urlscan.io logo urlscan.io
SecurityTrails logo

portal.hdfc.com Open in urlscan Pro
2606:4700::6810:7315  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://lnk.hdfc.com/gtrack?sl=J0l1RSx5TzB8YR1bWFoaCwVSBk9aDVkd&ml=XgdKC1ZLBFVN&ul=Uw0EDlcBBR8ASQBEUR9TDBddCwV5BVkAXF...
Effective URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Submission: On April 05 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 1 domains to perform 12 HTTP transactions. The main IP is 2606:4700::6810:7315, located in United States and belongs to CLOUDFLARENET, US. The main domain is portal.hdfc.com.
TLS certificate: Issued by COMODO ECC Domain Validation Secure S... on December 7th 2019. Valid for: 6 months.
This is the only time portal.hdfc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 175.158.65.17 4755 (TATACOMM-...)
12 2606:4700::68... 13335 (CLOUDFLAR...)
12 1
Apex Domain
Subdomains		 Transfer
13 hdfc.com
lnk.hdfc.com
portal.hdfc.com
947 KB
12 1
Domain Requested by
12 portal.hdfc.com portal.hdfc.com
1 lnk.hdfc.com 1 redirects
12 2

This site contains links to these domains. Also see Links.

Domain
www.hdfc.com
m.rbi.org.in
www.rbi.org.in
Subject Issuer Validity Valid
ssl383084.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-12-07 -
2020-06-14		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://portal.hdfc.com/campaign/post/covid-moratorium
Frame ID: 5CD1CB261E5D7DB62D566C764B8E8891
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://lnk.hdfc.com/gtrack?sl=J0l1RSx5TzB8YR1bWFoaCwVSBk9aDVkd&ml=XgdKC1ZLBFVN&ul=Uw0EDlcBBR8ASQ... HTTP 302
    https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__st... Page URL
  2. https://portal.hdfc.com/campaign/post/covid-moratorium Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

1
IPs

2
Countries

947 kB
Transfer

1335 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://lnk.hdfc.com/gtrack?sl=J0l1RSx5TzB8YR1bWFoaCwVSBk9aDVkd&ml=XgdKC1ZLBFVN&ul=Uw0EDlcBBR8ASQBEUR9TDBddCwV5BVkAXF5IVF5aTQJVWgEFAlsEXBoCAVUCCB1eAUxXDlMGVg5TGQYFHQAHUlIFAghSAwZQBw==&pp=HRd1eChncip2ez5lc3J7MSVrNjN3LRZbFwFXDgcCAwhSWxVN&clientid=71119 HTTP 302
    https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech Page URL
  2. https://portal.hdfc.com/campaign/post/covid-moratorium Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://lnk.hdfc.com/gtrack?sl=J0l1RSx5TzB8YR1bWFoaCwVSBk9aDVkd&ml=XgdKC1ZLBFVN&ul=Uw0EDlcBBR8ASQBEUR9TDBddCwV5BVkAXF5IVF5aTQJVWgEFAlsEXBoCAVUCCB1eAUxXDlMGVg5TGQYFHQAHUlIFAghSAwZQBw==&pp=HRd1eChncip2ez5lc3J7MSVrNjN3LRZbFwFXDgcCAwhSWxVN&clientid=71119 HTTP 302
  • https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
existing
portal.hdfc.com/campaign/redirect/
Redirect Chain
  • http://lnk.hdfc.com/gtrack?sl=J0l1RSx5TzB8YR1bWFoaCwVSBk9aDVkd&ml=XgdKC1ZLBFVN&ul=Uw0EDlcBBR8ASQBEUR9TDBddCwV5BVkAXF5IVF5aTQJVWgEFAlsEXBoCAVUCCB1eAUxXDlMGVg5TGQYFHQAHUlIFAghSAwZQBw==&pp=HRd1eChncip...
  • https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e69c262bfe0704300f918d927c3103bb0f400aa565eb971f82bc142cb67fb754
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
portal.hdfc.com
:scheme
https
:path
/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Sun, 05 Apr 2020 02:42:11 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=d8317421e1d846b1aac4d705fe521188c1586054530; expires=Tue, 05-May-20 02:42:10 GMT; path=/; domain=.hdfc.com; HttpOnly; SameSite=Lax hdfcs_online_home_loans_session=eyJpdiI6Ik1wZENyZHVhNTZ2TFwvZkVvaUcxaXJ3PT0iLCJ2YWx1ZSI6InRhVlJCZjJcLzRRTjlTa0ozeHJsSmNJXC9ZMHRzaWQ3UHRxMnBZUjY2SnQzWnRHWDRpakwwM3RDN1RDcjBvaHlmKyIsIm1hYyI6IjQ3NDE5Y2NlNzQ4MWMzMmZlYjc2MTE1ZTI0MTQ4M2ZkNDk1NDM0Y2I0MTg2NDM5NjdmOWI5ZjY0MTU2NzZjMDMifQ%3D%3D; path=/; secure; httponly
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
cache-control
max-age=0, must-revalidate, no-store, nocache, post-check=0, pre-check=0, private
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-security-policy
referrer-policy
no-referrer
feature-policy
microphone 'none'; geolocation 'none'
expect-ct
max-age=0
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
57efea110ad1d6c5-FRA
content-encoding
gzip

