Submitted URL: https://cashproonline.bankofamerica.com/
Effective URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Submission: On November 21 via api from US — Scanned from DE

Summary

This website contacted 8 IPs in 2 countries across 3 domains to perform 45 HTTP transactions. The main IP is 104.97.80.101, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is cashproonline.bankofamerica.com. The Cisco Umbrella rank of the primary domain is 34119.
TLS certificate: Issued by Entrust Certification Authority - L1M on July 5th 2022. Valid for: a year.
This is the only time cashproonline.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 15 104.97.80.101 20940 (AKAMAI-ASN1)
14 23.205.231.125 16625 (AKAMAI-AS)
8 171.161.146.123 10794 (BANKAMERICA)
8 2606:4700::68... 13335 (CLOUDFLAR...)
1 171.161.100.200 10794 (BANKAMERICA)
1 52.24.58.112 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
45 8
Apex Domain
Subdomains
Transfer
39 bankofamerica.com
cashproonline.bankofamerica.com — Cisco Umbrella Rank: 34119
cashproonline-ex-static-prodb.bankofamerica.com — Cisco Umbrella Rank: 180721
fedsso-cashpro.bankofamerica.com — Cisco Umbrella Rank: 40229
secure.bankofamerica.com — Cisco Umbrella Rank: 12163
cashproonline-img024.bankofamerica.com — Cisco Umbrella Rank: 51574
3 MB
8 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 410
136 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 690
295 B
45 3
Domain Requested by
15 cashproonline.bankofamerica.com 3 redirects cashproonline-ex-static-prodb.bankofamerica.com
cashproonline.bankofamerica.com
14 cashproonline-ex-static-prodb.bankofamerica.com cashproonline.bankofamerica.com
cashproonline-ex-static-prodb.bankofamerica.com
8 cdn.cookielaw.org cashproonline-ex-static-prodb.bankofamerica.com
cdn.cookielaw.org
cashproonline.bankofamerica.com
8 fedsso-cashpro.bankofamerica.com cashproonline-ex-static-prodb.bankofamerica.com
fedsso-cashpro.bankofamerica.com
1 geolocation.onetrust.com cashproonline-ex-static-prodb.bankofamerica.com
1 cashproonline-img024.bankofamerica.com cashproonline-ex-static-prodb.bankofamerica.com
1 secure.bankofamerica.com cashproonline-ex-static-prodb.bankofamerica.com
45 7
Subject Issuer Validity Valid
cashproonline-ex-prod.bankofamerica.com
Entrust Certification Authority - L1M
2022-07-05 -
2023-07-05
a year crt.sh
cashproonlinestatic.bankofamerica.com
Entrust Certification Authority - L1M
2022-02-04 -
2023-02-04
a year crt.sh
fedsso.bankofamerica.com
Entrust Certification Authority - L1M
2022-05-10 -
2023-05-10
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2022-05-01 -
2023-05-01
a year crt.sh
secure.bankofamerica.com
Entrust Certification Authority - L1M
2022-06-27 -
2023-06-27
a year crt.sh
cashproonline-ecache.bankofamerica.com
Entrust Certification Authority - L1M
2022-03-21 -
2023-03-21
a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2022-01-12 -
2023-01-12
a year crt.sh

This page contains 4 frames:

Primary Page: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Frame ID: 97F95DFBC59E0CB9367EBE7059B64BA3
Requests: 37 HTTP requests in this frame

Frame: https://cashproonline.bankofamerica.com/cpwportal/terminateSession.jsp
Frame ID: 03C10A59F21B92C4BAF4FE178F8490D5
Requests: 1 HTTP requests in this frame

Frame: https://cashproonline.bankofamerica.com/pa/oidc/logout
Frame ID: E0DF10AD47877AC94CCB6539723FA493
Requests: 1 HTTP requests in this frame

Frame: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Frame ID: C374D37E25282546EAE566764198B65D
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Willkommen bei CashPro OnlineBack ButtonSearch IconFilter Icon

Page URL History Show full URLs

  1. https://cashproonline.bankofamerica.com/ HTTP 301
    https://cashproonline.bankofamerica.com/cpwportal/appmanager/cpo/public HTTP 302
    https://cashproonline.bankofamerica.com/cpoauthweb/login/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

45
Requests

100 %
HTTPS

29 %
IPv6

3
Domains

7
Subdomains

8
IPs

2
Countries

2909 kB
Transfer

5231 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cashproonline.bankofamerica.com/ HTTP 301
    https://cashproonline.bankofamerica.com/cpwportal/appmanager/cpo/public HTTP 302
    https://cashproonline.bankofamerica.com/cpoauthweb/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16
  • https://cashproonline.bankofamerica.com/redirect/session/public/signout HTTP 302
  • https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping

45 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cashproonline.bankofamerica.com/cpoauthweb/login/
Redirect Chain
  • https://cashproonline.bankofamerica.com/
  • https://cashproonline.bankofamerica.com/cpwportal/appmanager/cpo/public
  • https://cashproonline.bankofamerica.com/cpoauthweb/login/
19 KB
8 KB
Document
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b56ae7a92c47e27b56ce64b54a664fce54b91be903b2f78683049495e6be0f42
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/; style-src 'self' *.bankofamerica.com:* 'nonce-t6Ck2InycWCIm7j4B6DS'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org blob: 'nonce-t6Ck2InycWCIm7j4B6DS';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload max-age=15552000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Language
de-DE
Content-Type
text/html;charset=ISO-8859-1
Date
Mon, 21 Nov 2022 22:37:52 GMT
Keep-Alive
timeout=5, max=511
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload max-age=15552000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding,Origin
content-security-policy
default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/; style-src 'self' *.bankofamerica.com:* 'nonce-t6Ck2InycWCIm7j4B6DS'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org blob: 'nonce-t6Ck2InycWCIm7j4B6DS';

