urlscan.io logo urlscan.io
SecurityTrails logo

login.microsoftonline.com Open in urlscan Pro
2603:1036:3000:138::3  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://card.sak.ch/
Effective URL: https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe2-8d72-4c4f-a898-5b7...
Submission: On March 15 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 6 domains to perform 18 HTTP transactions. The main IP is 2603:1036:3000:138::3, located in and belongs to . The main domain is login.microsoftonline.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 7th 2024. Valid for: a year.
This is the only time login.microsoftonline.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 20.208.58.250 8075 (MICROSOFT...)
2 51.107.58.162 8075 (MICROSOFT...)
4 51.107.48.69 8075 (MICROSOFT...)
1 3 2603:1037:1:1... 8075 (MICROSOFT...)
1 2603:1036:300... ()
18 6
8    20.208.58.250 (Zurich, Switzerland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
card.sak.ch
2    51.107.58.162 (Zurich, Switzerland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
sak.admin.api.prod.contactify.app
4    51.107.48.69 (Zurich, Switzerland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
switzerlandnorth-0.in.applicationinsights.azure.com
3    2603:1037:1:130::6 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
contactifybiz.b2clogin.com
1    2603:1036:3000:138::3 (None, )

ASN- ()
login.microsoftonline.com
Domain Requested by
8 card.sak.ch card.sak.ch
4 switzerlandnorth-0.in.applicationinsights.azure.com card.sak.ch
3 contactifybiz.b2clogin.com 1 redirects card.sak.ch
2 sak.admin.api.prod.contactify.app card.sak.ch
1 login.microsoftonline.com card.sak.ch
0 aadcdn.msauth.net Failed login.microsoftonline.com
18 6

This site contains no links.

Subject Issuer Validity Valid
card.sak.ch
SwissSign RSA TLS DV ICA 2022 - 1		 2024-03-14 -
2025-03-14		 a year crt.sh
sak.admin.api.prod.contactify.app
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2024-03-05 -
2024-09-05		 6 months crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 07		 2024-02-02 -
2025-01-27		 a year crt.sh
graph.windows.net
DigiCert SHA2 Secure Server CA		 2024-02-07 -
2025-02-07		 a year crt.sh
stamp2.login.microsoftonline.com
DigiCert SHA2 Secure Server CA		 2024-02-07 -
2025-02-07		 a year crt.sh

This page contains 1 frames:

Primary Page: https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe2-8d72-4c4f-a898-5b72dbc87734&redirect_uri=https%3a%2f%2fcontactifybiz.b2clogin.com%2fcontactifybiz.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+email+profile&response_mode=form_post&nonce=5s%2bNu9o9f%2bvZhMCl4h8qkQ%3d%3d&ui_locales=en-US&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTVjOGIyNjUtZTNjYi00YjAzLThjOTItN2Y1ZmM1ZmZjN2I0IiwiVElEIjoiYTg2NjhjY2UtMmE4OC00YjE1LWFiOWQtMTM2NTM4ZGEyMDI2IiwiVE9JRCI6IjRmNzBhNmM3LTMxOGEtNDQ2Yy05MzJmLTI3ZjkzMTAwOGE1NyJ9
Frame ID: 40535AA161CD147FCD4384CB79FC804A
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://card.sak.ch/ Page URL
  2. https://contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/oauth2/v2.0/authorize?client_id... HTTP 302
    https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe... Page URL

