string| ua number| contentHeight number| footerHeight undefined| cookieAlert object| JSON_PIWIK object| Piwik object| Matomo object| AnalyticsTracker function| piwik_log string| x-unblu-tmp-window-name object| unblu object| _unblu_572F594F_21AA_4D30_8081_40F2793592AF string| _unblu_572F594F_21AA_4D30_8081_40F2793592AF253744e3-1874_4669_b286_e7ecf75aeb5f object| webpackChunkcom_unblu_meta_server_webpack object| Rx string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust

6 Cookies

Domain/Path Name / Value
www.bancastato.ch/ Name: AL_SESS-S
Value: ARsEow!M4DQDgjnkv6v6jJpHh6FxMm5ASsF!wZ1pJFsvfArle5ZKuV!UK2BgKmRb0EWs
prd-analytics.bancastato.ch/ Name: AL_SESS-S
Value: AU4WBPdariN!uUpLNEQHD5iQs3f2Cnlavjq!6QymvGwJa2nuqg2CxQCRcit_Swei691q
www.inlinea.ch/ Name: x-unblu-device
Value: $xc/NbDlQW1ImljNmA2UWNsflg80kd825SCPVyPOBrt0mxno8K_X
www.bancastato.ch/ Name: _pk_id.1.8629
Value: 162fc53533f2ead1.1697707634.1.1697707634.1697707634.
www.bancastato.ch/ Name: _pk_ses.1.8629
Value: 1
.www.bancastato.ch/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Thu+Oct+19+2023+11%3A27%3A14+GMT%2B0200+(Central+European+Summer+Time)&version=202305.1.0&browserGpcFlag=0&isIABGlobal=false&landingPath=https%3A%2F%2Fwww.bancastato.ch%2F&groups=C0003%3A0%2CC0002%3A0%2CC0001%3A1&hosts=H2%3A0%2CH3%3A1%2CH5%3A1&genVendors=