Redirect headers

Connection
Keep-Alive
Content-Length
241
Content-Type
text/html; charset=iso-8859-1
Date
Mon, 21 Nov 2022 22:37:52 GMT
Keep-Alive
timeout=5, max=512
Location
https://cashproonline.bankofamerica.com/cpoauthweb/login/
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
styles.5a4b91034ec5ab63d9d6.css
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
281 KB
42 KB
Stylesheet
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/styles.5a4b91034ec5ab63d9d6.css
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2488e0a6546c705636efa20207cfa0952a4d4a0d5dd254ab84166c6af4671ccb
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:53 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:00:56 GMT
Server
AkamaiNetStorage
ETag
"a3baa9f2eb1c0aa3c436909d6fd520fc:1668272456.118902"
Vary
Accept-Encoding
Content-Type
text/css
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
42173
runtime-es2015.2e0802f3341136cbde2d.js
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
1 KB
1 KB
Script
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/runtime-es2015.2e0802f3341136cbde2d.js
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
543cb61bcc8ceb0f5661de06417097a4c28f93b23a6fa13a2dd3858f7133f5b3
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://cashproonline.bankofamerica.com/
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:53 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:00:58 GMT
Server
AkamaiNetStorage
ETag
"cf6ce5c1d969189d2ee75f4dce7b63a1:1668272458.025788"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Origin-Header
ORIGIN-VALUE
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
740
polyfills-es2015.732a26d1249404600258.js
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
209 KB
71 KB
Script
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
298b415a89ac34245a2584fa690f5b794871d502897773d8f85299541b781ac2
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://cashproonline.bankofamerica.com/
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:53 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:00:57 GMT
Server
AkamaiNetStorage
ETag
"d3339e65769e0d017ea7472d8e5a3d4d:1668272457.117203"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Origin-Header
ORIGIN-VALUE
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
scripts.a09e8db93c27242efb6f.js
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
118 KB
41 KB
Script
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/scripts.a09e8db93c27242efb6f.js
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
f14584120b851032a162e91e71b9c02d8b3e2ba85ed9c6c31d6b4c916ad0adb9
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:53 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:00:55 GMT
Server
AkamaiNetStorage
ETag
"53feee93a85c32e6a9c714a4cc3004c5:1668272455.048027"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
vendor-es2015.2ef31c73200163c62ea1.js
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
1 MB
297 KB
Script
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/vendor-es2015.2ef31c73200163c62ea1.js
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
3d0d078769b02cfa8968808570e401da0a6e050d6ff1c3178f7d56ff19ad786d
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://cashproonline.bankofamerica.com/
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:53 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:00:55 GMT
Server
AkamaiNetStorage
ETag
"7dc4a5db7d98ac33fb1d86457ac89da6:1668272455.443833"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Origin-Header
ORIGIN-VALUE
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
main-es2015.92e59d3a6f2a891031d9.js
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
551 KB
108 KB
Script
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/main-es2015.92e59d3a6f2a891031d9.js
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2242092b4ef5be761e6537e9a5088fde42f270a7244e89f52dbfa443d611616d
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://cashproonline.bankofamerica.com/
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:53 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:00:57 GMT
Server
AkamaiNetStorage
ETag
"79009ee3a575ef331af52b42b2dd86b1:1668272457.531948"
Vary
Accept-Encoding
Transfer-Encoding
chunked
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Origin-Header
ORIGIN-VALUE
Connection
keep-alive, Transfer-Encoding
Accept-Ranges
bytes
initSession
cashproonline.bankofamerica.com/cpoauthweb/api/login/
4 KB
3 KB
XHR
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/api/login/initSession
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
4147096d14184ab8e9b80565c6f89c4c43a95c60476b95eb96ee8b819080d7b6
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/; style-src 'self' *.bankofamerica.com:* 'nonce-t6Ck2InycWCIm7j4B6DS'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org blob: 'nonce-t6Ck2InycWCIm7j4B6DS';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload, max-age=15552000; includeSubDomains

Request headers

Pragma
no-cache
accept-language
de-DE,de;q=0.9
X-BFS-TOKEN
561be797-14be-442e-b7ae-f6303a8c0c1e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
X-Frame-Options
SAMEORIGIN
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload, max-age=15552000; includeSubDomains
Content-Encoding
gzip
content-security-policy
default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/; style-src 'self' *.bankofamerica.com:* 'nonce-t6Ck2InycWCIm7j4B6DS'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org blob: 'nonce-t6Ck2InycWCIm7j4B6DS';
Vary
Accept-Encoding,Origin
Content-Type
application/json
Cache-Control
no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=5, max=510
Content-Length
1624
CashproBanner.json
cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/Banner/
0
609 B
XHR
General
Full URL
https://cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/Banner/CashproBanner.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Pragma
no-cache
accept-language
de-DE,de;q=0.9
X-BFS-TOKEN
561be797-14be-442e-b7ae-f6303a8c0c1e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
X-Frame-Options
SAMEORIGIN
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Vary
Origin
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=5, max=509
Content-Length
0
connections_regular-web.cb6f8af9f2b33b47ac2c.woff
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
82 KB
83 KB
Font
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/connections_regular-web.cb6f8af9f2b33b47ac2c.woff
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/styles.5a4b91034ec5ab63d9d6.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
1172386e1cd9f7fd9d7646df035d93473bbbf19e1b325fc54d9c2aa76e5a7a80
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/styles.5a4b91034ec5ab63d9d6.css
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:01:06 GMT
Server
AkamaiNetStorage
ETag
"6be2608379aa1dcee39359986a09502e:1668272466.617845"
Content-Type
font/woff
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Origin-Header
ORIGIN-VALUE
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
84472
phoenix.6c67723e5c04197c6705.woff2
cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/
18 KB
19 KB
Font
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/phoenix.6c67723e5c04197c6705.woff2
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/styles.5a4b91034ec5ab63d9d6.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
97b89e21d5c324f201e5d5585210092e4f116a111fc23b2d85a784b546e71318
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/styles.5a4b91034ec5ab63d9d6.css
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Sat, 12 Nov 2022 17:01:01 GMT
Server
AkamaiNetStorage
ETag
"2f9ffdb5416c72d4e4934c3357d49f96:1668272461.713217"
Content-Type
font/woff2
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Origin-Header
ORIGIN-VALUE
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18600
truncated
/
70 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2f87d4adf66a41cbc106b73ac9e4aa22df539d3b3f3cf8b3cd4cad7ffa8e40a9