Page Statistics

18
Requests

94 %
HTTPS

40 %
IPv6

6
Domains

6
Subdomains

6
IPs

2
Countries

1606 kB
Transfer

1609 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://card.sak.ch/ Page URL
  2. https://contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/oauth2/v2.0/authorize?client_id=c8dedd55-13b9-486c-ac2c-8cc04227f9e1&scope=c8dedd55-13b9-486c-ac2c-8cc04227f9e1%20openid%20profile%20offline_access&redirect_uri=https%3A%2F%2Flogin.contactify.app&client-request-id=018e42c9-5706-74c0-a424-6fc387c8913e&response_mode=fragment&response_type=code&x-client-SKU=msal.js.browser&x-client-VER=3.10.0&client_info=1&code_challenge=AJEZotpuI-VPn7Y5gzXSIozffAEZKxcja_tthq6oCjo&code_challenge_method=S256&nonce=018e42c9-5707-715b-b36d-26a51e63245e&state=eyJpZCI6IjAxOGU0MmM5LTU3MDYtNzljMC05Mjg4LTg0NmYxMWY5MDcwNSIsIm1ldGEiOnsiaW50ZXJhY3Rpb25UeXBlIjoicmVkaXJlY3QifX0%3D%7C%7B%22href%22%3A%22https%3A%2F%2Fcard.sak.ch%2F%22%7D HTTP 302
    https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe2-8d72-4c4f-a898-5b72dbc87734&redirect_uri=https%3a%2f%2fcontactifybiz.b2clogin.com%2fcontactifybiz.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+email+profile&response_mode=form_post&nonce=5s%2bNu9o9f%2bvZhMCl4h8qkQ%3d%3d&ui_locales=en-US&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTVjOGIyNjUtZTNjYi00YjAzLThjOTItN2Y1ZmM1ZmZjN2I0IiwiVElEIjoiYTg2NjhjY2UtMmE4OC00YjE1LWFiOWQtMTM2NTM4ZGEyMDI2IiwiVE9JRCI6IjRmNzBhNmM3LTMxOGEtNDQ2Yy05MzJmLTI3ZjkzMTAwOGE1NyJ9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

18 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
card.sak.ch/ 		38 KB
40 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
6348ce35d25517b0b2d85a8a80c9f770b9da0c60b56acfb723b2cdb1f24f2b5a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; connect-src 'self' https://jsd-widget.atlassian.com/api/ https://api-private.atlassian.com https://*.applicationinsights.azure.com https://*.livediagnostics.monitor.azure.com https://main.admin.api.prod.contactify.app https://contactifybiz.b2clogin.com https://deloitte.admin.api.prod.contactify.app https://roche.admin.api.prod.contactify.app https://sanitas.admin.api.prod.contactify.app https://straumann.admin.api.prod.contactify.app https://geberit.admin.api.prod.contactify.app https://sak.admin.api.prod.contactify.app; img-src 'self' blob: data: https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; script-src 'self' 'unsafe-inline' https://jsd-widget.atlassian.com/assets/ https://contactifybiz.b2clogin.com; style-src 'self' 'unsafe-inline' https://contactifybiz.b2clogin.com; style-src-elem 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://contactifybiz.b2clogin.com https://login.microsoftonline.com https://login.contactify.app/ https://login.prod.contactify.app/; upgrade-insecure-requests ; media-src 'self' blob: data: https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; manifest-src 'none'; worker-src 'none'; object-src 'none'; child-src 'self'; base-uri 'self' blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-credentials
true
access-control-allow-headers
X-CSRF-Token, X-Requested-With, Accept, Accept-Version, Content-Length, Content-MD5, Content-Type, Date, X-Api-Version
access-control-allow-methods
GET,OPTIONS,PATCH,DELETE,POST,PUT
access-control-allow-origin
*
cache-control
public, max-age=0
content-length
38926
content-security-policy
default-src 'self'; font-src 'self' https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; connect-src 'self' https://jsd-widget.atlassian.com/api/ https://api-private.atlassian.com https://*.applicationinsights.azure.com https://*.livediagnostics.monitor.azure.com https://main.admin.api.prod.contactify.app https://contactifybiz.b2clogin.com https://deloitte.admin.api.prod.contactify.app https://roche.admin.api.prod.contactify.app https://sanitas.admin.api.prod.contactify.app https://straumann.admin.api.prod.contactify.app https://geberit.admin.api.prod.contactify.app https://sak.admin.api.prod.contactify.app; img-src 'self' blob: data: https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; script-src 'self' 'unsafe-inline' https://jsd-widget.atlassian.com/assets/ https://contactifybiz.b2clogin.com; style-src 'self' 'unsafe-inline' https://contactifybiz.b2clogin.com; style-src-elem 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://contactifybiz.b2clogin.com https://login.microsoftonline.com https://login.contactify.app/ https://login.prod.contactify.app/; upgrade-insecure-requests ; media-src 'self' blob: data: https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; manifest-src 'none'; worker-src 'none'; object-src 'none'; child-src 'self'; base-uri 'self' blob: data:
content-type
text/html; charset=utf-8
date
Fri, 15 Mar 2024 15:44:32 GMT
etag
W/"980e-18dea2fd1f8"
last-modified
Tue, 27 Feb 2024 10:50:19 GMT
request-context
appId=cid-v1:
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
Express
x-xss-protection
1; mode=block
styles.d3e5713480d2738f.css
card.sak.ch/portal/ 		96 KB
96 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/styles.d3e5713480d2738f.css
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
10970b86182937d172da15fe9160a6db78a0eb161f91c8d9d5daffc2628ae8db