1 Console Messages

Source Level URL
Text
network error URL: https://prd-analytics.bancastato.ch/error_path/400.html?al_req_id=ZTD2cTKjbUdiECLT7ZrAAAAAAJc
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.inlinea.ch inlinea.ch *.google-analytics.com google-analytics.com maps.google.com maps.gstatic.com apis.google.com fonts.googleapis.com fonts.gstatic.com maps.googleapis.com portal.htbridge.com csi.gstic.com ssl.gstic.com cse.gstatic.com *.gstatic.com *.browser-update.org browser-update.org accounts.google.com clients1.google.com www.youtube.com *.bancastato.ch www.google.com cse.google.com developers.google.com www.googleapis.com https://code.jquery.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; connect-src 'self' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com accounts.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org wss://www.inlinea.ch wss://inlinea.ch; img-src 'self' data: *.inlinea.ch inlinea.ch *.htbridge.com *.bancastato.ch apis.google.com csi.gstatic.com accounts.google.com www.google.com *.gstatic.com maps.googleapis.com maps.google.com clients1.google.com maps.googleapis.com developers.google.com www.googleapis.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org ; style-src 'self' 'unsafe-inline' *.inlinea.ch inlinea.ch *.bancastato.ch maps.googleapis.com developers.google.com apis.google.com csi.gstatic.com accounts.google.com www.google.com fonts.google.com fonts.googleapis.com cse.google.com *.cloudfront.net *.onetrust.com cdn.cookielaw.org; frame-ancestors 'self' ; frame-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com cse.google.com www.kantonalbank.ch www.newhome.ch *.bancastato.ch https://www.google.com *.cloudfront.net ; child-src 'self' *.inlinea.ch inlinea.ch apis.google.com maps.googleapis.com developers.google.com *.youtube.com accounts.google.com clients1.google.com www.kantonalbank.ch *.bancastato.ch *.cloudfront.net ; font-src 'self' data: *.inlinea.ch inlinea.ch fonts.googleapis.com fonts.google.com fonts.gstatic.com *.bancastato.ch *.cloudfront.net
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bancastato.ch
cdn.cookielaw.org
geolocation.onetrust.com
prd-analytics.bancastato.ch
www.bancastato.ch
www.inlinea.ch
www.inlinea.ch
104.18.130.236
104.18.32.137
217.26.33.63
217.26.33.87
00b7928237d68d4ee4ee4d9c48e47ca0295e1d93ad19da367f813595efc7c539
010407839b3f2b7f7fcf11d28f4f914d09399d2eadc10433f541aac03eb54fff
0166fcc93e70f0cc0d0e262b6d0bce75d7b0308062206192d6ff502f97401812
04735e3fe90a1382d9362c7f79eb98a0e93e759e6401971e45251c45f3915870
180f7a7ef480678bbab7eb56bd1ea1d1f13a48355ba34845792f0f4582ec5a66
22af2cb27167705fe5fb843dc6f737bdae9be8751437754e5145c2d87ba05dd0
2c4181ff75a8e0b68afda47b2eb4fda8d2aa246863ce80236974f864e0e80a71
2fc7f40fe3b6fca4d842274e5c319024864535325c7484e201b7c53257209809
37f5a473e31c80b745ad45ddd92b416e40f0d06c892ff268a376419ccebda24b
3ca390e599307e3d3c40ce26738c025d3363f9956d18918de74b29ae5d33903d
41a1e46a4b828410cd723914bf68ddfe99e9105837a78236cd0155c64f609ad1
41bfd3dc9dc0bf3e84a9635de7d343d9f8ee5968d1bd99437711eaee1f6c6735
4227ca7805dc1f895935aa2b521877ea568381f8595a76cd4099498502aa2774
465b2c629f5df9e676ab35968ddf7fde988646e1b0b0dfa5ae8fb83600946d7b
46ff4557b978211a1f8769eacd629da0ccd1b42f7f4b517bc5440f84580ffe7d
509f2e49500fbaeb5d7e1959071f2922b693d0135080e2871e124ec8bdd08bb2
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62386d8a8273031b38e78554c43a8aed04537629db132c6d1c7bdd51822a4988
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6a5b82a4ddd95e8efc2243e4902a29e41e24ab18831249994bc98eb87825e92e
7725847545e8e5bfe08e1f41aa34668c3c90e8f7a815310ac036c11d4fecb246
785f232e41bcaa1c4abbd2996db9263bd1a4a57fb0388a81ab77171898fb8411
7e13c30013899b6784ab280bdb537a991a0d97a7f5da27c1bc5c8d8f300cc586
81dcc945def619ab8a342b22cfb70f5a93d0d417b79370d3431bfc817404b7c6
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
902274bd47aefaa6d5445e26545afb9beb51be3235ba4328d0c03061a23d9ff8
9230df14164558edda90752e80110204d9ce145fbea632d969493e54ab333a70
9a2723c21fb1b7dff0e2aa5dc6be24a9670220a17ae21f70fdbc602d1f8acd38
a4873963778e4f551c75d423b30652504b25cafa358b5e8c794183c43898fc6f
ac4a30ea0ab7631964fa01b3976aa392445ffa48a193e696509d5ffbcd01908e
b04b960a9b932b6d4f8be46306f98cd99fe3f3853717c7311236aa26084e6438
b4b37801b95c0da035a6222a14b883cee80b755b9566ba73f773181ab11e6733
bc4fa26850507441938bd826d4bba168c4a8daa86574424245d1abb1cfe29b62
c335a523f1b43df968c3efa0239d62d63c9df1c1bc99c0b25527ed36a59fb9b1
cc45ca4ae13e6ad389e97d0e27c166830d4670ba81a3e5240caa8df9e24ae102
cc49a2d46c2a0591377c90a8b2488c0be83eaf1370022d34193e167bb3971c49
cda24caaef3445a394c122bb49b072443ad502c0ffa4e257cb20f3d7110df04e
d0c233d327541d2961f1cde9e53a6166279655f4d4041c1bc458ac1701827719
d4e0b51db940e096731fbe30fb3b9367be7f56e67005d654ad088512e1811ecd
db31c0af8d1bd819693112cd226694260be1a7e42d2e81eecea0ef476ddb0b6b
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3c39364dd866add4ea7fdf25aecc692c8d738387f3bab1720012919aab3c835
ed3a69e3267f056582ed012f7252319adb227fed203a4781eb820ea732aa4594
ef7450f6e81d466d6b59676addde88d8ec6be2ad3e664bd1ce901d9ee5700ee8
ef83cb697d53e094cd0240d15be9e29e81557c8d4c9c212f1c2acc4cc2ca1ac8