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/png
Bofa_primary.svg
cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/
7 KB
3 KB
Image
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/Bofa_primary.svg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
62873babdb6e2c46f99d1387c40ba0cf359b870db34d4147634e536badc9cafc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Sat, 12 Nov 2022 10:51:50 GMT
ETag
"1b75-5ed43cb1fbd80-gzip"
Vary
Accept-Encoding,Origin
Content-Type
image/svg+xml
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=511
Content-Length
2694
QRdefault.svg
cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/
29 KB
4 KB
Image
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/QRdefault.svg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
03a340cf0e732ccd9f023d5c16ed1dd9fdd3576b0fcd2d522c867bbcc6754666
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Sat, 12 Nov 2022 10:51:50 GMT
ETag
"75c4-5ed43cb1fbd80-gzip"
Vary
Accept-Encoding,Origin
Content-Type
image/svg+xml
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=511
Content-Length
2980
BAClogo-white.png
cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/
3 KB
3 KB
Image
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/BAClogo-white.png
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f81821e62327cd727923e491baebbc36807116aefade18ae0798a378326e14bb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Last-Modified
Sat, 12 Nov 2022 10:51:50 GMT
ETag
"ad0-5ed43cb1fbd80"
Vary
Origin
Content-Type
image/png
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=511
Content-Length
2768
terminateSession.jsp
cashproonline.bankofamerica.com/cpwportal/ Frame 03C1
4 KB
2 KB
Document
General
Full URL
https://cashproonline.bankofamerica.com/cpwportal/terminateSession.jsp
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/main-es2015.92e59d3a6f2a891031d9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
75bd962a59c1dd6e314be08c966e33b4febb4ffbc79471cd062507addc1ffdc9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Set-Cookie,Origin,Accept,X-Requested-With, Content-Type, Authorization,cache-control, pragma
Access-Control-Allow-Methods
GET, HEAD, POST, PUT, DELETE, TRACE, OPTIONS, PATCH
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com/
Access-Control-Max-Age
3600
Cache-Control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0, max-age=0, s-maxage=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Length
664
Content-Type
text/html;charset=ISO-8859-1
Date
Mon, 21 Nov 2022 22:37:54 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=512
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
Vary
Accept-Encoding,Origin
logout
cashproonline.bankofamerica.com/pa/oidc/ Frame E0DF
0
0
Document
General
Full URL
https://cashproonline.bankofamerica.com/pa/oidc/logout
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/main-es2015.92e59d3a6f2a891031d9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Date
Mon, 21 Nov 2022 22:37:54 GMT
Keep-Alive
timeout=5, max=512
X-Frame-Options
DENY
cache-control
no-cache,no-store,max-age=0
content-length
1204
content-type
text/html; charset=UTF-8
expires
0
pragma
no-cache
startSLO.ping
fedsso-cashpro.bankofamerica.com/idp/ Frame C374
Redirect Chain
  • https://cashproonline.bankofamerica.com/redirect/session/public/signout
  • https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
4 KB
7 KB
Document
General
Full URL
https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/main-es2015.92e59d3a6f2a891031d9.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
4c089a1ee47dea9828e31cf38db43674c795264ee911191347c11921bb729316
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cashproonline.bankofamerica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
4370
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type
text/html;charset=utf-8
Date
Mon, 21 Nov 2022 22:37:55 GMT
Expect-CT
max-age=3600, enforce
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=20000
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block