Request headers

accept-language
en-US,en;q=0.9
Referer
https://card.sak.ch/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:32 GMT
last-modified
Tue, 27 Feb 2024 10:50:11 GMT
etag
W/"17fee-18dea2fb2b8"
x-powered-by
Express
content-type
text/css; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
98286
request-context
appId=cid-v1:
runtime.abff0067df1b1add.js
card.sak.ch/portal/ 		4 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/runtime.abff0067df1b1add.js
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
0b92859f30e13b2a39a96b820dd1a1d0b365692a0000e30b955ccc683676a861

Request headers

Referer
https://card.sak.ch/
Origin
https://card.sak.ch
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:32 GMT
last-modified
Tue, 27 Feb 2024 10:50:11 GMT
etag
W/"f0f-18dea2fb2b8"
x-powered-by
Express
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
3855
request-context
appId=cid-v1:
Moderat-Regular.d7c6b66ce2c9b4db.woff2
card.sak.ch/portal/ 		54 KB
54 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/Moderat-Regular.d7c6b66ce2c9b4db.woff2
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
da30e5dc34b489d4f75b51e768571c37da42c7b876852b74f5de1fd2349e2538

Request headers

Referer
https://card.sak.ch/
Origin
https://card.sak.ch
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:32 GMT
last-modified
Tue, 27 Feb 2024 10:50:11 GMT
etag
W/"d848-18dea2fb2b8"
x-powered-by
Express
content-type
font/woff2
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
55368
request-context
appId=cid-v1:
polyfills.3c3f494cdedd718e.js
card.sak.ch/portal/ 		33 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
1021e8a7ae8e5fbcb72a503dee53bbf4cf6a9f66576359cd4e31041fb2288b51

Request headers

Referer
https://card.sak.ch/
Origin
https://card.sak.ch
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:32 GMT
last-modified
Tue, 27 Feb 2024 10:50:11 GMT
etag
W/"8577-18dea2fb2b8"
x-powered-by
Express
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
34167
request-context
appId=cid-v1:
main.f83ef8dc4e457174.js
card.sak.ch/portal/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/main.f83ef8dc4e457174.js
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
af702e2cc1e4f8898c4c852389196928a2948562cb9e893f8f368c785a33f93e

Request headers

Referer
https://card.sak.ch/
Origin
https://card.sak.ch
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:32 GMT
last-modified
Tue, 27 Feb 2024 10:50:11 GMT
etag
W/"14cff3-18dea2fb2b8"
x-powered-by
Express
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
content-length
1363955
request-context
appId=cid-v1:
config
card.sak.ch/portal/ 		348 B
497 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/config
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
f88892ada078b636ceaf52751110de8d34f10b4514ffc8fabf6ea8c20c535c35

Request headers

Accept
application/json, text/plain, */*
Referer
https://card.sak.ch/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

content-type
application/json; charset=utf-8
date
Fri, 15 Mar 2024 15:44:34 GMT
etag
W/"15c-ZZikggAP2kphhedrcFjrvBYAw9Y"
content-length
348
x-powered-by
Express
request-context
appId=cid-v1:
login-info
sak.admin.api.prod.contactify.app/api/v2/auth/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sak.admin.api.prod.contactify.app/api/v2/auth/login-info?baseUrl=https%3A%2F%2Fcard.sak.ch%2Fportal
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.162 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
traceparent
Access-Control-Request-Method
GET
Origin
https://card.sak.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-XSRF-TOKEN,X-Robots-Tag,Content-Type,Authorization,traceparent,tracestate
access-control-allow-methods
GET
access-control-allow-origin
https://card.sak.ch
date
Fri, 15 Mar 2024 15:44:34 GMT
request-context
appId=cid-v1:ae1938cb-1efa-42a0-a534-65cb337fb7e1
server
Kestrel
vary
Origin
En.json
card.sak.ch/portal/assets/i18n/ 		30 KB
30 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://card.sak.ch/portal/assets/i18n/En.json
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.208.58.250 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ Express
Resource Hash
af5612a68f20519f37f2fbe2783b284655e3971e81a720b9a355df486bd6b011