Redirect headers

Server
nginx
Date
Sun, 05 Apr 2020 02:43:27 GMT
Content-Length
0
Connection
keep-alive
Access-Control-Allow-Origin
*
Location
https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech
Primary Request covid-moratorium
portal.hdfc.com/campaign/post/ 		62 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/campaign/post/covid-moratorium
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/redirect/existing?ref_code=COVID_19_MRTM&source_code=319652968&__sta=QYBVJYBIU%7CVQ&__stm_medium=email&__stm_source=smartech
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1856e61484d71acae5aba8b0aaaba253fc07cdf6feafe35080a45b0b9f961e84
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
POST
:authority
portal.hdfc.com
:scheme
https
:path
/campaign/post/covid-moratorium
content-length
439
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
origin
null
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-dest
document
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-origin
sec-fetch-mode
navigate
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
__cfduid=d8317421e1d846b1aac4d705fe521188c1586054530; hdfcs_online_home_loans_session=eyJpdiI6Ik1wZENyZHVhNTZ2TFwvZkVvaUcxaXJ3PT0iLCJ2YWx1ZSI6InRhVlJCZjJcLzRRTjlTa0ozeHJsSmNJXC9ZMHRzaWQ3UHRxMnBZUjY2SnQzWnRHWDRpakwwM3RDN1RDcjBvaHlmKyIsIm1hYyI6IjQ3NDE5Y2NlNzQ4MWMzMmZlYjc2MTE1ZTI0MTQ4M2ZkNDk1NDM0Y2I0MTg2NDM5NjdmOWI5ZjY0MTU2NzZjMDMifQ%3D%3D
Upgrade-Insecure-Requests
1
Origin
null
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