Redirect headers

Access-Control-Allow-Credentials
true
Cache-Control
no-cache, no-store, max-age=0, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' http://*.bankofamerica.com:* https://*.bankofamerica.com:*;
Date
Mon, 21 Nov 2022 22:37:54 GMT
Expires
0
Keep-Alive
timeout=5, max=512
Location
https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload
Vary
Origin
X-FRAME-OPTIONS
SAMEORIGIN
marketing.json
cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
1 KB
1 KB
XHR
General
Full URL
https://cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/marketing.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
1bf30e1b526de5b7caa5e6fbd12786f438434f175064744d7178937441675e85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Pragma
no-cache
accept-language
de-DE,de;q=0.9
X-BFS-TOKEN
561be797-14be-442e-b7ae-f6303a8c0c1e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
X-Frame-Options
SAMEORIGIN
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Vary
Accept-Encoding,Origin
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=5, max=512
Content-Length
441
resources.json
cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
949 B
1 KB
XHR
General
Full URL
https://cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/resources.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c329c2e8f23619c3dab5760db0ed84fc783bcdcaed96589b8b0f7cda7e2b9919
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Pragma
no-cache
accept-language
de-DE,de;q=0.9
X-BFS-TOKEN
561be797-14be-442e-b7ae-f6303a8c0c1e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
X-Frame-Options
SAMEORIGIN
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Vary
Accept-Encoding,Origin
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Keep-Alive
timeout=5, max=508
Content-Length
400
otSDKStub.js
cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/
20 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/otSDKStub.js
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/main-es2015.92e59d3a6f2a891031d9.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a5068ded0fa3ee9d983f770ef61d66e775756d2ffa665a60d36a4e3d17748ffa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cashproonline.bankofamerica.com/
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
XUOw4rj8zlkhAK9G8+j4nQ==
age
22692
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6965
x-ms-lease-status
unlocked
last-modified
Sun, 14 Aug 2022 18:38:38 GMT
server
cloudflare
etag
0x8DA7E2433F5D08C
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
849b03ab-401e-0155-520d-b075c4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76dce99e1df79bc4-FRA
expires
Tue, 22 Nov 2022 22:37:54 GMT
de_DE.json
cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/i18n/
76 KB
18 KB
XHR
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/i18n/de_DE.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
f746c44c229816e93c65d2dd33351c73f35011882d53edaa3964e4f414dcca8d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

Pragma
no-cache
accept-language
de-DE,de;q=0.9
X-BFS-TOKEN
561be797-14be-442e-b7ae-f6303a8c0c1e
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36
X-Frame-Options
SAMEORIGIN
Accept
application/json, text/plain, */*
Cache-Control
no-cache
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Sat, 12 Nov 2022 10:51:50 GMT
ETag
"12f96-5ed43cb1fbd80-gzip"
Vary
Accept-Encoding,Origin
Content-Type
application/json
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=512
Content-Length
18040
cc.go
secure.bankofamerica.com/login/sign-in/entry/
29 KB
32 KB
Script
General
Full URL
https://secure.bankofamerica.com/login/sign-in/entry/cc.go?_=1669070273861
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/scripts.a09e8db93c27242efb6f.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.100.200 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
Software
/
Resource Hash
77bbf4f8236757ea24dcf0f80e16e4381f094c2434eb199119f4e9f8f4d4b385
Security Headers
Name Value
Content-Security-Policy script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
script-src 'self' boa-api.arkoselabs.com *.bac-assets.com cdn.cookielaw.org resources.digital-cloud.medallia.com *.livelook.com *.livelook.net *.tiqcdn.com *.bankofamerica.com *.baml.com *.bofa.com *.ml.com *.merrill.com *.merrilledge.com *.mymerrill.com *.ustrust.com *.glance.net *.glancecdn.net *.myglance.net s3.amazonaws.com *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com *.coremetrics.com *.brightcove.net *.brightcove.com maps.googleapis.com www.paypalobjects.com anrdoezrs.com cj.dotomi.com cj.com cj.mplxtms.com emjcd.com mczbf.com sjwoe.com secure-cdn.mplxtms.com cdn.mplxtms.com 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https: data: blob: *.bac-assets.com *.bankofamerica.com cdn.cookielaw.org *.livelook.com *.livelook.net *.glancecdn.net *.cobrowse.oraclecloud.com *.oraclecloud.com www.google-analytics.com *.convertro.com idsync.rlcdn.com 'unsafe-inline'; worker-src 'self' blob:;
X-BOA-RequestID
Y3v9w-i15deW18GmXutmfgAAAcQ
X-Serviced-By
4IPh7d+2+AorfCPnR/+gQQ==--bJwN/xgn7gEobpZIINZXlw==
P3P
CP="CAO IND PHY ONL UNI FIN COM NAV INT DEM CNT STA POL HEA PRE GOV CUR ADM DEV TAI PSA PSD IVAi IVDi CONo TELo OUR SAMi OTRi"
Content-Type
text/text
Content-Language
de-DE
Cache-Control
no-cache
Content-Disposition
inline
Connection
Keep-Alive
Keep-Alive
timeout=40, max=454
Content-Length
30015
Expires
Thu, 01 Jan 1970 00:00:00 GMT
tables.js
cashproonline-img024.bankofamerica.com/970442/
67 KB
32 KB
XHR
General
Full URL
https://cashproonline-img024.bankofamerica.com/970442/tables.js
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.24.58.112 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-24-58-112.us-west-2.compute.amazonaws.com
Software
haile /
Resource Hash
ddc97ed3c7ecc2c33de840f86b518bea9d21aebbe8c27c074f606e43a725be46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000
Content-Encoding
gzip
Server
haile
Transfer-Encoding
chunked
Vary
Origin
Content-Type
application/x-javascript
Access-Control-Allow-Origin
https://cashproonline.bankofamerica.com
Access-Control-Allow-Methods
GET, OPTIONS
P3P
CP="NOI ADM DEV PSAi COM NAV OUR OTR STP IND DEM"
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
PICS-Label
(PICS-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.icra.org/ratingsv02.html" l r (nz 0 vz 0 lz 0 oz 0 cz 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
hero-bkgd-image.jpg
cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
907 KB
907 KB
Image
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/hero-bkgd-image.jpg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
a0fbd4fbfb616a8e91ee14a69375b82dcb416fa3bce98257fb6aa0980220799b
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Tue, 14 Dec 2021 02:12:48 GMT
Server
AkamaiNetStorage
ETag
"61a4b8baffa4ea7d405ee7e9caf04b41:1639447968.549636"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
928839
bofa_pattern2_rgb_gray_simple_Digital.svg
cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/
292 KB
202 KB
Image
General
Full URL
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/assets/images/bofa_pattern2_rgb_gray_simple_Digital.svg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.97.80.101 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-97-80-101.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
ecce43494e52ec16c206695cc233c14e8a8866fbcbaf3d045b50b1c1e873e9d2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Last-Modified
Sat, 12 Nov 2022 10:51:50 GMT
ETag
"48f3d-5ed43cb1fbd80-gzip"
Vary
Accept-Encoding,Origin
Transfer-Encoding
chunked
Content-Type
image/svg+xml
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=511
f21ef163-f543-4916-906f-218c2169348a.json
cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/
4 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/f21ef163-f543-4916-906f-218c2169348a.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f75eb16952edd69d957160ea604d91e770dd348b89ce6dc379ec4b6162d5740c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
OOI69/AORlVqcfWMlkEQRg==
age
22692
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
1673
x-ms-lease-status
unlocked
last-modified
Sun, 14 Aug 2022 18:38:37 GMT
server
cloudflare
etag
0x8DA7E2433A746B2
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
cf9b05f0-301e-0137-410d-b0321c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76dce99e9ead9bc4-FRA
expires
Tue, 22 Nov 2022 22:37:54 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1a55 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://cashproonline.bankofamerica.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