Request headers

Accept
application/json, text/plain, */*
Referer
https://card.sak.ch/
traceparent
00-ece50e96432f44e5a95f83eef7c879f8-038609600d4a46bb-01
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:34 GMT
last-modified
Tue, 27 Feb 2024 10:50:19 GMT
etag
W/"78e8-18dea2fd1f8"
x-powered-by
Express
content-type
application/json; charset=utf-8
cache-control
no-cache
accept-ranges
bytes
content-length
30952
request-context
appId=cid-v1:
login-info
sak.admin.api.prod.contactify.app/api/v2/auth/ 		228 B
449 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sak.admin.api.prod.contactify.app/api/v2/auth/login-info?baseUrl=https%3A%2F%2Fcard.sak.ch%2Fportal
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.162 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Kestrel /
Resource Hash
1ab01024a4f5a2160d3b0ac80fbde4d45d716bbe656a8bc8c350b9a420e99f50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
text/json
Referer
https://card.sak.ch/
traceparent
00-ece50e96432f44e5a95f83eef7c879f8-6cd1a7f34b82418b-01
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Fri, 15 Mar 2024 15:44:34 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
server
Kestrel
api-supported-versions
2.0
vary
Origin
content-type
text/json; charset=utf-8
access-control-allow-origin
https://card.sak.ch
access-control-allow-credentials
true
api-deprecated-versions
1.0
request-context
appId=cid-v1:ae1938cb-1efa-42a0-a534-65cb337fb7e1
track
switzerlandnorth-0.in.applicationinsights.azure.com/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://switzerlandnorth-0.in.applicationinsights.azure.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.107.48.69 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://card.sak.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Fri, 15 Mar 2024 15:44:34 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
switzerlandnorth-0.in.applicationinsights.azure.com/v2/ 		62 B
166 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://switzerlandnorth-0.in.applicationinsights.azure.com/v2/track
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.107.48.69 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
b5a6b8f8dced09bf18920a311f765abe1ee41b3153a14ac76cad8e42e7b8a563
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://card.sak.ch/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Fri, 15 Mar 2024 15:44:34 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
openid-configuration
contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/v2.0/.well-known/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/v2.0/.well-known/openid-configuration
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:130::6 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept
*/*
Access-Control-Request-Headers
traceparent
Access-Control-Request-Method
GET
Origin
https://card.sak.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
traceparent
Access-Control-Allow-Methods
GET, POST, OPTIONS
Access-Control-Allow-Origin
https://card.sak.ch
Access-Control-Expose-Headers
Content-Length,Content-Encoding
Allow
OPTIONS TRACE GET HEAD POST
Content-Length
0
Date
Fri, 15 Mar 2024 15:44:35 GMT
Public
OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
openid-configuration
contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/v2.0/.well-known/ 		1 KB
2 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/v2.0/.well-known/openid-configuration
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1037:1:130::6 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ba0770bb60c67b568416f3e9e027fa44b050719af7857baf2f30c39fe55ac4ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://card.sak.ch/
traceparent
00-ece50e96432f44e5a95f83eef7c879f8-73971cc92dd04415-01
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Fri, 15 Mar 2024 15:44:35 GMT
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET, OPTIONS
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
https://card.sak.ch
Public
OPTIONS,TRACE,GET,HEAD,POST
Cache-Control
no-store, must-revalidate, no-cache
Allow
OPTIONS, TRACE, GET, HEAD, POST
x-ms-gateway-requestid
77426363-05c6-4d6d-93ce-84d7bfe163a9
Content-Length
1327
X-XSS-Protection
1; mode=block
track
switzerlandnorth-0.in.applicationinsights.azure.com/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://switzerlandnorth-0.in.applicationinsights.azure.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.107.48.69 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://card.sak.ch
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Fri, 15 Mar 2024 15:44:35 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
Primary Request authorize
login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/
Redirect Chain
  • https://contactifybiz.b2clogin.com/contactifybiz.onmicrosoft.com/b2c_1_sak_sisu/oauth2/v2.0/authorize?client_id=c8dedd55-13b9-486c-ac2c-8cc04227f9e1&scope=c8dedd55-13b9-486c-ac2c-8cc04227f9e1%20ope...
  • https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe2-8d72-4c4f-a898-5b72dbc87734&redirect_uri=https%3a%2f%2fcontactifybiz.b2clogin.com%2fc...
20 KB
11 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe2-8d72-4c4f-a898-5b72dbc87734&redirect_uri=https%3a%2f%2fcontactifybiz.b2clogin.com%2fcontactifybiz.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+email+profile&response_mode=form_post&nonce=5s%2bNu9o9f%2bvZhMCl4h8qkQ%3d%3d&ui_locales=en-US&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTVjOGIyNjUtZTNjYi00YjAzLThjOTItN2Y1ZmM1ZmZjN2I0IiwiVElEIjoiYTg2NjhjY2UtMmE4OC00YjE1LWFiOWQtMTM2NTM4ZGEyMDI2IiwiVE9JRCI6IjRmNzBhNmM3LTMxOGEtNDQ2Yy05MzJmLTI3ZjkzMTAwOGE1NyJ9
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/main.f83ef8dc4e457174.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2603:1036:3000:138::3 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
26c2bbbd6a1004d459acdc9980ba4f630db2fb2231d10b02a1e3369328f95c64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://card.sak.ch/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Length
9154
Content-Type
text/html; charset=utf-8
Date
Fri, 15 Mar 2024 15:44:36 GMT
Expires
-1
P3P
CP="DSP CUR OTPi IND OTRi ONL FIN"
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-XSS-Protection
0
nel
{"report_to":"network-errors","max_age":86400,"success_fraction":0.001,"failure_fraction":1.0}
report-to
{"group":"network-errors","max_age":86400,"endpoints":[{"url":"https://identity.nel.measure.office.net/api/report?catId=GW+estsfd+est"}]}
x-ms-ests-server
2.1.17445.4 - FRC ProdSlices
x-ms-request-id
5d4dc620-da50-499e-92ad-89e96b0c2300

