urlscan.io logo urlscan.io
SecurityTrails logo

origin-www.hsbc.ca Open in urlscan Pro
161.113.4.9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://origin-www.hsbc.ca/
Effective URL: https://origin-www.hsbc.ca/
Submission Tags: falconsandbox
Submission: On August 14 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 21 IPs in 2 countries across 19 domains to perform 98 HTTP transactions. The main IP is 161.113.4.9, located in United States and belongs to HSBC-COM, US. The main domain is origin-www.hsbc.ca.
TLS certificate: Issued by DigiCert EV RSA CA G2 on August 14th 2024. Valid for: a year.
This is the only time origin-www.hsbc.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
24 161.113.4.9 26381 (HSBC-COM)
17 18.164.116.77 16509 (AMAZON-02)
1 104.18.66.57 13335 (CLOUDFLAR...)
1 23.203.191.157 16625 (AKAMAI-AS)
1 104.18.65.57 13335 (CLOUDFLAR...)
2 2 142.251.35.162 15169 (GOOGLE)
4 3.210.152.86 14618 (AMAZON-AES)
3 13.107.21.237 8068 (MICROSOFT...)
4 142.251.40.232 15169 (GOOGLE)
1 208.89.12.153 11054 (LIVEPERSON)
2 31.13.71.7 32934 (FACEBOOK)
3 18.238.80.125 16509 (AMAZON-02)
1 13.107.42.14 8068 (MICROSOFT...)
2 34.224.190.83 14618 (AMAZON-AES)
8 142.251.40.226 15169 (GOOGLE)
2 31.13.71.36 32934 (FACEBOOK)
1 34.49.241.189 396982 (GOOGLE-CL...)
8 142.251.41.4 15169 (GOOGLE)
8 142.251.40.195 15169 (GOOGLE)
1 18.238.80.99 16509 (AMAZON-02)
1 34.213.18.244 16509 (AMAZON-02)
98 21
24    161.113.4.9 (United States)

ASN26381 (HSBC-COM, US)
origin-www.hsbc.ca
17    18.164.116.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-77.jfk50.r.cloudfront.net
tags.tiqcdn.com
1    104.18.66.57 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.optimizely.com
1    23.203.191.157 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-203-191-157.deploy.static.akamaitechnologies.com
akamai.tiqcdn.com
1    104.18.65.57 (None, )

ASN13335 (CLOUDFLARENET, US)
a19069622224.cdn.optimizely.com
2    142.251.35.162 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net
cm.g.doubleclick.net
4    3.210.152.86 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-210-152-86.compute-1.amazonaws.com
datacloud.tealiumiq.com
collect-us-east-1.tealiumiq.com
uconnect.tealiumiq.com
3    13.107.21.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
4    142.251.40.232 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f8.1e100.net
www.googletagmanager.com
1    208.89.12.153 (United States)

ASN11054 (LIVEPERSON, US)
PTR: lptag.liveperson.net
lptag.liveperson.net
2    31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net
connect.facebook.net
3    18.238.80.125 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-125.jfk52.r.cloudfront.net
csp.prod.na.dynp.cloud1.vv1865.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dc.ads.linkedin.com
2    34.224.190.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-190-83.compute-1.amazonaws.com
visitor-service-us-east-1.tealiumiq.com
8    142.251.40.226 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net
googleads.g.doubleclick.net
2    31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com
www.facebook.com
1    34.49.241.189 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 189.241.49.34.bc.googleusercontent.com
logx.optimizely.com
8    142.251.41.4 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f4.1e100.net
www.google.com
8    142.251.40.195 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s38-in-f3.1e100.net
www.google.ca
1    18.238.80.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-238-80-99.jfk52.r.cloudfront.net
cdn.appdynamics.com
1    34.213.18.244 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-213-18-244.us-west-2.compute.amazonaws.com
col.eum-appdynamics.com
Apex Domain
Subdomains		 Transfer
24 hsbc.ca
origin-www.hsbc.ca
mcm-prod.hsbc.ca Failed
488 KB
18 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1751
akamai.tiqcdn.com — Cisco Umbrella Rank: 27980
109 KB
10 doubleclick.net
cm.g.doubleclick.net — Cisco Umbrella Rank: 363
googleads.g.doubleclick.net — Cisco Umbrella Rank: 77
13 KB
8 google.ca
www.google.ca — Cisco Umbrella Rank: 9677
512 B
8 google.com
www.google.com — Cisco Umbrella Rank: 10
512 B
6 tealiumiq.com
datacloud.tealiumiq.com — Cisco Umbrella Rank: 11088
collect-us-east-1.tealiumiq.com — Cisco Umbrella Rank: 56280
uconnect.tealiumiq.com — Cisco Umbrella Rank: 59334
visitor-service-us-east-1.tealiumiq.com — Cisco Umbrella Rank: 13148
5 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
253 KB
3 vv1865.com
csp.prod.na.dynp.cloud1.vv1865.com — Cisco Umbrella Rank: 233531
1 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
16 KB
3 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 1042
a19069622224.cdn.optimizely.com — Cisco Umbrella Rank: 156806
logx.optimizely.com — Cisco Umbrella Rank: 2460
87 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
4 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
75 KB
1 eum-appdynamics.com
col.eum-appdynamics.com — Cisco Umbrella Rank: 4609
797 B
1 appdynamics.com
cdn.appdynamics.com — Cisco Umbrella Rank: 6959
15 KB
1 linkedin.com
dc.ads.linkedin.com — Cisco Umbrella Rank: 14233
835 B
1 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 6305
10 KB
0 clarity.ms Failed
www.clarity.ms Failed
0 yahoo.com Failed
ups.analytics.yahoo.com Failed
0 amazon-adsystem.com Failed
s.amazon-adsystem.com Failed
98 19
Domain Requested by
24 origin-www.hsbc.ca origin-www.hsbc.ca
17 tags.tiqcdn.com origin-www.hsbc.ca
tags.tiqcdn.com
8 www.google.ca origin-www.hsbc.ca
8 www.google.com origin-www.hsbc.ca
8 googleads.g.doubleclick.net www.googletagmanager.com
4 www.googletagmanager.com tags.tiqcdn.com
www.googletagmanager.com
3 csp.prod.na.dynp.cloud1.vv1865.com tags.tiqcdn.com
bat.bing.com
3 bat.bing.com tags.tiqcdn.com
bat.bing.com
origin-www.hsbc.ca
2 www.facebook.com origin-www.hsbc.ca
2 visitor-service-us-east-1.tealiumiq.com tags.tiqcdn.com
2 collect-us-east-1.tealiumiq.com origin-www.hsbc.ca
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
2 cm.g.doubleclick.net 2 redirects
1 col.eum-appdynamics.com origin-www.hsbc.ca
1 cdn.appdynamics.com origin-www.hsbc.ca
1 logx.optimizely.com origin-www.hsbc.ca
1 uconnect.tealiumiq.com origin-www.hsbc.ca
1 dc.ads.linkedin.com origin-www.hsbc.ca
1 lptag.liveperson.net tags.tiqcdn.com
1 datacloud.tealiumiq.com origin-www.hsbc.ca
1 a19069622224.cdn.optimizely.com cdn.optimizely.com
1 akamai.tiqcdn.com origin-www.hsbc.ca
1 cdn.optimizely.com tags.tiqcdn.com
0 www.clarity.ms Failed bat.bing.com
0 ups.analytics.yahoo.com Failed tags.tiqcdn.com
0 s.amazon-adsystem.com Failed tags.tiqcdn.com
0 mcm-prod.hsbc.ca Failed origin-www.hsbc.ca
tags.tiqcdn.com
98 27
Subject Issuer Validity Valid
www.hsbc.ca
DigiCert EV RSA CA G2		 2024-08-14 -
2025-09-14		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh
cdn.optimizely.com
WE1		 2024-06-25 -
2024-09-23		 3 months crt.sh
*.tiqcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-16 -
2024-11-16		 a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-19 -
2024-12-16		 6 months crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2023-11-28 -
2024-11-27		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-05-24 -
2024-08-22		 3 months crt.sh
*.tealiumiq.com
Amazon RSA 2048 M03		 2024-06-25 -
2025-07-23		 a year crt.sh
csp.prod.na.dynp.cloud1.vv1865.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-11 -
2024-10-11		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-07-01 -
2025-01-01		 6 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
logx.optimizely.com
WR3		 2024-07-20 -
2024-10-18		 3 months crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.ca
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-20 -
2025-07-21		 a year crt.sh
*.eum-appdynamics.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-06-13 -
2025-07-14		 a year crt.sh

This page contains 2 frames:

Primary Page: https://origin-www.hsbc.ca/
Frame ID: AEFCAE6FC35FC73A3B812D99A4B45FDD
Requests: 97 HTTP requests in this frame

Frame: https://a19069622224.cdn.optimizely.com/client_storage/a19069622224.html
Frame ID: B50C2C4278C2763AA73A8C5E80AE3CDA
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404