date
Mon, 21 Nov 2022 22:37:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
76dce99f6ea291f6-FRA
access-control-allow-headers
Content-Type
bofa_icon_mobile2_blk.svg
cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
2 KB
2 KB
Image
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/bofa_icon_mobile2_blk.svg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9bafcea7a9c593782e395a99bcb85eb5fc770fb35bbf8cc7cfbb4905da27e5ab
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Tue, 14 Dec 2021 02:12:28 GMT
Server
AkamaiNetStorage
ETag
"ec93579013b09d7cf0ad0aa5ea71c232:1639447948.912051"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1977
icon_chart.jpg
cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
2 KB
2 KB
Image
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/icon_chart.jpg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
9428017a4514bf50b6c70fa0164056f5c2f4c9e0ccefc07ac40ff71b4d1d380c
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Wed, 20 Jul 2022 01:00:25 GMT
Server
AkamaiNetStorage
ETag
"569e7b117d0011dae3d62d349aff31a1:1658278825.242243"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1706
bofa_icon_transfer2_blk.svg
cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
1 KB
2 KB
Image
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/bofa_icon_transfer2_blk.svg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
45d93dc1fafffca2d55eac4545d44c2674d3dca528ab0904b1fa1503d5cafdfa
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Tue, 14 Dec 2021 02:12:29 GMT
Server
AkamaiNetStorage
ETag
"a2c4cbbeb4046fc6f547cdd49363b6ed:1639447949.197769"
Content-Type
image/svg+xml
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1432
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.38.0/
369 KB
88 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.38.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a9cbc4d1063e21234a62ce8e2d5fc6a41f4da0415a4c40dd0320b05ee85fdfb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cashproonline.bankofamerica.com/
Origin
https://cashproonline.bankofamerica.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
jz950M8ZW7RakPP2zlLHZQ==
age
22692
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
89624
x-ms-lease-status
unlocked
last-modified
Thu, 21 Jul 2022 06:31:17 GMT
server
cloudflare
etag
0x8DA6AE29E465D1D
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
fc1716d4-001e-00b8-7bd9-ae3a15000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76dce99fc8959bc4-FRA
img-giftcard.jpg
cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
275 KB
275 KB
Image
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/img-giftcard.jpg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d731034e94a98e91336a67f08cbe3a2d54c9ada27e22e48bb029d5c247d7919e
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Last-Modified
Thu, 10 Nov 2022 02:00:24 GMT
Server
AkamaiNetStorage
ETag
"dbd649df49c756936b29fb4dc0de5eca:1668045624.410121"
Content-Type
image/jpeg
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
281696
img-institute.jpg
cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/
208 KB
208 KB
Image
General
Full URL
https://cashproonline-ex-static-prodb.bankofamerica.com/PHXcms/public/content/cashproonline/cpoimages/portal/img-institute.jpg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.205.231.125 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-205-231-125.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
839a5d6ae4fcbdf62dd5c0adce9184f3a89ec281934c0ffa32a75b20d03d0c11
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:54 GMT
Strict-Transport-Security
max-age=86400
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
213014
Content-Type
image/jpeg
de-de.json
cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/8bfedf75-63ac-4a3d-987e-81c559aafed3/
70 KB
17 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/f21ef163-f543-4916-906f-218c2169348a/8bfedf75-63ac-4a3d-987e-81c559aafed3/de-de.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0936b141cb9c3248ab0fc152c64428bec5c2bd09fb860bf4b797d51d7d66dc2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
L17uh8NP1fzxrTCauBJClw==
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
17046
x-ms-lease-status
unlocked
last-modified
Sun, 14 Aug 2022 18:38:42 GMT
server
cloudflare
etag
0x8DA7E2436CDB4CD
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
d68a4fc2-601e-00c5-06d1-fca6dd000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76dce9a0699a9bc4-FRA
expires
Tue, 22 Nov 2022 22:37:54 GMT
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.38.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCenterRounded.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d94edd219d965011aa7c423435675f8fc3aba340d1d2a45840c88592b922dbf2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
dxIG1EjBSvU0szEzzNzBnA==
age
22691
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2612
x-ms-lease-status
unlocked
last-modified
Thu, 21 Jul 2022 06:31:09 GMT
server
cloudflare
etag
0x8DA6AE2999E69E3
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
6d28ec5b-d01e-0076-56db-ae5c5a000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76dce9a2ddfa9bc4-FRA
otPcPanel.json
cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/
64 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/v2/otPcPanel.json
