urlscan.io logo urlscan.io
SecurityTrails logo

mft.bestbuy.com Open in urlscan Pro
168.94.230.77  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mft.bestbuy.com/portal-seefx/app/?shared-item=4801db85-7ee0-4425-a33e-0dfc983c15f5
Effective URL: https://mft.bestbuy.com/portal-seefx/login.jsp
Submission: On November 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 168.94.230.77, located in Minneapolis, United States and belongs to BESTBUY, US. The main domain is mft.bestbuy.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on June 27th 2021. Valid for: a year.
This is the only time mft.bestbuy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 168.94.230.77 11596 (BESTBUY)
11 1
Apex Domain
Subdomains		 Transfer
12 bestbuy.com
mft.bestbuy.com
139 KB
11 1
Domain Requested by
12 mft.bestbuy.com 1 redirects mft.bestbuy.com
11 1

This site contains no links.

Subject Issuer Validity Valid
mft.bestbuy.com
Entrust Certification Authority - L1K		 2021-06-27 -
2022-07-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://mft.bestbuy.com/portal-seefx/login.jsp
Frame ID: 14D9ECB5D626B45E9E81A4B507CD224A
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Page URL History Show full URLs

  1. https://mft.bestbuy.com/portal-seefx/app/?shared-item=4801db85-7ee0-4425-a33e-0dfc983c15f5 HTTP 302
    https://mft.bestbuy.com/portal-seefx/login.jsp Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

136 kB
Transfer

231 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mft.bestbuy.com/portal-seefx/app/?shared-item=4801db85-7ee0-4425-a33e-0dfc983c15f5 HTTP 302
    https://mft.bestbuy.com/portal-seefx/login.jsp Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.jsp
mft.bestbuy.com/portal-seefx/
Redirect Chain
  • https://mft.bestbuy.com/portal-seefx/app/?shared-item=4801db85-7ee0-4425-a33e-0dfc983c15f5
  • https://mft.bestbuy.com/portal-seefx/login.jsp
8 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
423f5b6556093fbda897105f0a40de5751c17bbea12465e20c11a5638c1fe4f0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server-Timing
dtRpid;desc="1633216189"
X-OneAgent-JS-Injection
true
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
Cache-Control
private, no-cache, no-store
Pragma
no-cache
Expires
Mon, 01 Nov 2021 19:24:45 GMT
Content-Type
text/html;charset=UTF-8
Transfer-Encoding
chunked
Date
Mon, 01 Nov 2021 19:24:45 GMT
Server
SEEBURGER JBossAS

Redirect headers

Server-Timing
dtRpid;desc="-481034471"
X-OneAgent-JS-Injection
true
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
Location
https://mft.bestbuy.com/portal-seefx/login.jsp
Content-Length
0
Date
Mon, 01 Nov 2021 19:24:45 GMT
Server
SEEBURGER JBossAS
login.css
mft.bestbuy.com/portal-seefx/VAADIN/themes/default/ 		5 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
448a36c924035a791eddf030a09e2bd7d3e54ba4211b4d42bfc691f26bf7684c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options
nosniff
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Last-Modified
Wed, 13 Oct 2021 07:28:15 GMT
Server
SEEBURGER JBossAS
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-OneAgent-JS-Injection
true
Cache-Control
public
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
Content-Length
5128
X-XSS-Protection
1; mode=block
Expires
Mon, 01 Nov 2021 19:24:46 GMT
login.css
mft.bestbuy.com/portal-seefx/custom/ 		870 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/custom/login.css
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
58e4d348fc71df45f9e9b5c24a517e40db69631ebeedff545d144b958118c417
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options
nosniff
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Last-Modified
Wed, 13 Oct 2021 07:28:30 GMT
Server
SEEBURGER JBossAS
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=ISO-8859-1
X-OneAgent-JS-Injection
true
Cache-Control
public
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
Content-Length
870
X-XSS-Protection
1; mode=block
Expires
Mon, 01 Nov 2021 19:24:46 GMT
ruxitagentjs_ICA2SVfqru_10215210506134511.js
mft.bestbuy.com/portal-seefx/ 		183 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/ruxitagentjs_ICA2SVfqru_10215210506134511.js
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
b9af76064fef50f14f903d1dfe6020a9dd2c91dc6fa0ecce0dd0c0467819dc45