Page URL History Show full URLs

  1. http://origin-www.hsbc.ca/ HTTP 307
    https://origin-www.hsbc.ca/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
Overall confidence: 100%
Detected patterns
  • adrum
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

98
Requests

94 %
HTTPS

0 %
IPv6

19
Domains

27
Subdomains

21
IPs

2
Countries

1077 kB
Transfer

3973 kB
Size

20
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://origin-www.hsbc.ca/ HTTP 307
    https://origin-www.hsbc.ca/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41
  • https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ca HTTP 302
  • https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm=&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ca&google_tc= HTTP 302
  • https://datacloud.tealiumiq.com/vdata/i.gif?tealium_cookie_sync=true&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ca&google_gid=CAESEO1WC-lJ_WJA_yFV1sXEpa0&google_cver=1

98 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
origin-www.hsbc.ca/
Redirect Chain
  • http://origin-www.hsbc.ca/
  • https://origin-www.hsbc.ca/
144 KB
19 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
b82f20aa5cacd9d51495f38c9e35f5002b5a6f8666f0ea38d2271634425d36e3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control
no-cache, no-store, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
15844
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Content-Type
text/html; charset=UTF-8
Cross-Origin-Opener-Policy
same-origin-allow-popups
Cross-Origin-Resource-Policy
same-site
Date
Wed, 14 Aug 2024 19:22:29 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=100
Referrer-Policy
strict-origin-when-cross-origin
S
usvhs-prod-aempub
Strict-Transport-Security
max-age=16070400; includeSubDomains
Vary
Accept-Language,Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://origin-www.hsbc.ca/
Non-Authoritative-Reason
HttpsUpgrades
clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
origin-www.hsbc.ca/etc/designs/dpws/ 		841 KB
95 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
feb3f9cac5fcc2eeb779d1950911af1960152892aab8f9d939ab056b3cd00d11
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:37 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
max-age=31536000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=99
utag.sync.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.sync.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1d72d764b2852343f701bedc8406f285f88011d5c02712b3af3d65bbb5df53d7

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
mzZdNgIdK0RWyP1smgO0I0Q2GrTXsvBK
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:30 GMT
last-modified
Mon, 05 Feb 2024 08:06:28 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"516059cb73654cadc1d1b9b7ebe1100d"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
vKpJ9eguWKBosWB4_nL_iECRr2ARFdqaQ7eWKkXsMSkL5ixnnBptpw==
clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
origin-www.hsbc.ca/etc/designs/hsbc/appd/ 		37 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
11811
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:37 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=100
HSBC_MASTERBRAND_LOGO_RGB.svg
origin-www.hsbc.ca/content/dam/hsbc/ca/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.hsbc.ca/content/dam/hsbc/ca/images/HSBC_MASTERBRAND_LOGO_RGB.svg
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
fc306ad03e79f14ca1a1a484d4e790b839ac0661246015e05c9ae575ec1b09f7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
1342
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:37 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=2592000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=100
clientlib-jquery.5ea5c4f95742f26a1d6b25eb830feb0c.js
origin-www.hsbc.ca/etc/designs/dpws/ 		111 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-jquery.5ea5c4f95742f26a1d6b25eb830feb0c.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
d5c2c8d7956e2af9082fe02f239bd97c426f12e7a867d1b4f1a405c124d26cea
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
37902
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=100
v2_2_0.min.25e7676b14f56aa25050f77c6b594232.js
origin-www.hsbc.ca/etc/designs/hsbc/cpi/clientlib-site/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/hsbc/cpi/clientlib-site/v2_2_0.min.25e7676b14f56aa25050f77c6b594232.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
912f4c51a8c69eb08640d401656cb0ee974d0feb6f69a05635326843530ca06f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
5504
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=99
v2_2_0.min.d391cf12edbe9cb0aa6a5cd650eb0567.js
origin-www.hsbc.ca/etc/designs/hsbc/cpi-masthead/clientlib-site/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/hsbc/cpi-masthead/clientlib-site/v2_2_0.min.d391cf12edbe9cb0aa6a5cd650eb0567.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
2cea73b7c9b18c93be931fbf1fd5c6bf1c44a0d0e34c343446162725983a1939
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
3090
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=99
clientlib-all.min.4ff177d1192d2c0e820812e6c5d465d0.js
origin-www.hsbc.ca/etc/designs/dpws/ 		575 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-all.min.4ff177d1192d2c0e820812e6c5d465d0.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
2a9274dbcef2991a080c50f69684d551253d53db329fd33ee73e2ef284c54dc7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=31536000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=98
20352170760.js
cdn.optimizely.com/js/ 		277 KB
86 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/20352170760.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.sync.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.66.57 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3456bafda6c03991f9c0d3eaf0bc02fb6e2ee5d4712dcba1ea6d06907bbb8ba5

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
date
Wed, 14 Aug 2024 19:22:29 GMT
content-encoding
gzip
x-amz-version-id
6hr7KTzYibMRfrcw5soEOTr4BKX_gQ1e
cf-cache-status
HIT
x-amz-request-id
EFDFE1TXW5TGS2N8
age
83
x-amz-server-side-encryption
AES256
x-amz-meta-revision
9271
x-amz-replication-status
COMPLETED
content-length
87586
x-amz-id-2
OQ53v+SEjtCCeM+AzMyX4oF8QYvl1YqFHPeU9HKV5q/wr/cnwY4LjuTUoRGs0NKtUhfJX9DrduA=
last-modified
Mon, 03 Jun 2024 15:40:45 GMT
server
cloudflare
etag
"cc810438b66630f92813b04b83006d33"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=120
access-control-allow-credentials
false
access-control-max-age
86400
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
cf-ray
8b33505f8b86aabc-YYZ
utag.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		207 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b413ec403b694fbf9bba2f6d752e79c5eb5903d8d859e4554d2e97b0edf9322f

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Pskactix81WYjJtGoJbdGffJ5zLSrZzI
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:30 GMT
last-modified
Mon, 05 Feb 2024 08:06:27 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"5c188ac6a3aebb3c7f08e19d9a13a3ed"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
nUYIrg1-rbO0bsZuUWMZY-eyDIKC7zF2lYhqkAdGhbAw9A6-lDrNfg==
facebook.svg
origin-www.hsbc.ca/etc/designs/dpws/common/social/ 		950 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/social/facebook.svg
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
6a74e4deb1779d184febfd8928a08419349330126c8c2ef38e17a969b4b045a2
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
598
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=98
instagram.svg
origin-www.hsbc.ca/etc/designs/dpws/common/social/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/social/instagram.svg
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
0abc9717f4250aa9467dda0119ba43ce98c6ee0aa80e868887ca738f4db34cff
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
984
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=98
twitter.svg
origin-www.hsbc.ca/etc/designs/dpws/common/social/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/social/twitter.svg
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
b73caafe07e92a96b5b2c822556d843550d04d1b0ec4086e26219e7ea527402f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
708
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=97
youtube.svg
origin-www.hsbc.ca/etc/designs/dpws/common/social/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/social/youtube.svg
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
4d0abfba4322983df5aa4a6f24eac4cb4289bed8739f7ea55e61c20bbf6d7cda
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
646
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=99
UniversNextforHSBCW02-Rg.woff
origin-www.hsbc.ca/etc/designs/dpws/common/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Rg.woff
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Origin
https://origin-www.hsbc.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
27464
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=98
UniversNextforHSBCW02-Bd.woff
origin-www.hsbc.ca/etc/designs/dpws/common/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Bd.woff
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Origin
https://origin-www.hsbc.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
26328
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=96
HSBCIcon-Font-Extension.woff
origin-www.hsbc.ca/etc/designs/dpws/common/fonts/ 		37 KB
38 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/fonts/HSBCIcon-Font-Extension.woff?ee39a20e77cff3aec879befe2cd1d29d
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Origin
https://origin-www.hsbc.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
38384
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=97
UniversNextforHSBCW02-Lt.woff
origin-www.hsbc.ca/etc/designs/dpws/common/fonts/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/fonts/UniversNextforHSBCW02-Lt.woff
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Origin
https://origin-www.hsbc.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
26300
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:38 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=97
/
origin-www.hsbc.ca/configuration/modals/covid19-update-investdirect.modal/ 		4 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/configuration/modals/covid19-update-investdirect.modal/
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
77db87c63a9bbcbc81a206c803c2073685fe7afcf0c74c8c4d9bddd80af6c019
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.hsbc.ca/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
1321
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=96
/
origin-www.hsbc.ca/configuration/modals/series-d-bump.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/configuration/modals/series-d-bump.modal/
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
5a06addf661a92a09b94be6834af6e0fdce6b4095cedfaaa2cd614cbe3bfef64
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.hsbc.ca/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
949
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=96
/
origin-www.hsbc.ca/configuration/modals/existing-customer.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/configuration/modals/existing-customer.modal/
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
8222cdc54a6ead3316ea87fe238faccbb74dd971e66937b9eadd62bf40c97468
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.hsbc.ca/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
854
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=95
/
origin-www.hsbc.ca/configuration/modals/new-customer.modal/ 		2 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/configuration/modals/new-customer.modal/
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
fb54a8bd19a1d60e604faf4274500080bb43dfb8b2355a6550c074890ba280df
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.hsbc.ca/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:29 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
689
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=97
/
origin-www.hsbc.ca/configuration/modals/already-a-customer.modal/ 		1 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/configuration/modals/already-a-customer.modal/
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
d60f6f6072bf696af1a7769fb0b1d73b3466a6ff7afeede309048e946750f0ea
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.hsbc.ca/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:30 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
498
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=utf-8
Cache-Control
no-cache, no-store, must-revalidate
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=95
authorize.auth.json
origin-www.hsbc.ca/ 		20 B
562 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/authorize.auth.json?q&_=1723663349632
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Referer
https://origin-www.hsbc.ca/
X-Requested-With
XMLHttpRequest
ADRUM
isAjax:true
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
json