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24a29fbb745ef24f858d96e76daf0c4e52f1af3b41becfd7fae1b143a6e9fec0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:55 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
BJ08KLAvpzZpuIY3VesHLg==
age
22511
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
13296
x-ms-lease-status
unlocked
last-modified
Thu, 21 Jul 2022 06:31:11 GMT
server
cloudflare
etag
0x8DA6AE29AA07224
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
571affea-301e-0038-24d5-ae99bf000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
76dce9a2ddfe9bc4-FRA
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/6.38.0/assets/
22 KB
5 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.38.0/assets/otCommonStyles.css
Requested by
Host: cashproonline-ex-static-prodb.bankofamerica.com
URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17770d05051a8a4f270ba5bdf049b90cc166ac42bd4513f419308a5804d7a161
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
TLLtdkuMahUQRVIfmZNHNw==
age
22511
x-ms-lease-status
unlocked
last-modified
Thu, 21 Jul 2022 06:31:23 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
8b89b157-a01e-001f-21d5-ae03f6000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
76dce9a2ddff9bc4-FRA
truncated
/
817 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Content-Type
image/svg+xml
poweredBy_ot_logo.svg
cdn.cookielaw.org/logos/static/
3 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/poweredBy_ot_logo.svg
Requested by
Host: cashproonline.bankofamerica.com
URL: https://cashproonline.bankofamerica.com/cpoauthweb/cpo/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cashproonline.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 21 Nov 2022 22:37:55 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
LpuayL42jB78xRllx0vkOw==
age
83244
x-ms-lease-status
unlocked
last-modified
Wed, 16 Nov 2022 03:30:10 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
db6ae053-f01e-00a6-4120-fae0f8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
76dce9a3dd729231-FRA
main.css
fedsso-cashpro.bankofamerica.com/assets/css/ Frame C374
171 KB
174 KB
Stylesheet
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/css/main.css
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
0eae0d8db88e082d022d9c4b542697e01c0ae577d94ab5f74e2c6dc06f341ea5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Sat, 19 Nov 2022 16:48:07 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19999
Content-Length
175425
X-XSS-Protection
1; mode=block
override.css
fedsso-cashpro.bankofamerica.com/assets/css/ Frame C374
991 B
3 KB
Stylesheet
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/css/override.css
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Sat, 19 Nov 2022 16:48:07 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
991
X-XSS-Protection
1; mode=block
branding.css
fedsso-cashpro.bankofamerica.com/assets/css/ Frame C374
6 KB
8 KB
Stylesheet
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/css/branding.css
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
a054fb116f3fd8613c43ddf3f9a031c9cbb02c599d45dcbc18485df447117e99
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Sat, 19 Nov 2022 16:48:07 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19999
Content-Length
6314
X-XSS-Protection
1; mode=block
bofa-logo-new.svg
fedsso-cashpro.bankofamerica.com/assets/images/ Frame C374
7 KB
10 KB
Image
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/images/bofa-logo-new.svg
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
29c1a730547d1487b67408ca75066af3bc9c1c2142d2bc9f96f333a0136102e2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Wed, 13 Jul 2022 22:43:16 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
image/svg+xml
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
7662
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
fedsso-cashpro.bankofamerica.com/assets/jslib/jQuery/3.5.1/ Frame C374
89 KB
92 KB
Script
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/jslib/jQuery/3.5.1/jquery-3.5.1.min.js
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
9eb38f49c160795d44429502e0ad34a1fa4b4ed5ad3cab4ef04339a2db503909
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Sat, 19 Nov 2022 16:48:07 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
91596
X-XSS-Protection
1; mode=block
popper.min.js
fedsso-cashpro.bankofamerica.com/assets/jslib/jQuery/3.5.1/ Frame C374
20 KB
22 KB
Script
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/jslib/jQuery/3.5.1/popper.min.js
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
f8e91ec84893a1ab67b0b5c11cd269d9513c7eea5475ca9e597e779544c29672
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Sat, 19 Nov 2022 16:48:07 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
20628
X-XSS-Protection
1; mode=block
bootstrap.bundle.min.js
fedsso-cashpro.bankofamerica.com/assets/jslib/bootstrap/4.6/ Frame C374
84 KB
87 KB
Script
General
Full URL
https://fedsso-cashpro.bankofamerica.com/assets/jslib/bootstrap/4.6/bootstrap.bundle.min.js
Requested by
Host: fedsso-cashpro.bankofamerica.com
URL: https://fedsso-cashpro.bankofamerica.com/idp/startSLO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
e81e7d08d34e0de6c42adfc36e7be982d22213a897b5d82b7629b96b7ce65432
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://fedsso-cashpro.bankofamerica.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.110 Safari/537.36