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Date
Mon, 01 Nov 2021 19:24:45 GMT
Content-Encoding
gzip
Last-Modified
Wed, 03 Mar 2010 07:01:40 GMT
Server
SEEBURGER JBossAS
Vary
Accept-Encoding
Content-Type
text/javascript;charset=utf-8
Cache-Control
public, max-age=31536000, immutable
Content-Length
73133
Expires
Tue, 01 Nov 2022 19:24:46 GMT
mobileLogin.css
mft.bestbuy.com/portal-seefx/VAADIN/themes/default/ 		2 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/mobileLogin.css
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/login.jsp
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
23075ccb8df8eb25c2dc197691de563e41afb80e17d07f09dee24c96e2d04b1e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/login.jsp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options
nosniff
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Last-Modified
Wed, 13 Oct 2021 07:28:15 GMT
Server
SEEBURGER JBossAS
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
X-OneAgent-JS-Injection
true
Cache-Control
public
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
Content-Length
2059
X-XSS-Protection
1; mode=block
Expires
Mon, 01 Nov 2021 19:24:46 GMT
background
mft.bestbuy.com/portal-seefx/custom/file/login/header/ 		182 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mft.bestbuy.com/portal-seefx/custom/file/login/header/background
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
7e2eeb8a1099221c540f679c9b4ea7d94c642aacc22fd26bf356f13bded457fd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtRpid;desc="1704922451"
Content-Length
182
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 13 Oct 2021 08:00:30 GMT
Server
SEEBURGER JBossAS
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Expires
Mon, 01 Nov 2021 19:24:46 GMT
Cache-Control
public
ETag
"1634112031:dtagent10215210506134511SpKR"
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
logo
mft.bestbuy.com/portal-seefx/custom/file/login/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mft.bestbuy.com/portal-seefx/custom/file/login/logo
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
78a63c961c439ad806b617f5ba39fbf81cb503da792e7eb69807a8cc4ae27ce1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtRpid;desc="-1466446769"
Content-Length
2881
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 20 Aug 2018 16:42:05 GMT
Server
SEEBURGER JBossAS
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Expires
Mon, 01 Nov 2021 19:24:46 GMT
Cache-Control
public
ETag
"1534783326:dtagent10215210506134511SpKR"
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
background
mft.bestbuy.com/portal-seefx/custom/file/login/ 		28 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mft.bestbuy.com/portal-seefx/custom/file/login/background
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
6b7c8231af91d1102c2569865ff4f70f3a3735c4e3cadd1ad4a0cc3ad28301ac
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtRpid;desc="-488790773"
Content-Length
28789
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 20 Aug 2018 16:42:56 GMT
Server
SEEBURGER JBossAS
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Expires
Mon, 01 Nov 2021 19:24:46 GMT
Cache-Control
public
ETag
"1534783377:dtagent10215210506134511SpKR"
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
button
mft.bestbuy.com/portal-seefx/custom/file/login/ 		1 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mft.bestbuy.com/portal-seefx/custom/file/login/button
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
57825d9ef8a18bd01a387af119adfcc1f903d71c535f0ed1ca333d2593694c21
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mft.bestbuy.com/portal-seefx/VAADIN/themes/default/login.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security
max-age=2592000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-OneAgent-JS-Injection
true
Server-Timing
dtRpid;desc="519750791"
Content-Length
1179
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 13 Oct 2021 08:00:30 GMT
Server
SEEBURGER JBossAS
Date
Mon, 01 Nov 2021 19:24:45 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Expires
Mon, 01 Nov 2021 19:24:46 GMT
Cache-Control
public
ETag
"1634112031:dtagent10215210506134511SpKR"
X-WebKit-CSP
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
rb_f083cd87-8c9f-4247-a1d4-4095b09a1bf8
mft.bestbuy.com/portal-seefx/ 		110 B
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/rb_f083cd87-8c9f-4247-a1d4-4095b09a1bf8?type=js&session=v_4_srv_31_sn_2244DF8274CF8F6A4A847441823A4DD3_perc_100000_ol_0_mul_1_app-3A2de7a9a9cd44b3d0_1&svrid=31&flavor=post&visitID=CCDERWJSCSHKARURUKENPKGTIOCORBMQ-0&modifiedSince=1635791483821&referer=https%3A%2F%2Fmft.bestbuy.com%2Fportal-seefx%2Flogin.jsp&app=2de7a9a9cd44b3d0&crc=3764741262&end=1
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/ruxitagentjs_ICA2SVfqru_10215210506134511.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
03020fa0e910e3b63563f5d4fab8c0e3bb3342ec54ee7c34821476f805db973b