Response headers

Date
Wed, 14 Aug 2024 19:22:30 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
X-Content-Type-Options
nosniff
Last-Modified
Fri, 09 Aug 2024 04:48:07 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Cookie
Content-Type
application/json
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=94
Content-Length
20
X-XSS-Protection
1; mode=block
HSBCIcon-Font.woff
origin-www.hsbc.ca/etc/designs/dpws/common/fonts/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/fonts/HSBCIcon-Font.woff?ee39a20e77cff3aec879befe2cd1d29d
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/etc/designs/dpws/clientlib-default.min.df3cb45eb2509074c327bb855ab8b636.css
Origin
https://origin-www.hsbc.ca
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:30 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
22532
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:39 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Content-Type
application/font-woff
Access-Control-Allow-Origin
*
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=96
location.js
akamai.tiqcdn.com/location/ 		18 B
791 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://akamai.tiqcdn.com/location/location.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.203.191.157 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-203-191-157.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:30 GMT
Last-Modified
Mon, 30 Apr 2018 23:09:19 GMT
Server
AkamaiNetStorage
ETag
"6c98be5fda77913799e8ef24b86a7abd:1525129759"
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-EdgeScape-Location
Cache-Control
max-age=1296000
X-EdgeScape-Location
country_code=CA,region_code=ON,city=TORONTO,areacode=0,zip=M3H+M3M+M4B+M4C+M4E+M4G+M4H+M4J+M4K+M4L+M4M+M4N+M4P+M4R+M4S+M4T+M4V+M4W+M4X+M4Y+M5A+M5B+M5C+M5E+M5G+M5H+M5J+M5K+M5L+M5M+M5N+M5P+M5R+M5S+M5T+M5V+M5W+M5X+M6A+M6B+M6C+M6E+M6G+M6H+M6J+M6K+M6L+M6M+M6N+M6P+M6R+M6S+M7A+M7Y+M9M+M9N+M9P+M9W,bandwidth=5000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18
Expires
Thu, 29 Aug 2024 19:22:30 GMT
a19069622224.html
a19069622224.cdn.optimizely.com/client_storage/ Frame B50C 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://a19069622224.cdn.optimizely.com/client_storage/a19069622224.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/20352170760.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.65.57 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
https://origin-www.hsbc.ca/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age
344
cache-control
max-age=120
cf-cache-status
HIT
cf-ray
8b335063cba2a1fc-YYZ
content-encoding
br
content-type
text/html; charset=utf-8
date
Wed, 14 Aug 2024 19:22:30 GMT
last-modified
Wed, 14 Aug 2024 19:15:06 GMT
server
cloudflare
vary
Accept-Encoding
x-amz-id-2
fbioTt+ptV5FtGQvcfqSPZDMEnCkod62Zeh+RjDnj5IImJTXwKhQecmRyHEgGEKK1vqowQ1WaHA=
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
1AA2JVHMP14EQMRG
x-amz-server-side-encryption
AES256
x-amz-version-id
gcczOG1.jjwUWvsCZqGSFKM53dlqdOII
utag.326.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.326.js?utv=ut4.47.202310120701
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e5540cbdd9a1380330cb93dbe3cca856c5e316cd979e696f11cd740091053eeb

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
9iSeCfoNM5aSJ9qnmSCCWh4_L2TgDyvQ
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:16 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"6a3f3a85aa437143e0e7e409215ec368"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
7YXs0HATVnG7ttHSY8cCL2SbXARv4jIZ5Wz84N10BV2Z7ZEg4M0Mlg==
utag.325.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		43 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.325.js?utv=ut4.47.202310120701
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2024d7153c7811ba35089d2f764488bd7cdf680d5b88717b311922b9a55a4efd

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
88H7OUT9BYQp1bETOKI7PS_UXXrudkdo
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:22 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"8ffe9f15a5ac62e421946f4c145976cd"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
DJwK1U_iGsTkRFlS8lJYvI3MczPo1WmmJLWcptWg2TAipVjjg-pmXA==
utag.271.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.271.js?utv=ut4.47.202103180947
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
11ac6bc0d29c58029bc8d38fd17693735d56dccf42493b3b71c1ebfc19ffcb37

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
SXRzIOKxtTX0AlUQPVbAsWMMC4sFjCqI
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:16 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"5f444c647a96507f3939c91f6a070c18"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
lmVWiC8rdvUxUrmS7MoWDisyMb5_lsJiIFMVKbNcu1RDjpeD0obeqQ==
utag.402.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.402.js?utv=ut4.47.202401221728
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
482203c6e2116155c2cc0d4d1a267504d205efa5081ea07c35044723c41cf494

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
72S7i4Xzag.ZwdWdQy.JzrwBhCTBCPf.
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:18 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"e54790cab3840846987f73a65ba8ba8a"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
nHuNLkbBA3SJytrbdf0VUYDl6N09Vp5VSqgvcty0R55IiEcdm_FDPA==
utag.489.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.489.js?utv=ut4.47.202104052108
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1460b3244682b02794088e57813f0830bf8da6fe58237f96a1413d379f96853c

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:31 GMT
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
x-amz-version-id
J23AP1fuKNAD47D3mHwufsWMvQL8dhtN
last-modified
Mon, 05 Feb 2024 08:06:17 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"0eba615334b628c9a66ec3829411a43d"
vary
accept-encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
CULIf0kE0EJEa9JBZcQde02oD2V34gY1og2V9YKFN5s-Upj1mFjSKQ==
utag.528.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.528.js?utv=ut4.47.202206300839
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
78fd5b7474c26eb1b271c10ab2dea029b0f173b304710cb274ea2fde7287d6ba

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
sy0_0ccpS2KOD4wC399HtDo8mrszWuiA
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:15 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"7a71d82a996ce56f7821e03dcd26a22a"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
pS8jN51pqVAH7d5XeqdtWI91FIdHMc0aSaxh2xDq9cfY4iG0xycIHA==
utag.535.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.535.js?utv=ut4.47.202201190910
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0646b95523ca05161036bfaf841f18bae164d1ab76ec04f51220018c4f5c52e3

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
CknIuHU9XehsjpzqFfYtoKv.IWnG7Tf2
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:17 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"e4ba3479aabe4785a180da01dfdb1188"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
lgFQmBPOBbUnmrZwIp1NIdsUslIKQc2FWFe640KwMAcrN1XfpCOSFA==
utag.588.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.588.js?utv=ut4.47.202210030813
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2903cee3254dae324fc022f6d6926c152d0bef1dfd4ec3fcd1b943cd98320f3f

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
3CO8Ib6cSIuphR8pIiB0uwIWnou5_wEv
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:15 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"25c4ba0730a4f334d1ef176ebc81552f"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
jUZ0hLlV_5umSuxvaAimtlFLKXVNAjF0MwcNsuFmbeV8AUT6F9xznw==
utag.599.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.599.js?utv=ut4.47.202206020307
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
74252e1368ab3ec109aa30633e2c90c26758b9db912b1cf8bc6a1188eab2b669

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
OzkgQ1a8ZczaYI6EZWV54o.oxzfFRVod
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:24 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"4f38647713ee1a57b691a74e1d20abe3"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
ZgNW7kiSuBJ5W5MkbsfF6pyeZ0ftkv3xyVD0oc7ZkOCYLydCcqBzxA==
utag.630.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		47 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.630.js?utv=ut4.47.202310250301
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cb44a2c5a3b4464ccfe615484e8e568f571004a46c1bb51751f57e1ff181f5a6

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
zA8FCENXwOZKUjkEJl10yqbenhs4bfIX
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:21 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"d255aa4a0c84aa8c90e2db75c9935be6"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
BuN5_s1bAtWIfkwP5eOqZVTegIdJPkyfO0OqTejwyyfUsWDvyoIO7Q==
utag.631.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.631.js?utv=ut4.47.202210130830
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
16c78b78bc6f95090cfa2559f469b18255f17341983a2cf091583b80ab70a57b