Response headers

Date
Mon, 21 Nov 2022 22:37:55 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Sat, 19 Nov 2022 16:48:07 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
86498
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

255 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 string| wsLoc string| url string| wsPattern string| mmPattern object| ws object| mmMode string| redirectURL undefined| wsValue undefined| mmModeValue number| t2 string| resourcePath string| uiSplunkLogsEnabled string| domainExp function| checkDomain function| validateURL function| validateDomain object| webpackJsonp function| setImmediate function| clearImmediate function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__fetch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__setImmediate function| __zone_symbol__clearImmediate function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched object| global object| ame2eea object| amHash object| amRsa object| amAes number| dbits object| amUtf8 number| canary boolean| j_lm function| BigInteger function| nbi function| am1 function| am2 function| am3 number| BI_FP number| rr number| vv string| BI_RM object| BI_RC function| int2char function| intAt function| bnpCopyTo function| bnpFromInt function| nbv function| bnpFromString function| bnpClamp function| bnToString function| bnNegate function| bnAbs function| bnCompareTo function| nbits function| bnBitLength function| bnpDLShiftTo function| bnpDRShiftTo function| bnpLShiftTo function| bnpRShiftTo function| bnpSubTo function| bnpMultiplyTo function| bnpSquareTo function| bnpDivRemTo function| bnMod function| Classic function| cConvert function| cRevert function| cReduce function| cMulTo function| cSqrTo function| bnpInvDigit function| Montgomery function| montConvert function| montRevert function| montReduce function| montSqrTo function| montMulTo function| bnpIsEven function| bnpExp function| bnModPowInt object| amUtil number| t undefined| z function| isCookieAllowed function| launchCookieCenter function| jsSHA object| boa function| $ function| jQuery object| lazySizes object| __zone_symbol__unloadfalse object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| phoenix object| phx object| px object| __zone_symbol__scrolltrue object| __zone_symbol__resizetrue object| __zone_symbol__pageshowfalse object| __zone_symbol__hashchangetrue object| __zone_symbol__loadfalse object| __fp object| _cc string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| OneTrustStub object| Optanon object| OneTrust object| __zone_symbol__beforeunloadfalse object| inauthNamespace string| collectorNamespaceName object| __DEFAULT_NAMESPACE object| __zone_symbol__mousemovefalse object| __zone_symbol__clickfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

17 Cookies

Domain/Path Name / Value
.cashproonline.bankofamerica.com/ Name: SMREDIRECT
Value: null
.cashproonline.bankofamerica.com/ Name: INTUITREDIRECT
Value: null
.cashproonline.bankofamerica.com/ Name: OBBREDIRECT
Value: null
cashproonline.bankofamerica.com/ Name: AFAPPJSESSIONID
Value: 2-rueXmwGF8p9XQV0vhs7uBOwFspsUTeY59tZa3k.h01c01s03
.bankofamerica.com/ Name: TS01e5744e
Value: 0194d4967599be6f85042e137b6826d01961911ca0563bbd55ac6329844150594ab497427a6a119e1dba5aad5e6172eaedf63d8083ed8b6cbfa00604bbb486a082d7b087f158a700dc6ee939bf7061a2b3f81b7d1d6108ed3f3defaf8ca32d208a96abdf6b75784bcfb950bd0f78608095b762fe6d
.cashproonline.bankofamerica.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Mon+Nov+21+2022+22%3A37%3A55+GMT%2B0000+(GMT)&version=6.38.0&hosts=&consentId=7b9378a8-bf04-4070-ac0d-af73ca3b6e44&interactionCount=0&landingPath=https%3A%2F%2Fcashproonline.bankofamerica.com%2Fcpoauthweb%2Fcpo%2F%23%2Flogin%2Fpublic%2Fsignin&groups=C0001%3A1%2CC0002%3A0
fedsso-cashpro.bankofamerica.com/ Name: PF
Value: LZdEmunpYwxGtxOTiYgM44
fedsso-cashpro.bankofamerica.com/ Name: bac_persist
Value: 1130638757.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: MTNRIqmeRKt5+T5EYwRVpVah4PpsLbPrL8Cie3VDhDk=
.fedsso-cashpro.bankofamerica.com/ Name: TS0122bc09
Value: 01894c4cce0d35f079e94cdd2050bf888ebdd0afa17760e73c4349fcfff6ba674bb8552126ca9f0d53969011f0668bfd11d385fb1c26b8027a35a0f19aba235c4c7b5e329ba09b3e0d28f564f5528a00cd861d1c8c03880e38d60af21aa7ddabf8fddaff6c
secure.bankofamerica.com/ Name: JS_VIPAA
Value: 0000zfEcicwR5tQbIWPjlrYWbPR:1e2kj0pg9
.bankofamerica.com/ Name: ccts
Value: N31/tenCqfTpYGfPoYVMNil/CPWPUFFGnRL2x7h3fKFuCjkJg6tOn1rcX7jFIkYeYmOMFFldXsj3SM1I8ESr0w==
.bankofamerica.com/ Name: SPID
Value: F1S1
.bankofamerica.com/ Name: SID
Value: 001C943AB900637BFDC3
secure.bankofamerica.com/ Name: TS01d7083a
Value: 0121c3a381b2564ad1c177f2882cb48b514b2435756ccf23cd77c6e1ce321406b2ead60ecc979d4528e413490b6d3da5f80f735931ea76f01e5f842531a431eb1d8b45301b
.bankofamerica.com/ Name: TS01ab8143
Value: 0121c3a3818f6a55630adea3f7cf559e489487decc6ccf23cd77c6e1ce321406b2ead60ecca1b32ba51eeb36cdd29f6b85a60a1226f12dadc182e354f71c59430a1a239a3ddb308074c23a3a905c3838ad3baafe2314eb604dea1ed645a64ffe9635ee153b
cashproonline.bankofamerica.com/ Name: _cc
Value: ZTcwZjg3ZmUtZWM0MC00YTdj