Request headers

Referer
https://mft.bestbuy.com/portal-seefx/login.jsp
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 01 Nov 2021 19:24:48 GMT
Server
SEEBURGER JBossAS
Content-Length
110
Content-Type
text/plain;charset=utf-8
rb_f083cd87-8c9f-4247-a1d4-4095b09a1bf8
mft.bestbuy.com/portal-seefx/ 		110 B
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://mft.bestbuy.com/portal-seefx/rb_f083cd87-8c9f-4247-a1d4-4095b09a1bf8?type=js&session=v_4_srv_31_sn_2244DF8274CF8F6A4A847441823A4DD3_perc_100000_ol_0_mul_1_app-3A2de7a9a9cd44b3d0_1&svrid=31&flavor=post&visitID=CCDERWJSCSHKARURUKENPKGTIOCORBMQ-0&modifiedSince=1635791483821&referer=https%3A%2F%2Fmft.bestbuy.com%2Fportal-seefx%2Flogin.jsp&app=2de7a9a9cd44b3d0&crc=1196988957&end=1
Requested by
Host: mft.bestbuy.com
URL: https://mft.bestbuy.com/portal-seefx/ruxitagentjs_ICA2SVfqru_10215210506134511.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
168.94.230.77 Minneapolis, United States, ASN11596 (BESTBUY, US),
Reverse DNS
mft.bestbuy.com
Software
SEEBURGER JBossAS /
Resource Hash
03020fa0e910e3b63563f5d4fab8c0e3bb3342ec54ee7c34821476f805db973b

Request headers

Referer
https://mft.bestbuy.com/portal-seefx/login.jsp
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.54 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 01 Nov 2021 19:24:50 GMT
Server
SEEBURGER JBossAS
Content-Length
110
Content-Type
text/plain;charset=utf-8

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| dT_ object| dtrum number| unlW number| unW number| undW number| unltW number| pltW number| tw function| getW function| setW function| getTW function| getSubmitBody function| showPLV function| hideErr function| onFormSubmit function| closeMessage function| toggleMessage function| getEl function| getP function| getQP function| isSuccessURL function| isPL function| createXR function| validateResp

6 Cookies

Domain/Path Name / Value
.bestbuy.com/ Name: dtCookie
Value: v_4_srv_31_sn_2244DF8274CF8F6A4A847441823A4DD3_perc_100000_ol_0_mul_1_app-3A2de7a9a9cd44b3d0_1
mft.bestbuy.com/ Name: JSESSIONID
Value: 4A728339EB5C6FB66469B7A8BB5D58D2
.bestbuy.com/ Name: rxVisitor
Value: 1635794686699R37GG98MUIO8DPNP07F7326PQKJQN2FH
.bestbuy.com/ Name: dtSa
Value: -
.bestbuy.com/ Name: rxvt
Value: 1635796486997|1635794686700
.bestbuy.com/ Name: dtPC
Value: 31$194686697_1h-vCCDERWJSCSHKARURUKENPKGTIOCORBMQ-0e1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
Strict-Transport-Security max-age=2592000; includeSubDomains; preload
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://s.ytimg.com/yts/jsbin/ https://www.google.com/js/; connect-src 'self' *.googlevideo.com; style-src 'self' 'unsafe-inline' https://s.ytimg.com/yts/cssbin/; img-src 'self' blob: 'self' data: *.youtube.com https://i.ytimg.com; font-src 'self' data: https://fonts.gstatic.com; frame-src 'self' data: https://www.youtube.com; child-src 'self' data: https://www.youtube.com; frame-ancestors 'self'; media-src blob:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block