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
tJDw8hrOvsgKbza64I5MT3n1YcTBCSH3
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:26 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"d5bfbfdf70eec43334a06a1bdbd47bfe"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
M8TycYq4n6AUiUaq2SUSGAuGk00dEV92JSZ3VVDVke3ZauniXmJvfw==
utag.643.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.643.js?utv=ut4.47.202312290603
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca0fc4a18999ca98a691b7a2cec997de8f915f535df733692cc709ac60ff4ae3

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
yU.rOUdFnl89oIbpTx9rQ_1tLSva5kXc
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:16 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"f695916945d408e1ccd6caaf922debbc"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
bmgbk6FwTy3-LG3jPu-yDQ94jbxIl42WeCUeFwd9wZv7WhEAqTK66g==
utag.645.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.645.js?utv=ut4.47.202211221028
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8a7448ca0b251a514e5e77eaf0824a7a5f953982663a7bfa861acc822dd36610

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
mD55kqV2nb5..rE9FTeuCvv8cJSi_39H
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:21 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"c95358d4e25874312375c7671f55af00"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
uuulhelyX3DECp2U5Z89dts7Fa1k_oFuBel_1R9fKACuOV0wH3bkTQ==
utag.665.js
tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.665.js?utv=ut4.47.202305230711
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c44294f7637ef1506194ef0e35f7b8fe260005a5151c1fa291fe60fa54038f7d

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
hfdoKMdFuGkTpNefBPHgvaU3qVg47Fy2
content-encoding
br
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
date
Wed, 14 Aug 2024 19:22:31 GMT
last-modified
Mon, 05 Feb 2024 08:06:26 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P6
x-amz-server-side-encryption
AES256
etag
W/"3bcab3fe77be707edb2b02a5ec08e054"
vary
accept-encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
rjYSsF4V8J4f8XTQYnKBWtp9ZIufTgQm9PxJd-okFBCeU_GV5O5NBw==
i.gif
datacloud.tealiumiq.com/vdata/
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-strea...
  • https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm=&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stre...
  • https://datacloud.tealiumiq.com/vdata/i.gif?tealium_cookie_sync=true&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ca&google_gid=CAESEO1W...
43 B
999 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://datacloud.tealiumiq.com/vdata/i.gif?tealium_cookie_sync=true&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ca&google_gid=CAESEO1WC-lJ_WJA_yFV1sXEpa0&google_cver=1
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Server
3.210.152.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-152-86.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:30 GMT
x-serverid
uconnect_i-015e7921fb393b06d
x-tid
01915257792300469dc026ab1cf005065001b05d00b08
x-did
01915257792300469dc026ab1cf005065001b05d00b08
vary
Origin
content-type
image/gif
x-acc
hsbc:wpb-stream-ca:2:vdata
x-ulver
2b4909bdaa906a69e4263245ac35cbc062418f47-SNAPSHOT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
x-region
us-east-1
content-length
43
x-uuid
3c164e5b-ace8-464b-92e6-d45d46284446
expires
Wed, 14 Aug 2024 19:22:30 GMT

Redirect headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:30 GMT
server
HTTP server (unknown)
content-type
text/html; charset=UTF-8
location
https://datacloud.tealiumiq.com/vdata/i.gif?tealium_cookie_sync=true&tealium_vid=01915257792300469dc026ab1cf005065001b05d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-ca&google_gid=CAESEO1WC-lJ_WJA_yFV1sXEpa0&google_cver=1
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
447
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bat.js
bat.bing.com/ 		49 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 14 Aug 2024 19:22:29 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 48D46D1EFA0E408582932E457371ED28 Ref B: YTO01EDGE0809 Ref C: 2024-08-14T19:22:30Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
js
www.googletagmanager.com/gtag/ 		218 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-8710119
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.631.js?utv=ut4.47.202210130830
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.232 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
72feba6b07fa9136bda7fa3afec0d0f0d66831224b75d0a0cbef5e0b99b07d6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
79797
x-xss-protection
0
last-modified
Wed, 14 Aug 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 14 Aug 2024 19:22:30 GMT
session.json
mcm-prod.hsbc.ca/2003/handler9/ 		0
0
JavascriptInsert.js
mcm-prod.hsbc.ca/ 		0
0
tag.js
lptag.liveperson.net/tag/ 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=5194901
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.588.js?utv=ut4.47.202210030813
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
208.89.12.153 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
lptag.liveperson.net
Software
ws /
Resource Hash
2823fbfa7b9256867e21af1ecbfbb98583c8ef0e0b495f6f01d862ef58e3d93d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 30 May 2024 01:00:50 GMT
server
ws
etag
"6657cfc2-253d"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
9533
fbevents.js
connect.facebook.net/en_US/ 		225 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 14 Aug 2024 19:22:30 GMT
document-policy
force-load-at-top
x-fb-server-load
22
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58865
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=12, mss=1316, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
2lIHUk6hRGYSEmc7FG3riBSxWuxxpvYENuSHZZD+QXQYo1GYNYF05+nW2z7UqmUsrHDRnuVrd7+2IJpkbVpOWQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
i.gif
collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/2/ 		43 B
762 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/2/i.gif
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.152.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-152-86.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundary0lvNpmS7h4RJQ8Av