Redirect headers

Allow
OPTIONS TRACE GET HEAD POST
Cache-Control
no-store, must-revalidate, no-cache
Content-Length
741
Content-Type
text/html; charset=utf-8
Date
Fri, 15 Mar 2024 15:44:36 GMT
Location
https://login.microsoftonline.com/f2fa7ed6-30a7-462f-85aa-bc3ed6b0791b/oauth2/v2.0/authorize?client_id=68a96fe2-8d72-4c4f-a898-5b72dbc87734&redirect_uri=https%3a%2f%2fcontactifybiz.b2clogin.com%2fcontactifybiz.onmicrosoft.com%2foauth2%2fauthresp&response_type=code&scope=openid+email+profile&response_mode=form_post&nonce=5s%2bNu9o9f%2bvZhMCl4h8qkQ%3d%3d&ui_locales=en-US&state=StateProperties%3deyJTSUQiOiJ4LW1zLWNwaW0tcmM6ZTVjOGIyNjUtZTNjYi00YjAzLThjOTItN2Y1ZmM1ZmZjN2I0IiwiVElEIjoiYTg2NjhjY2UtMmE4OC00YjE1LWFiOWQtMTM2NTM4ZGEyMDI2IiwiVE9JRCI6IjRmNzBhNmM3LTMxOGEtNDQ2Yy05MzJmLTI3ZjkzMTAwOGE1NyJ9
Public
OPTIONS,TRACE,GET,HEAD,POST
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
x-ms-gateway-requestid
4a297091-7116-47e2-ad7e-6a73d48462bf
track
switzerlandnorth-0.in.applicationinsights.azure.com/v2/ 		62 B
120 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://switzerlandnorth-0.in.applicationinsights.azure.com/v2/track
Requested by
Host: card.sak.ch
URL: https://card.sak.ch/portal/polyfills.3c3f494cdedd718e.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
51.107.48.69 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://card.sak.ch/
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
Content-Type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Fri, 15 Mar 2024 15:44:35 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
BssoInterrupt_Core_3j2JgMBNuZbncq02org-aA2.js
aadcdn.msauth.net/shared/1.0/content/js/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
aadcdn.msauth.net
URL
https://aadcdn.msauth.net/shared/1.0/content/js/BssoInterrupt_Core_3j2JgMBNuZbncq02org-aA2.js