3 Console Messages

Source Level URL
Text
security error URL: https://cashproonline-ex-static-prodb.bankofamerica.com/cpoauthweb/cpo/polyfills-es2015.732a26d1249404600258.js
Message:
Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org blob: 'nonce-t6Ck2InycWCIm7j4B6DS'".
network error URL: https://cashproonline.bankofamerica.com/PHXcms/public/content/cashproonline/Banner/CashproBanner.json
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other error URL: chrome-error://chromewebdata/
Message:
Refused to display 'https://cashproonline.bankofamerica.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org https://geolocation.onetrust.com https://privacyportal-bofa.my.onetrust.com/; style-src 'self' *.bankofamerica.com:* 'nonce-t6Ck2InycWCIm7j4B6DS'; img-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org data: ; script-src 'self' *.bankofamerica.com:* https://cdn.cookielaw.org blob: 'nonce-t6Ck2InycWCIm7j4B6DS';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000; includeSubDomains; preload max-age=15552000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cashproonline-ex-static-prodb.bankofamerica.com
cashproonline-img024.bankofamerica.com
cashproonline.bankofamerica.com
cdn.cookielaw.org
fedsso-cashpro.bankofamerica.com
geolocation.onetrust.com
secure.bankofamerica.com
104.97.80.101
171.161.100.200
171.161.146.123
23.205.231.125
2606:4700::6810:9440
2606:4700::6812:1a55
52.24.58.112
03a340cf0e732ccd9f023d5c16ed1dd9fdd3576b0fcd2d522c867bbcc6754666
0936b141cb9c3248ab0fc152c64428bec5c2bd09fb860bf4b797d51d7d66dc2f
0eae0d8db88e082d022d9c4b542697e01c0ae577d94ab5f74e2c6dc06f341ea5
1172386e1cd9f7fd9d7646df035d93473bbbf19e1b325fc54d9c2aa76e5a7a80
17770d05051a8a4f270ba5bdf049b90cc166ac42bd4513f419308a5804d7a161
1bf30e1b526de5b7caa5e6fbd12786f438434f175064744d7178937441675e85
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2242092b4ef5be761e6537e9a5088fde42f270a7244e89f52dbfa443d611616d
2488e0a6546c705636efa20207cfa0952a4d4a0d5dd254ab84166c6af4671ccb
24a29fbb745ef24f858d96e76daf0c4e52f1af3b41becfd7fae1b143a6e9fec0
298b415a89ac34245a2584fa690f5b794871d502897773d8f85299541b781ac2
29c1a730547d1487b67408ca75066af3bc9c1c2142d2bc9f96f333a0136102e2
2f87d4adf66a41cbc106b73ac9e4aa22df539d3b3f3cf8b3cd4cad7ffa8e40a9
3d0d078769b02cfa8968808570e401da0a6e050d6ff1c3178f7d56ff19ad786d
4147096d14184ab8e9b80565c6f89c4c43a95c60476b95eb96ee8b819080d7b6
45d93dc1fafffca2d55eac4545d44c2674d3dca528ab0904b1fa1503d5cafdfa
49b9b4996d1ff0a8e3de643a0c623255bf631f298f2799b949c29de93926ee7a
4c089a1ee47dea9828e31cf38db43674c795264ee911191347c11921bb729316
543cb61bcc8ceb0f5661de06417097a4c28f93b23a6fa13a2dd3858f7133f5b3
62873babdb6e2c46f99d1387c40ba0cf359b870db34d4147634e536badc9cafc
75bd962a59c1dd6e314be08c966e33b4febb4ffbc79471cd062507addc1ffdc9
77bbf4f8236757ea24dcf0f80e16e4381f094c2434eb199119f4e9f8f4d4b385
839a5d6ae4fcbdf62dd5c0adce9184f3a89ec281934c0ffa32a75b20d03d0c11
9428017a4514bf50b6c70fa0164056f5c2f4c9e0ccefc07ac40ff71b4d1d380c
97b89e21d5c324f201e5d5585210092e4f116a111fc23b2d85a784b546e71318
9bafcea7a9c593782e395a99bcb85eb5fc770fb35bbf8cc7cfbb4905da27e5ab
9eb38f49c160795d44429502e0ad34a1fa4b4ed5ad3cab4ef04339a2db503909
a054fb116f3fd8613c43ddf3f9a031c9cbb02c599d45dcbc18485df447117e99
a0fbd4fbfb616a8e91ee14a69375b82dcb416fa3bce98257fb6aa0980220799b
a5068ded0fa3ee9d983f770ef61d66e775756d2ffa665a60d36a4e3d17748ffa
a9cbc4d1063e21234a62ce8e2d5fc6a41f4da0415a4c40dd0320b05ee85fdfb2
b56ae7a92c47e27b56ce64b54a664fce54b91be903b2f78683049495e6be0f42
c329c2e8f23619c3dab5760db0ed84fc783bcdcaed96589b8b0f7cda7e2b9919
d731034e94a98e91336a67f08cbe3a2d54c9ada27e22e48bb029d5c247d7919e
d94edd219d965011aa7c423435675f8fc3aba340d1d2a45840c88592b922dbf2
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
ddc97ed3c7ecc2c33de840f86b518bea9d21aebbe8c27c074f606e43a725be46
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e81e7d08d34e0de6c42adfc36e7be982d22213a897b5d82b7629b96b7ce65432
ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82
ecce43494e52ec16c206695cc233c14e8a8866fbcbaf3d045b50b1c1e873e9d2
f14584120b851032a162e91e71b9c02d8b3e2ba85ed9c6c31d6b4c916ad0adb9
f746c44c229816e93c65d2dd33351c73f35011882d53edaa3964e4f414dcca8d
f75eb16952edd69d957160ea604d91e770dd348b89ce6dc379ec4b6162d5740c
f81821e62327cd727923e491baebbc36807116aefade18ae0798a378326e14bb
f8e91ec84893a1ab67b0b5c11cd269d9513c7eea5475ca9e597e779544c29672