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
x-serverid
uconnect_i-0d3e670c3283f914e
x-tid
01915257792300469dc026ab1cf005065001b05d00b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-ca:2:datacloud
x-region
us-east-1
content-length
43
pragma
no-cache
x-did
01915257792300469dc026ab1cf005065001b05d00b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://origin-www.hsbc.ca
x-ulver
2b4909bdaa906a69e4263245ac35cbc062418f47-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
aecaa258-442f-4456-98e9-85b8388bda17
expires
Wed, 14 Aug 2024 19:22:30 GMT
/
csp.prod.na.dynp.cloud1.vv1865.com/ 		0
405 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csp.prod.na.dynp.cloud1.vv1865.com/
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.645.js?utv=ut4.47.202211221028
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-125.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
via
1.1 b759e26bde22770788987f2078515d9a.cloudfront.net (CloudFront), 1.1 e774c9e3b514be02964a99136a6cdfda.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2, JFK52-P5
x-amzn-requestid
0d2b44aa-e4ef-493f-adb3-4164925ec830
x-amzn-trace-id
Root=1-66bd03f6-56eb2a3565a2081d1c8d3c43;Parent=12a69204b4fc04f7;Sampled=0;lineage=3db17ce9:0
x-cache
Miss from cloudfront
x-amz-apigw-id
cg2OlF3soAMEAsA=
x-amz-cf-id
n4UoIomDpruYS-NuHuE4dialKdMPZ5w3PE8vjWcEYBNctU4BAicChg==
dcm
s.amazon-adsystem.com/ 		0
0
/
dc.ads.linkedin.com/collect/ 		43 B
835 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dc.ads.linkedin.com/collect/?491068
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
content-encoding
gzip
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 71EFD8B475C040B8BF9A1BAABAA2BA6B Ref B: YTO01EDGE0821 Ref C: 2024-08-14T19:22:30Z
linkedin-action
1
vary
Accept-Encoding
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric
prod-lor1
content-type
image/gif
x-cache
CONFIG_NOCACHE
x-li-proto
http/2
content-length
65
x-li-uuid
AAYfqaW6KNYtIX/Zb0OJKQ==
/
csp.prod.na.dynp.cloud1.vv1865.com/ 		0
407 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csp.prod.na.dynp.cloud1.vv1865.com/
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.665.js?utv=ut4.47.202305230711
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-125.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
via
1.1 dd50f5bdd8da1cdd9e698cc2d6f8e828.cloudfront.net (CloudFront), 1.1 e774c9e3b514be02964a99136a6cdfda.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2, JFK52-P5
x-amzn-requestid
e5547e14-4f01-4db3-919e-6d374c662643
x-amzn-trace-id
Root=1-66bd03f6-11f4b07339a815df64cfb841;Parent=377e41daa7f1a8f7;Sampled=0;lineage=3db17ce9:0
x-cache
Miss from cloudfront
x-amz-apigw-id
cg2OlH0VoAMECYA=
x-amz-cf-id
_oAOSWvQ1NnzWdQyHt3LXLaxVVtVYUfVx9NLbJryODGhobrRitJh0w==
cms
ups.analytics.yahoo.com/ups/58722/ 		0
0
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
430 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/ca-rbwm/202402050803&cb=1723663350470
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.164.116.77 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-164-116-77.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Wed, 14 Aug 2024 19:22:22 GMT
via
1.1 7bf47dc1c691ee43f7c8db83aa03a3cc.cloudfront.net (CloudFront)
x-amz-cf-pop
JFK50-P6
age
9
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
accept-encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
WKF-y0PeDX1xa3HcqdT9N3SORyyLKQrhG604drWqjNRRy2ryn2Gp4w==
_error
uconnect.tealiumiq.com/ulog/ 		43 B
451 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uconnect.tealiumiq.com/ulog/_error?utid=hsbc/ca-rbwm/202402050803&e0=ge%3A%3A51%3A%3A%2F%2Ftags.tiqcdn.com%2Futag%2Fhsbc%2Fca-rbwm%2Fprod%2Futag.js%3A%3ACannot%20read%20properties%20of%20undefined%20(reading%20%27toString%27)
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.152.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-152-86.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
x-serverid
uconnect_i-00145de48395ad1fb
vary
Origin
content-type
image/gif
x-acc
_error::4:uconnect
x-ulver
2b4909bdaa906a69e4263245ac35cbc062418f47-SNAPSHOT
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
x-region
us-east-1
x-error
_error is not supported
content-length
43
x-uuid
ee285f5f-0036-43c8-87ee-a995e6fe654e
expires
Wed, 14 Aug 2024 19:22:31 GMT
364648985147847
connect.facebook.net/signals/config/ 		75 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/364648985147847?v=2.9.164&r=stable&domain=origin-www.hsbc.ca&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-lga3.fbcdn.net
Software
/
Resource Hash
8d4ff23be2bb4bccbdaae449187e5c3badcaebeaa5e8a442a5896aca75c3e6fc
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 14 Aug 2024 19:22:31 GMT
document-policy
force-load-at-top
x-fb-server-load
28
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=39, rtx=0, c=54, mss=1316, tbw=64389, tp=-1, tpl=-1, uplat=333, ullat=1
pragma
public
x-fb-debug
edGIyu3MzrphXuuajeqFGNtj9+odxaE4A3XLkrxCsdCN7og/SLm/oG/Of4FgNKfJ3pn/CwV86KDV0OPuCPOFHg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
01915257792300469dc026ab1cf005065001b05d00b08
visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/ 		36 B
249 B 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/01915257792300469dc026ab1cf005065001b05d00b08?callback=utag.ut%5B%22writevawpb-stream-ca%22%5D&rnd=1723663350712
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.190.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-190-83.compute-1.amazonaws.com
Software
/
Resource Hash
276baaaccd55e5ddf780c7edd36a6da6a2aabbebcb5617747a04c7c0bbda63c4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-version
dd0b6b6ed069fcb371bec659bcbb39a135d2d2ae-SNAPSHOT
date
Wed, 14 Aug 2024 19:22:31 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
us-east-1
content-length
36
x-nodeid
i-07b1ee1a2f2e7b01b
content-type
application/javascript; charset=utf-8
5175569.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/5175569.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7c5a24be89ad02be602a2b027ccad105f20795d1d4ca1353adf673a2499fdb8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Wed, 14 Aug 2024 19:22:29 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: C7C4EC08174D4FD6B0AF712B348FA43A Ref B: YTO01EDGE0809 Ref C: 2024-08-14T19:22:30Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
js
www.googletagmanager.com/gtag/ 		250 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-716805516&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8710119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.232 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
79b400207261a6b64c22f9c94c1aa14a97710e32a94a2fa746b265bd9f73b82b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89567
x-xss-protection
0
last-modified
Wed, 14 Aug 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 14 Aug 2024 19:22:30 GMT
js
www.googletagmanager.com/gtag/ 		246 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-795137881&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-8710119
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.232 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
f7fd2b6e45639cc5ec3b0095bb0f48e2f227238e8f9e8c15a6a17fdc1bf6c4c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89156
x-xss-protection
0
last-modified
Wed, 14 Aug 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 14 Aug 2024 19:22:30 GMT
/
csp.prod.na.dynp.cloud1.vv1865.com/ 		0
406 B 		Other
General
Check archive.org
Download Go to
Full URL
https://csp.prod.na.dynp.cloud1.vv1865.com/
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/5175569.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.125 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-125.jfk52.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Wed, 14 Aug 2024 19:22:31 GMT
via
1.1 343d70dd2c23b73057116d47a342c588.cloudfront.net (CloudFront), 1.1 e774c9e3b514be02964a99136a6cdfda.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR53-C2, JFK52-P5
x-amzn-requestid
ae211c90-d9c7-47eb-9b12-8b239b232764
x-amzn-trace-id
Root=1-66bd03f7-3d79927a61fd1a1f104ec8e9;Parent=2a5ea2b470ceb0a8;Sampled=0;lineage=3db17ce9:0
x-cache
Miss from cloudfront
x-amz-apigw-id
cg2OpGj-oAMEvxA=
x-amz-cf-id
4VivFppziWYvDjlLhNQn7N3mVEPCH7VC3KyWCszW7Enu3pMBA5vm3A==
5175569
www.clarity.ms/tag/uet/ 		0
0
0
bat.bing.com/action/ 		0
360 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=5175569&Ver=2&mid=a83b4861-1adc-4625-a3f3-068996c1877b&sid=8d00aa605a7211efa6b03fe98eef55a4&vid=8d00cc605a7211ef8a11fb4c6628a6d1&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=404&p=https%3A%2F%2Forigin-www.hsbc.ca%2F&r=&lt=1340&evt=pageLoad&sv=1&cdb=AQwT&rn=126114
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 14 Aug 2024 19:22:30 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7B80559AB7DA45F6A3F72237827B0D2B Ref B: YTO01EDGE0809 Ref C: 2024-08-14T19:22:31Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/?random=1723663351066&cv=11&fst=1723663351066&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-716805516&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
0a9a22a81f55a149922644f6ed2a89815cd43fa78d45887333eebeb974ceade9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1415
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/?random=1723663351113&cv=11&fst=1723663351113&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-716805516&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
e03972658df775b06a9db6096a734067f5c9672a20a2a476247a0fdce306c78e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1433
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/?random=1723663351166&cv=11&fst=1723663351166&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-795137881&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
720622ec26e343ae8eeeded89e4ae30e19c4fa39f09c59a5e9ca03437db6c174
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1407
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/?random=1723663351191&cv=11&fst=1723663351191&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-795137881&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
c01622ebe2fdca0bfa16bd1344af8561488851a4de4dafe3896828336ede58e9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1430
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=364648985147847&ev=PageView&dl=https%3A%2F%2Forigin-www.hsbc.ca%2F&rl=&if=false&ts=1723663351243&cd[base_tracking_type]=track&sw=1600&sh=1200&ud[external_id]=2fede118461e57cbe0dfd205c7bd83d59f2e8b01a1d9a87c4ffe8dd3da7a0ecb&v=2.9.164&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1723663351237.56063092881376493&cs_est=true&ler=empty&cdl=API_unavailable&it=1723663350661&coo=false&eid=7dc683b764b7018e90f4682572c4038f&tm=1&rqm=GET
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=10, mss=1316, tbw=2833, tp=-1, tpl=-1, uplat=1, ullat=1
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 14 Aug 2024 19:22:31 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=364648985147847&ev=PageView&dl=https%3A%2F%2Forigin-www.hsbc.ca%2F&rl=&if=false&ts=1723663351243&cd[base_tracking_type]=track&sw=1600&sh=1200&ud[external_id]=2fede118461e57cbe0dfd205c7bd83d59f2e8b01a1d9a87c4ffe8dd3da7a0ecb&v=2.9.164&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1723663351237.56063092881376493&cs_est=true&ler=empty&cdl=API_unavailable&it=1723663350661&coo=false&eid=7dc683b764b7018e90f4682572c4038f&tm=1&rqm=FGET
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-lga3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0xdd2d0a0c247934ad","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:5624810704286751","24:9124620447609939","24:6539947546043234","24:5984166268299456","24:6448068188588185","24:6354064581306256","24:6163483163718918","24:6041200292663258","7830:5624810704286751","7830:9124620447609939","7830:6539947546043234","7830:5984166268299456","7830:6448068188588185","7830:6354064581306256","7830:6163483163718918","7830:6041200292663258","10853:5624810704286751","10853:9124620447609939","10853:6539947546043234","10853:5984166268299456","10853:6448068188588185","10853:6354064581306256","10853:6163483163718918","10853:6041200292663258","41:5624810704286751","41:9124620447609939","41:6539947546043234","41:5984166268299456","41:6448068188588185","41:6354064581306256","41:6163483163718918","41:6041200292663258","8046:5624810704286751","8046:9124620447609939","8046:6539947546043234","8046:5984166268299456","8046:6448068188588185","8046:6354064581306256","8046:6163483163718918","8046:6041200292663258"]},"debug_reporting":true,"debug_key":"1"}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Wed, 14 Aug 2024 19:22:31 GMT
x-fb-server-load
30
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7403077722994061442", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=31, rtx=0, c=14, mss=1316, tbw=3151, tp=-1, tpl=-1, uplat=144, ullat=0
pragma
no-cache
x-fb-debug
JhR393r3reU43A4dx5Pg0wJrdmn/ROfPWLIGmqTKFCD0g8El7v4zj30XmzqnaPvHgbteJozzYzvv3D05CFGqLQ==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7403077722994061442"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
events
logx.optimizely.com/v1/ 		0
388 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.49.241.189 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
189.241.49.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 14 Aug 2024 19:22:31 GMT
via
1.1 google
access-control-allow-methods
POST,OPTIONS
content-type
text/plain
access-control-allow-origin
https://origin-www.hsbc.ca
access-control-expose-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id
access-control-allow-credentials
true
timing-allow-origin
*
access-control-allow-headers
X-Requested-With,Content-Type,Accept,Origin,X-App-Trace-Id,X-Optimizely-Strict
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-request-id
e4e65dc4-699c-43c7-b73f-492f202ac05b
/
www.google.com/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/716805516/?random=1723663351113&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfXrhuw6h0rrviCVP0Q7HwyanY2p4PDs2EwsNUrcMJG4L7d4Y3&random=2606660093&rmt_tld=0&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/716805516/?random=1723663351113&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfXrhuw6h0rrviCVP0Q7HwyanY2p4PDs2EwsNUrcMJG4L7d4Y3&random=2606660093&rmt_tld=1&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/716805516/?random=1723663351066&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfYj_LBexTnj0uQWWKUZPlWhGJDRVN2KKYJSC5Ze9L1bLlOCa2&random=241473225&rmt_tld=0&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/716805516/?random=1723663351066&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfYj_LBexTnj0uQWWKUZPlWhGJDRVN2KKYJSC5Ze9L1bLlOCa2&random=241473225&rmt_tld=1&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/795137881/?random=1723663351191&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfWlK3EREyGEkftmiplPuYjYZWa9RTOHW9r7yBu34jXXAWRm-j&random=3465281569&rmt_tld=0&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/795137881/?random=1723663351191&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfWlK3EREyGEkftmiplPuYjYZWa9RTOHW9r7yBu34jXXAWRm-j&random=3465281569&rmt_tld=1&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/795137881/?random=1723663351166&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfA99AokWsrCOQkh-9hnK12HyKU_AgB_QP-aKlR-r85l5xv9Wd&random=2737035469&rmt_tld=0&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/795137881/?random=1723663351166&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfA99AokWsrCOQkh-9hnK12HyKU_AgB_QP-aKlR-r85l5xv9Wd&random=2737035469&rmt_tld=1&ipr=y
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:31 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
cdn.appdynamics.com/ 		45 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.appdynamics.com/adrum-ext.0086dbec5e8a6e717bf36d3a06b62042.js
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.238.80.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-238-80-99.jfk52.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 06:36:12 GMT
content-encoding
br
via
1.1 922a8d3fd8f61d324f544f33d8d3a304.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000
last-modified
Thu, 15 Sep 2016 22:05:47 GMT
server
AmazonS3
x-amz-cf-pop
JFK52-P5
age
45980
etag
W/"989cc223341935e903706cd798e666c7"
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=31536000, immutable
cross-origin-resource-policy
cross-origin
x-amz-cf-id
Kz0IvOxbjVDQCxOpmmNk-EgReHoAHgN2GP9qLfi-7mLfahImJtKZ-Q==
favicon.ico
origin-www.hsbc.ca/etc/designs/dpws/common/favicons/ 		15 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://origin-www.hsbc.ca/etc/designs/dpws/common/favicons/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
161.113.4.9 , United States, ASN26381 (HSBC-COM, US),
Reverse DNS
Software
/
Resource Hash
6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Wed, 14 Aug 2024 19:22:31 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Cross-Origin-Resource-Policy
same-site
Connection
Keep-Alive
Content-Length
1072
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 12 Aug 2024 07:03:42 GMT
Cross-Origin-Opener-Policy
same-origin-allow-popups
Vary
Accept-Encoding
Content-Type
image/x-icon
Cache-Control
max-age=7776000
Accept-Ranges
bytes
S
usvhs-prod-aempub
Keep-Alive
timeout=5, max=95
adrum
col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAE-HSU/ 		0
797 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://col.eum-appdynamics.com/eumcollector/beacons/browser/v1/AD-AAB-AAE-HSU/adrum
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.213.18.244 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-213-18-244.us-west-2.compute.amazonaws.com
Software
envoy /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536010; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
text/plain