status
200
date
Sun, 05 Apr 2020 02:42:12 GMT
content-type
text/html; charset=UTF-8
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
cache-control
max-age=0, must-revalidate, no-store, nocache, post-check=0, pre-check=0, private
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
set-cookie
hdfcs_online_home_loans_session=eyJpdiI6IjZ6dk5BeU81TFo1TkJDMEY3TVU0aHc9PSIsInZhbHVlIjoiS0c5ODB5U2V5cXpcLzRHTUZrT1VHc0xkVWpjWXFyZUZTTzMrbVNqbkZSRUZLSEt2SnZDTzFMQkErSkpZNlwvMFF4IiwibWFjIjoiMzhiYWJhMzQ4YzFhMDEwZGNkYWRkNjZlZTRiMmE1YzM1MDNlNDA4MzVkNjdmZjUyMjZhZmU1ZWEyOGJhMzYyNyJ9; path=/; secure; httponly
vary
Accept-Encoding,User-Agent
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
content-security-policy
referrer-policy
no-referrer
feature-policy
microphone 'none'; geolocation 'none'
expect-ct
max-age=0
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
57efea164962d6c5-FRA
content-encoding
gzip
app.css
portal.hdfc.com/campaignTemplates/ 		182 KB
41 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/campaignTemplates/app.css?id=613cb458cd470f914c84
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff58391262e5b6480d4c63f23d64ca2127d58096f8b6503ee16ecdce8d142485
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
6002
status
200
vary
Accept-Encoding,User-Agent
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:10 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"2d64f-5a2751af09962-gzip"
expect-ct
max-age=0
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
text/css
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
cf-ray
57efea1bd83cd6c5-FRA
expires
Fri, 10 Apr 2020 02:42:12 GMT
phone-icon.png
portal.hdfc.com/images/campaignTemplates/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.hdfc.com/images/campaignTemplates/phone-icon.png
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b8f164e2150fa36b8b094fa4231180c7ddfcae1d1cfbdeb81b67f1dd09f88f91
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6000
cf-polished
origSize=3956, status=vary_header_present
status
200
strict-transport-security
max-age=63072000; includeSubdomains;
content-length
2900
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:11 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"f74-5a2751b0198fd"
expect-ct
max-age=0
vary
User-Agent, Accept-Encoding
content-type
image/png
expires
Fri, 10 Apr 2020 02:42:12 GMT
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1bd83ed6c5-FRA
cf-bgj
imgq:100
email-decode.min.js
portal.hdfc.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 		1 KB
884 B 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
content-encoding
gzip
vary
Accept-Encoding
last-modified
Thu, 02 Apr 2020 11:45:47 GMT
server
cloudflare
etag
W/"5e85d06b-4d7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-frame-options
SAMEORIGIN
content-type
application/javascript
status
200
cache-control
max-age=172800, public
cf-ray
57efea1bd844d6c5-FRA
expires
Tue, 07 Apr 2020 02:42:12 GMT
conversion-loan.js
portal.hdfc.com/campaignTemplates/ 		333 KB
134 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/campaignTemplates/conversion-loan.js?id=4eb6f4dadad381775156
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76d8cafbbd1e4fef542509c0ff878b8c3ef77dd6b637c7a17c22b078c6270579
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
age
6002
status
200
vary
Accept-Encoding,User-Agent
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:08 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"53220-5a2751adb02a0-gzip"
expect-ct
max-age=0
strict-transport-security
max-age=63072000; includeSubdomains;
content-type
application/x-javascript
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
cf-ray
57efea1bf867d6c5-FRA
expires
Fri, 10 Apr 2020 02:42:12 GMT
hdfc-logo.png
portal.hdfc.com/images/campaignTemplates/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.hdfc.com/images/campaignTemplates/hdfc-logo.png
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aed771ecac9657995f97595358e66ef38a9927be942ac0fd35c907302d134bd0
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6001
cf-polished
origSize=7150, status=vary_header_present
status
200
strict-transport-security
max-age=63072000; includeSubdomains;
content-length
4392
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:11 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"1bee-5a2751b023185"
expect-ct
max-age=0
vary
User-Agent, Accept-Encoding
content-type
image/png
expires
Fri, 10 Apr 2020 02:42:12 GMT
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1c38f2d6c5-FRA
cf-bgj
imgq:100
main_bg.jpg
portal.hdfc.com/images/campaignTemplates/ 		22 KB
22 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.hdfc.com/images/campaignTemplates/main_bg.jpg
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ff12b71c0ad7fa7164e2cd39cdcd56af17ae42b2749a6644c728efcd030c08f
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6001
cf-polished
origSize=57378, status=vary_header_present
status
200
strict-transport-security
max-age=63072000; includeSubdomains;
content-length
22442
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:11 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"e022-5a2751b023955"
expect-ct
max-age=0
vary
User-Agent, Accept-Encoding
content-type
image/jpeg
expires
Fri, 10 Apr 2020 02:42:12 GMT
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1c38f4d6c5-FRA
cf-bgj
imgq:100
main_card_bg.png
portal.hdfc.com/images/campaignTemplates/ 		691 KB
692 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.hdfc.com/images/campaignTemplates/main_card_bg.png
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a9d5b16cf929a779200a730ef668ec14f48036aeb16e9b01b925c07405b77d9
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6001
cf-polished
origSize=711732, status=vary_header_present
status
200
strict-transport-security
max-age=63072000; includeSubdomains;
content-length
707575
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:09 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"adc34-5a2751ae088b8"
expect-ct
max-age=0
vary
User-Agent, Accept-Encoding
content-type
image/png
expires
Fri, 10 Apr 2020 02:42:12 GMT
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1c38f6d6c5-FRA
cf-bgj
imgq:100
titillium-web-v7-latin-600.woff2
portal.hdfc.com/fonts/campaignTemplates/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/fonts/campaignTemplates/titillium-web-v7-latin-600.woff2
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ef8a5f444c988e2c08260642c8257654f5e825e839a9c3d355933d4d12e0345b
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://portal.hdfc.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
font