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Domain/Path Name / Value
card.sak.ch/ Name: ai_user
Value: LO4zZeQz5FDifNseQ5dCWK|2024-03-15T15:44:34.105Z
card.sak.ch/ Name: ai_session
Value: oGIUEH9S9R+d9htJdthlCf|1710517474211|1710517474211
.contactifybiz.b2clogin.com/ Name: x-ms-cpim-sso:contactifybiz.onmicrosoft.com_0
Value: m1.Q2haS5Z0DJCjfN66.5lLWabf/UKq/CVVrCgcW3Q==.0.9OURV/Bcf5yVAFBpIwuAi0UqBKTL/8T5WaStzkRRgoRencI4W7/gIbgKKyFsywHdAK2Gbyxcz/DmsA4JbkoGdzNShYfZvbbTMfr//TV1G/TmsbDSZZP/4/bInKGX77UveEX/fnOAgbNwwumCNmXfQgP9lUm+d6zBmU4ZD6FzVQ5rTKi+UOvhDNH5FIGTCi8qwxPSwxw+O75OdxyVcx4V7e0UL2JitI64IgDmsuTml5/6zlmiyY4CH7DO0MCHpfWM3oIGEnFrrgVtmtJ+qI8FVqnW/tkSLhpkm1G9GU36CgYTj+Wv+pfGHl3sLF37fS7X7g0G3ePivsSJw4RbAM1RJqj5HWhFcfFUVAVZWUKp8KhxEZigqKIGASsPEIfLb6Mf3k1+OpYujBYsM6dsbjItwz1MuWme+6gorPkLUztZNOcEF4HaticMhcj94foquAG362WzeN+1V1uwj8vGpY8X/gAxDNmbX7cIQAy76dpyOeMzwJIGkVsr9MoRVd6zDA2zEeDqLeOV++WX2x97OyL+
.contactifybiz.b2clogin.com/ Name: x-ms-cpim-rc:e5c8b265-e3cb-4b03-8c92-7f5fc5ffc7b4
Value: U2tlTWw4d3QxQ05uTHYyOGZKYk9iZkdjS0xSNFJWdElPZ1R6UHJxSVJ1LzVHS2ZERGY5aDBEU3EzemVtR3k0MW5xMzhVcTIvUk4vNjZoVERCays5clE9PTsyMDI0LTAzLTE1VDE1OjQ0OjM3LjQ1Njk1MzhaO1l5M2UwNFh1VEtCalhzVlc2akNKZVE9PTt7IlRhcmdldEVudGl0eSI6IlNBSyIsIk9yY2hlc3RyYXRpb25TdGVwIjoyfQ==
.contactifybiz.b2clogin.com/ Name: x-ms-cpim-cache|zoxmqigqfuurnrnlonogjg_0
Value: m1.bR5vfITsZlvvKe58.n/Pc/7bM6KqYwFMfeRlMCQ==.0.44DM84Jn6kbq+8dsJ68ZNXp3s7C6wjKATm9XePwm7GStv7/GX8ORxanIumsfAPEzmylHJsM1iMYx91ri7nzs3QDDFanqpU2loKzvcftSqgyR4R2uqeRpMFsiVRAESP3oe9R85LRoLX5jB7uWEGJ4u2u4Ml/PjhjiGTtm/Jt+7fauzMpXSFlr235jnsop7PAb9fo//VT/FVq77DFg7Nv4fDg+HgC3n9b74THlwrT5QobkqEUwttbICSCEF3yywJHsRzrdaHb7rTmIaZ2xHFN8iDhVrN08UW6rA86KNaYLcZbEYtmgsQ9xWvjs2qItN7l0tBGyIgSYF5qHt1DrtjOt7wU5xVvWq9+2atrp+BpTmLAZL/9V2wMQCdNHiM9jNW/lrcacvT2pyL83nIp4jNKl3bE5T7A2CqewIttKk52jEIanCeYf50Y4KfQPcGeix0YgE/8zWzSSphTZ7nj8gOshDaFcwEgCy8w+Af8/qLjztPWN7HxaxcSERCVY8r58ull4jwUTAKeXq84pK2B9D6i7uGUqmKgQemaUlDWATQpZXzb9jVmWIL8LJQm+5afmFXE5mdaWK2pqKHVUoXW/7xvS1tNGf5jgmOD3baZaSJJ72y8fX8NYt3RmkOich6oL98Nb3TLcYNth1xod+I0a4DEW+/oqQAKea1HT3p1dvruvAKoq9FR+Cadaf/jIVdDU7tCHsX6brrF1H7cMmW0kRHvaaTRVdF/83ipd6HOL0pVKJaNTE8pZ3GNmS0qrpsZJZL9pdKjGDcgO3zL3Nke5vv8WO8txS24+1lvSNYMTP+wPo7KzSP4LnFcOA8M4LL5FiBknhP7Wyu3Zlm5QOO3YDy56d50S4k2UnC1IdCeHYOY2tcc95TmeWKQZRtr4p0V4elu87ixYCVrvgkYozoRrhRN7JByA7WD4rjdC4pfB7gCeLZscUfN3jIWRPDTvkDDC11NnOXYZX79pGoyqfoJw4zwHfeQXgJDagXqzjcPoceBxL3OF3Ul6D/JcRd9DUCG9CfZbUMc2wZ9MQIl8Q0VYajIhLUdC3YpY3kqao3rdiitSq5CNxeyhyaV1bDPDG8xQXeg3vTRoi0pzhYSctl0dSsbtjPKmz/jUUgzHePmSj49fG6eGxyh/970XWi1BISdbUXPK8a8X8rqxtIt1LOKWP6mH/D6urU2FO7AbgZI8Njcw6+cHkaLZZP8yp+Z4EKCA2OMtGqTZsm7KLDO+7DncZ9xBPo0XLd8fKiqhsdiM79NzkPlpM4baYSZfKDJAEUfkJ5hFK0lY2PXQG+Ee4rtqALGMA8a4sV2UCpOxOjmcArAkDr0SnRQbrFn5GnZyv0htUHZiovdr3X1iilsStwM5sECkhnB0au8xpnkx64dGl4+TAWYNTv09EXb2yTAihuBjpNeZvWksIWlvpHOV4g4LHhLuI49RC1Mla8BbJLN3rAW3fLIcJidfGVXjneX0B/r8crJhA1xghcOaVriXKNkNAtUlkDVtbEOPobO8mnbcz11hjr7lnzw=
.contactifybiz.b2clogin.com/ Name: x-ms-cpim-trans
Value: eyJUX0RJQyI6W3siSSI6ImE4NjY4Y2NlLTJhODgtNGIxNS1hYjlkLTEzNjUzOGRhMjAyNiIsIlQiOiJjb250YWN0aWZ5Yml6Lm9ubWljcm9zb2Z0LmNvbSIsIlAiOiJiMmNfMV9zYWtfc2lzdSIsIkMiOiJjOGRlZGQ1NS0xM2I5LTQ4NmMtYWMyYy04Y2MwNDIyN2Y5ZTEiLCJTIjoxLCJNIjp7fSwiRCI6MCwiRSI6IiJ9XSwiQ19JRCI6ImE4NjY4Y2NlLTJhODgtNGIxNS1hYjlkLTEzNjUzOGRhMjAyNiJ9
contactifybiz.b2clogin.com/ Name: x-ms-cpim-geo
Value: EU