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
strict-transport-security
max-age=31536010; includeSubDomains
x-content-type-options
nosniff
server
envoy
vary
*
content-type
text/html
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, s-maxage=0
x-envoy-upstream-service-time
0
access-control-allow-headers
origin, content-type, accept
expires
0
i.gif
collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/2/ 		43 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/2/i.gif
Requested by
Host: origin-www.hsbc.ca
URL: https://origin-www.hsbc.ca/etc/designs/hsbc/appd/clientlib.min.b3ec3a2325eaa4cbc74a2e2f0b755b0f.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.210.152.86 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-210-152-86.compute-1.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryrdHBjSuixRR5A9Tr

Response headers

date
Wed, 14 Aug 2024 19:22:33 GMT
x-serverid
uconnect_i-086522e2fd396e817
x-tid
01915257792300469dc026ab1cf005065001b05d00b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-ca:2:datacloud
x-region
us-east-1
content-length
43
pragma
no-cache
x-did
01915257792300469dc026ab1cf005065001b05d00b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://origin-www.hsbc.ca
x-ulver
2b4909bdaa906a69e4263245ac35cbc062418f47-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
b7ece45b-7fe2-4dd7-817a-ba6f1bbc7cab
expires
Wed, 14 Aug 2024 19:22:33 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/?random=1723663353099&cv=11&fst=1723663353099&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-716805516&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
771e3c3f40253a04be5d5e15f31a9b7d463aba41cf8b100d119cf6dd979890f2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1415
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/?random=1723663353113&cv=11&fst=1723663353113&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-795137881&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
6677db11d1846fa54a3b47948d6863949a8c54feb14984894d08f36ee9bcabba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1407
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		218 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-8710119
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.631.js?utv=ut4.47.202210130830
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.40.232 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
72feba6b07fa9136bda7fa3afec0d0f0d66831224b75d0a0cbef5e0b99b07d6c
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Wed, 14 Aug 2024 19:22:30 GMT
content-encoding
br
last-modified
Wed, 14 Aug 2024 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
79797
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 14 Aug 2024 19:22:30 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/716805516/?random=1723663353126&cv=11&fst=1723663353126&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-716805516&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
5361f44442e4180d1868a639720cb98029acc75319da6c8513bd1b1957808f64
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1436
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/795137881/?random=1723663353131&cv=11&fst=1723663353131&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-795137881&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.226 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s39-in-f2.1e100.net
Software
cafe /
Resource Hash
9926a550b8e156a631d43e67ffc02acf32efdef8b62db752a8c0680495ea4fd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1428
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/716805516/?random=1723663353099&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfJHctH4ZccePa3lAGXOz3iako50NRvLWs3h92LMrQiBSjH3-G&random=1088074970&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/716805516/?random=1723663353099&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfJHctH4ZccePa3lAGXOz3iako50NRvLWs3h92LMrQiBSjH3-G&random=1088074970&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/795137881/?random=1723663353113&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfJE2THbvjBiGOxv7mW0dewk9Ez5snwwW5l-0GSitiW1Pm1rcW&random=230246403&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/795137881/?random=1723663353113&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfJE2THbvjBiGOxv7mW0dewk9Ez5snwwW5l-0GSitiW1Pm1rcW&random=230246403&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
01915257792300469dc026ab1cf005065001b05d00b08
visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-us-east-1.tealiumiq.com/hsbc/wpb-stream-ca/01915257792300469dc026ab1cf005065001b05d00b08?callback=utag.ut%5B%22writevawpb-stream-ca%22%5D&rnd=1723663353189
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.224.190.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-224-190-83.compute-1.amazonaws.com
Software
/
Resource Hash
d288816861b40906cd99c14ab94973a06e01fce39ccc69e3a18b32b8d627c1ef
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-version
dd0b6b6ed069fcb371bec659bcbb39a135d2d2ae-SNAPSHOT
date
Wed, 14 Aug 2024 19:22:33 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
us-east-1
content-length
1758
x-nodeid
i-07b1ee1a2f2e7b01b
content-type
application/javascript; charset=utf-8
/
www.google.com/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/716805516/?random=1723663353126&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfkhhmVWf2XHdpI-wCUFyGvNAVpzzyUe5NEcR_sZFXBorb1-Km&random=4027832256&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/716805516/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/716805516/?random=1723663353126&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0v895821426za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfkhhmVWf2XHdpI-wCUFyGvNAVpzzyUe5NEcR_sZFXBorb1-Km&random=4027832256&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/795137881/?random=1723663353131&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfQhgb-sMTAYcfGawCLoxD21r6_hT__CyWQ1Zt3iv4-n_Gr6Ht&random=2892009954&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.41.4 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s40-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/795137881/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/795137881/?random=1723663353131&cv=11&fst=1723662000000&bg=ffffff&guid=ON&async=1&gtm=45be48c0za200zb9174802647&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Forigin-www.hsbc.ca%2F&hn=www.googleadservices.com&frm=0&tiba=404&userId=01915257792300469dc026ab1cf005065001b05d00b08&npa=0&pscdl=noapi&auid=595157431.1723663351&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view%3Ballow_custom_scripts%3Dtrue&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfQhgb-sMTAYcfGawCLoxD21r6_hT__CyWQ1Zt3iv4-n_Gr6Ht&random=2892009954&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.40.195 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s38-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://origin-www.hsbc.ca/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 14 Aug 2024 19:22:33 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
mcm-prod.hsbc.ca
URL
https://mcm-prod.hsbc.ca/2003/handler9/session.json
Domain
mcm-prod.hsbc.ca
URL
https://mcm-prod.hsbc.ca/JavascriptInsert.js
Domain
s.amazon-adsystem.com
URL
https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=01915257792300469dc026ab1cf005065001b05d00b08
Domain
ups.analytics.yahoo.com
URL
https://ups.analytics.yahoo.com/ups/58722/cms?partner_id=TEALM&visitor_id=01915257792300469dc026ab1cf005065001b05d00b08&gdpr=0&gdpr_consent=&tealium_account=hsbc&tealium_profile=wpb-stream-ca&tealium_event=yahoo_cookie_sync
Domain
www.clarity.ms
URL
https://www.clarity.ms/tag/uet/5175569