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6001
status
200
vary
User-Agent, Accept-Encoding
content-length
12300
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:10 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"300c-5a2751af8466e"
expect-ct
max-age=0
strict-transport-security
max-age=63072000; includeSubdomains;
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1c48f8d6c5-FRA
expires
Fri, 10 Apr 2020 02:42:12 GMT
titillium-web-v7-latin-regular.woff2
portal.hdfc.com/fonts/campaignTemplates/ 		12 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/fonts/campaignTemplates/titillium-web-v7-latin-regular.woff2
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa20d91c9e94f0dcd1398f5e8909706c437748ca1800616ee76deb6cefbdf03
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://portal.hdfc.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
font

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6001
status
200
vary
User-Agent, Accept-Encoding
content-length
12356
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:10 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"3044-5a2751af81b47"
expect-ct
max-age=0
strict-transport-security
max-age=63072000; includeSubdomains;
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1c48fad6c5-FRA
expires
Fri, 10 Apr 2020 02:42:12 GMT
titillium-web-v7-latin-700.woff2
portal.hdfc.com/fonts/campaignTemplates/ 		11 KB
12 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.hdfc.com/fonts/campaignTemplates/titillium-web-v7-latin-700.woff2
Requested by
Host: portal.hdfc.com
URL: https://portal.hdfc.com/campaign/post/covid-moratorium
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0e35ec3dfa80b7851b7826fcae5e1ef652d03d77c6c2af9f0bf1b97d49fe876d
Security Headers
Name Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://portal.hdfc.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
font

Response headers

date
Sun, 05 Apr 2020 02:42:12 GMT
x-content-type-options
nosniff
cf-cache-status
HIT
age
6001
status
200
vary
User-Agent, Accept-Encoding
content-length
11720
x-xss-protection
1; mode=block
referrer-policy
no-referrer
last-modified
Sat, 04 Apr 2020 11:12:10 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
etag
"2dc8-5a2751af8b3ce"
expect-ct
max-age=0
strict-transport-security
max-age=63072000; includeSubdomains;
cache-control
public, max-age=432000
feature-policy
microphone 'none'; geolocation 'none'
content-security-policy
accept-ranges
bytes
cf-ray
57efea1c48fbd6c5-FRA
expires
Fri, 10 Apr 2020 02:42:12 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| namedRoutes string| baseUrl function| Router function| route function| _ function| jQuery function| $ function| axios function| collect function| getAjaxErrorMeg function| rescueSwal

2 Cookies

Domain/Path Name / Value
portal.hdfc.com/ Name: hdfcs_online_home_loans_session
Value: eyJpdiI6IjZ6dk5BeU81TFo1TkJDMEY3TVU0aHc9PSIsInZhbHVlIjoiS0c5ODB5U2V5cXpcLzRHTUZrT1VHc0xkVWpjWXFyZUZTTzMrbVNqbkZSRUZLSEt2SnZDTzFMQkErSkpZNlwvMFF4IiwibWFjIjoiMzhiYWJhMzQ4YzFhMDEwZGNkYWRkNjZlZTRiMmE1YzM1MDNlNDA4MzVkNjdmZjUyMjZhZmU1ZWEyOGJhMzYyNyJ9
.hdfc.com/ Name: __cfduid
Value: d8317421e1d846b1aac4d705fe521188c1586054530

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block