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; font-src 'self' https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; connect-src 'self' https://jsd-widget.atlassian.com/api/ https://api-private.atlassian.com https://*.applicationinsights.azure.com https://*.livediagnostics.monitor.azure.com https://main.admin.api.prod.contactify.app https://contactifybiz.b2clogin.com https://deloitte.admin.api.prod.contactify.app https://roche.admin.api.prod.contactify.app https://sanitas.admin.api.prod.contactify.app https://straumann.admin.api.prod.contactify.app https://geberit.admin.api.prod.contactify.app https://sak.admin.api.prod.contactify.app; img-src 'self' blob: data: https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; script-src 'self' 'unsafe-inline' https://jsd-widget.atlassian.com/assets/ https://contactifybiz.b2clogin.com; style-src 'self' 'unsafe-inline' https://contactifybiz.b2clogin.com; style-src-elem 'self' 'unsafe-inline'; form-action 'self'; frame-ancestors 'none'; frame-src 'self' https://contactifybiz.b2clogin.com https://login.microsoftonline.com https://login.contactify.app/ https://login.prod.contactify.app/; upgrade-insecure-requests ; media-src 'self' blob: data: https://contactifystorageprod.blob.core.windows.net https://deloittestorageprod.blob.core.windows.net https://rochestorageprod.blob.core.windows.net https://sanitasstorageprod.blob.core.windows.net https://straumannstorageprod.blob.core.windows.net https://geberitstorageprod.blob.core.windows.net https://sakstorageprod.blob.core.windows.net; manifest-src 'none'; worker-src 'none'; object-src 'none'; child-src 'self'; base-uri 'self' blob: data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block