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| TMS number| maskTimeout boolean| syncChangesApplied object| cssRuleManager function| removeMask function| u object| HSBC object| DCSext function| dcsGetHSBCCookie function| dcsVar function| dcsMultiTrack function| dcsMapHSBC function| dcsMeta function| dcsFunc function| dcsTag object| optimizely object| utag_data string| adrum-app-key number| adrum-start-time object| ADRUM object| modalsConfiguration function| jQuery object| cpiUtils object| PubSub function| RadioButton function| RadioGroup object| respond function| moment object| Bootstrap object| GPWS object| HSBC_utils object| Mustache function| v object| __core-js_shared__ object| core function| n function| s object| utag_err string| utag_lh object| jwt object| elem string| versionNode number| version object| params object| utag function| utag_condloader function| _tealium_old_error object| utag_cfg_ovrd object| Evnt string| mn object| WIZ_util function| prefixPriority object| WIZ_res object| pixel_lib object| utag_extn function| lpGetAuthenticationToken string| timestamp function| PixelSearchService object| uetq object| dataLayer boolean| impressiontrackingrunning boolean| clkev boolean| pushIdentities function| tealium_liveperson_lib object| lpTag object| h string| HSBCCAPageID string| HSBCCAcompatVersion string| HSBCCApacketVersion string| HSBCCAuseCorsForInitialRequest string| HSBCCAuseJsonFormatForInitialCorsRequest string| HSBCCATCP string| HSBCCASSL function| HSBCCAgPr function| HSBCCAsessionShutdownPeriodExceeded function| HSBCCAperiodicAssessShutdownState object| HSBCCApendingManualEvents object| HSBCCAqueuedYoutubeReferences function| HSBCCAevent function| HSBCCAclick function| HSBCCAtextchange function| HSBCCAformsubmit function| HSBCCASendJsonData function| HSBCCAtrackYouTubeIframePlayer function| HSBCCAinitialExecutionCanProceed function| HSBCCAblockExecutionForInsertAlreadyPresent function| HSBCCASL function| HSBCCAsendScriptRequests function| HSBCCAcookieAllowsScriptToProceed function| HSBCCASC function| HSBCCAfindCookieVal function| HSBCCAdeleteLegacyCookies function| HSBCCAdoDeleteCookie function| HSBCCAsessionset function| HSBCCApersisted function| HSBCCAlegacyset function| HSBCCAkeyset function| HSBCCADBIDset function| HSBCCAsetShutdown boolean| HSBCCALF function| HSBCCAclearStoppedState function| HSBCCAstop function| HSBCCAgenerateUUID object| HSBCCAcookieList function| HSBCCAgC function| HSBCCAae function| HSBCCAclient_event function| HSBCCAGP function| HSBCCAGPWID function| HSBCCALC string| HSBCCATWID function| HSBCCAoptOut function| HSBCCAoptIn function| HSBCCAanonymous function| HSBCCAresetCSA function| HSBCCAdoReInit function| HSBCCAtmoPoll boolean| HSBCCAjsInsertAlreadyLoaded function| HSBCCAgetSD string| HSBCCAwindowID number| HSBCCATm object| HSBCCAsImgArr object| HSBCCARTEHandler function| fbq function| _fbq object| e number| f string| items string| storageData function| UET function| UET_init function| UET_push object| ueto_eae278e9b4 object| google_tag_manager object| google_tag_data string| cc object| GooglebQhCsO

20 Cookies

Domain/Path Name / Value
origin-www.hsbc.ca/ Name: SameSite
Value: None
origin-www.hsbc.ca/ Name: Canada-hsbc.ca-VH
Value: 818485676.10105.0000
origin-www.hsbc.ca/ Name: TS01f477b4
Value: 014b9459e0c44fc387d136c26e806909726f5ba72fe5178e80d53ae52190a8f21364f9e9ee8ceeb7e1f2eb54c466749821a29a9eb1
.hsbc.ca/ Name: HSBC_CLIENT_COOKIE
Value: PreferredLocale%3Den_CA
.hsbc.ca/ Name: optimizelyEndUserId
Value: oeu1723663350126r0.2659755249075104
.hsbc.ca/ Name: tms_ref
Value:
.hsbc.ca/ Name: usy46gabsosd
Value: HSBCCA_17236633504260.c520f4394f22bc5ba7b1c06617f5d110_2003
.doubleclick.net/ Name: IDE
Value: AHWqTUndFwkBu-AnLdKuMNT1RKIIhhhOClcSIARM0tJHkSVRn2EYqOcXdNH17dRJYJw
.linkedin.com/ Name: bcookie
Value: "v=2&8fc7b70c-c747-4aa1-8733-97524d9273fa"
.linkedin.com/ Name: lidc
Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3275:u=1:x=1:i=1723663350:t=1723749750:v=2:sig=AQHKwR6BOjIkNqSDSs_QqaHg_ocFy_Br"
.tealiumiq.com/ Name: TAPID
Value: hsbc/wpb-stream-ca>01915257792300469dc026ab1cf005065001b05d00b08|
.tealiumiq.com/ Name: tcs.google_gid
Value: eyJoc2JjL3dwYi1zdHJlYW0tY2EiOiJDQUVTRU8xV0MtbEpfV0pBX3lGVjFzWEVwYTB8MTcyMzY2MzM1MDcwMiJ9
.tealiumiq.com/ Name: tcs.google_cver
Value: eyJoc2JjL3dwYi1zdHJlYW0tY2EiOiIxfDE3MjM2NjMzNTA3MDIifQ==
.hsbc.ca/ Name: _gcl_au
Value: 1.1.595157431.1723663351
.hsbc.ca/ Name: _uetsid
Value: 8d00aa605a7211efa6b03fe98eef55a4
.hsbc.ca/ Name: _uetvid
Value: 8d00cc605a7211ef8a11fb4c6628a6d1
.bing.com/ Name: MUID
Value: 00BF2A49A6BF6C6F2D733E92A7956DE9
.bat.bing.com/ Name: MR
Value: 0
.hsbc.ca/ Name: _fbp
Value: fb.1.1723663351237.56063092881376493
.hsbc.ca/ Name: utag_main
Value: v_id:01915257792300469dc026ab1cf005065001b05d00b08$_sn:1$_se:2$_ss:0$_st:1723665153012$ses_id:1723663350053%3Bexp-session$_pn:1%3Bexp-session$dcsyncran:1%3Bexp-session$dc_group:73$_prevpage:404%3Ahttps%3A%2F%2Forigin-www.hsbc.ca%2F%3Bexp-session$dc_visit:1$dc_event:2%3Bexp-session$amsyncran:1%3Bexp-session$dc_region:us-east-1%3Bexp-session

6 Console Messages

Source Level URL
Text
network error URL: https://origin-www.hsbc.ca/
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.645.js?utv=ut4.47.202211221028(Line 12)
Message:
Refused to load the script 'https://s.amazon-adsystem.com/dcm?pid=f8ca2def-013b-4492-8956-75d0449638a4&id=01915257792300469dc026ab1cf005065001b05d00b08' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://tags.tiqcdn.com/utag/hsbc/ca-rbwm/prod/utag.665.js?utv=ut4.47.202305230711(Line 2)
Message:
Refused to load the script 'https://ups.analytics.yahoo.com/ups/58722/cms?partner_id=TEALM&visitor_id=01915257792300469dc026ab1cf005065001b05d00b08&gdpr=0&gdpr_consent=&tealium_account=hsbc&tealium_profile=wpb-stream-ca&tealium_event=yahoo_cookie_sync' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://bat.bing.com/p/action/5175569.js(Line 39)
Message:
Refused to load the script 'https://www.clarity.ms/tag/uet/5175569' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
network error URL: https://mcm-prod.hsbc.ca/2003/handler9/session.json
Message:
Failed to load resource: net::ERR_CONNECTION_RESET
network error URL: https://mcm-prod.hsbc.ca/JavascriptInsert.js
Message:
Failed to load resource: net::ERR_CONNECTION_RESET

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.ads-twitter.com *.hsbc.ae *.awswaf.com players.brightcove.net vjs.zencdn.net *.hsbc.com.hk:* *.hsbc.ca bat.bing.com conoret.com *.acestream.net *.brightcove.net *.google-analytics.com *.safecdn01.com *.zencdn.net ssl.google-analytics.com www.google.com googleads.g.doubleclick.net *.v.liveperson.net connect.facebook.net *.walkme.com cdn-assets-prod.s3.amazonaws.com; img-src data: *; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.awswaf.com players.brightcove.net edge.api.brightcove.com *.brightcovecdn.com *.hsbc.com.hk:* *.googletagmanager.com *.hsbc.ca *.facebook.com http://127.0.0.1:5000/* *.liveperson.net bat.bing.com *.launchdarkly.com *.va.cobrowse.liveperson.net *.api.brightcove.com *.google-analytics.com *.analytics.google.com *.g.doubleclick.net www.google.com adservice.google.com brightcove.hs.llnwd.net manifest.prod.boltdns.net cdn-assets-prod.s3.amazonaws.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net players.brightcove.net *.facebook.com *.opendns.com acestream.me bid.g.doubleclick.net connect.facebook.net m.youtube.com; frame-ancestors 'self'; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.avast.com *.alicdn.com *.googleusercontent.com *.slant.co fonts.gstatic.com; worker-src 'self' blob:; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.liveperson.net *.trendmicro.com *.va.cobrowse.liveperson.net; object-src 'self' blob: players.brightcove.net; child-src 'self'; media-src 'self' blob: *.brightcovecdn.com *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.lpsnmedia.net ssl.gstatic.com; upgrade-insecure-requests ; report-uri https://csp.prod.na.dynp.cloud1.vv1865.com;
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a19069622224.cdn.optimizely.com
akamai.tiqcdn.com
bat.bing.com
cdn.appdynamics.com
cdn.optimizely.com
cm.g.doubleclick.net
col.eum-appdynamics.com
collect-us-east-1.tealiumiq.com
connect.facebook.net
csp.prod.na.dynp.cloud1.vv1865.com
datacloud.tealiumiq.com
dc.ads.linkedin.com
googleads.g.doubleclick.net
logx.optimizely.com
lptag.liveperson.net
mcm-prod.hsbc.ca
origin-www.hsbc.ca
s.amazon-adsystem.com
tags.tiqcdn.com
uconnect.tealiumiq.com
ups.analytics.yahoo.com
visitor-service-us-east-1.tealiumiq.com
www.clarity.ms
www.facebook.com
www.google.ca
www.google.com
www.googletagmanager.com
mcm-prod.hsbc.ca
s.amazon-adsystem.com
ups.analytics.yahoo.com
www.clarity.ms
104.18.65.57
104.18.66.57
13.107.21.237
13.107.42.14
142.251.35.162
142.251.40.195
142.251.40.226
142.251.40.232
142.251.41.4
161.113.4.9
18.164.116.77
18.238.80.125
18.238.80.99
208.89.12.153
23.203.191.157
3.210.152.86
31.13.71.36
31.13.71.7
34.213.18.244
34.224.190.83
34.49.241.189
0646b95523ca05161036bfaf841f18bae164d1ab76ec04f51220018c4f5c52e3
0a9a22a81f55a149922644f6ed2a89815cd43fa78d45887333eebeb974ceade9
0abc9717f4250aa9467dda0119ba43ce98c6ee0aa80e868887ca738f4db34cff
11ac6bc0d29c58029bc8d38fd17693735d56dccf42493b3b71c1ebfc19ffcb37
1410bf3ef15162a56d0c7ea0f851483738179ce8281a269f4ed88612e9c9a695
1460b3244682b02794088e57813f0830bf8da6fe58237f96a1413d379f96853c
16c78b78bc6f95090cfa2559f469b18255f17341983a2cf091583b80ab70a57b
1d72d764b2852343f701bedc8406f285f88011d5c02712b3af3d65bbb5df53d7
1fe93d773a537c17456fc95e7dbfb69cba2914ac73c5f9b01d4db046667c688e
2024d7153c7811ba35089d2f764488bd7cdf680d5b88717b311922b9a55a4efd
276baaaccd55e5ddf780c7edd36a6da6a2aabbebcb5617747a04c7c0bbda63c4
2823fbfa7b9256867e21af1ecbfbb98583c8ef0e0b495f6f01d862ef58e3d93d
2903cee3254dae324fc022f6d6926c152d0bef1dfd4ec3fcd1b943cd98320f3f
2a9274dbcef2991a080c50f69684d551253d53db329fd33ee73e2ef284c54dc7
2cea73b7c9b18c93be931fbf1fd5c6bf1c44a0d0e34c343446162725983a1939
3456bafda6c03991f9c0d3eaf0bc02fb6e2ee5d4712dcba1ea6d06907bbb8ba5
482203c6e2116155c2cc0d4d1a267504d205efa5081ea07c35044723c41cf494
4d0abfba4322983df5aa4a6f24eac4cb4289bed8739f7ea55e61c20bbf6d7cda
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
5361f44442e4180d1868a639720cb98029acc75319da6c8513bd1b1957808f64
580245633d829cdc4a80192bc505ad254af0ed2955d5add87b56917a1c0f64df
5a06addf661a92a09b94be6834af6e0fdce6b4095cedfaaa2cd614cbe3bfef64
6677db11d1846fa54a3b47948d6863949a8c54feb14984894d08f36ee9bcabba
6792c4c37672b1a8d6c2842f403c70c85f3b66f3ebaa434b816b5cd25203113b
69c2b8e06630556f0356093d2679ff3a26a9ce177a8c784ce85a52760a2db3b6
6a74e4deb1779d184febfd8928a08419349330126c8c2ef38e17a969b4b045a2
720622ec26e343ae8eeeded89e4ae30e19c4fa39f09c59a5e9ca03437db6c174
72feba6b07fa9136bda7fa3afec0d0f0d66831224b75d0a0cbef5e0b99b07d6c
74252e1368ab3ec109aa30633e2c90c26758b9db912b1cf8bc6a1188eab2b669
76e6fcb163f76c23e3595acdb5c37457b8529ae4612bdfd266a9ef3d83550586
771e3c3f40253a04be5d5e15f31a9b7d463aba41cf8b100d119cf6dd979890f2
77db87c63a9bbcbc81a206c803c2073685fe7afcf0c74c8c4d9bddd80af6c019
78fd5b7474c26eb1b271c10ab2dea029b0f173b304710cb274ea2fde7287d6ba
79b400207261a6b64c22f9c94c1aa14a97710e32a94a2fa746b265bd9f73b82b
7c5a24be89ad02be602a2b027ccad105f20795d1d4ca1353adf673a2499fdb8d
7da0fcf5011f66d43746091e130db6ef4d55ff13410d57209fb0f44d90cdee60
8222cdc54a6ead3316ea87fe238faccbb74dd971e66937b9eadd62bf40c97468
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8a7448ca0b251a514e5e77eaf0824a7a5f953982663a7bfa861acc822dd36610
8d4ff23be2bb4bccbdaae449187e5c3badcaebeaa5e8a442a5896aca75c3e6fc
912f4c51a8c69eb08640d401656cb0ee974d0feb6f69a05635326843530ca06f
9926a550b8e156a631d43e67ffc02acf32efdef8b62db752a8c0680495ea4fd1
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
b413ec403b694fbf9bba2f6d752e79c5eb5903d8d859e4554d2e97b0edf9322f
b73caafe07e92a96b5b2c822556d843550d04d1b0ec4086e26219e7ea527402f
b82f20aa5cacd9d51495f38c9e35f5002b5a6f8666f0ea38d2271634425d36e3
c01622ebe2fdca0bfa16bd1344af8561488851a4de4dafe3896828336ede58e9
c44294f7637ef1506194ef0e35f7b8fe260005a5151c1fa291fe60fa54038f7d
ca0fc4a18999ca98a691b7a2cec997de8f915f535df733692cc709ac60ff4ae3
cb44a2c5a3b4464ccfe615484e8e568f571004a46c1bb51751f57e1ff181f5a6
d288816861b40906cd99c14ab94973a06e01fce39ccc69e3a18b32b8d627c1ef
d5c2c8d7956e2af9082fe02f239bd97c426f12e7a867d1b4f1a405c124d26cea
d60f6f6072bf696af1a7769fb0b1d73b3466a6ff7afeede309048e946750f0ea
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
e03972658df775b06a9db6096a734067f5c9672a20a2a476247a0fdce306c78e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5540cbdd9a1380330cb93dbe3cca856c5e316cd979e696f11cd740091053eeb
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13
ebb991b4937d6015d8937e8d23f6fa5b315e898a018d1f0972efe59765b754b4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f7fd2b6e45639cc5ec3b0095bb0f48e2f227238e8f9e8c15a6a17fdc1bf6c4c2
fb54a8bd19a1d60e604faf4274500080bb43dfb8b2355a6550c074890ba280df
fc306ad03e79f14ca1a1a484d4e790b839ac0661246015e05c9ae575ec1b09f7
feb3f9cac5fcc2eeb779d1950911af1960152892aab8f9d939ab056b3cd00d11