urlscan.io logo urlscan.io
SecurityTrails logo

idp.juliusbaer.com Open in urlscan Pro
159.103.127.12  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://mobile-ebanking-de.juliusbaer.com/
Effective URL: https://idp.juliusbaer.com/mobile/login/
Submission: On February 26 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 159.103.127.12, located in Switzerland and belongs to BJB1-AS, CH. The main domain is idp.juliusbaer.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 16th 2023. Valid for: a year.
This is the only time idp.juliusbaer.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 159.103.127.31 13283 (BJB1-AS)
2 159.103.127.11 13283 (BJB1-AS)
6 159.103.127.12 13283 (BJB1-AS)
9 3
Apex Domain
Subdomains		 Transfer
11 juliusbaer.com
mobile-ebanking-de.juliusbaer.com
sso.juliusbaer.com
idp.juliusbaer.com
602 KB
9 1
Domain Requested by
6 idp.juliusbaer.com idp.juliusbaer.com
3 mobile-ebanking-de.juliusbaer.com 2 redirects
2 sso.juliusbaer.com sso.juliusbaer.com
9 3

This site contains no links.

Subject Issuer Validity Valid
mobile-ebanking-de.juliusbaer.com
DigiCert SHA2 Extended Validation Server CA		 2023-02-06 -
2024-02-05		 a year crt.sh
sso.juliusbaer.com
DigiCert SHA2 Extended Validation Server CA		 2023-02-16 -
2024-02-15		 a year crt.sh
idp.juliusbaer.com
DigiCert SHA2 Extended Validation Server CA		 2023-02-16 -
2024-02-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://idp.juliusbaer.com/mobile/login/
Frame ID: 317219C5196EE94A453FA7C70324241D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Julius Bär - Authentication

Page URL History Show full URLs

  1. http://mobile-ebanking-de.juliusbaer.com/ HTTP 302
    https://mobile-ebanking-de.juliusbaer.com/ HTTP 302
    https://mobile-ebanking-de.juliusbaer.com/kosmos-cockpit/index.req Page URL
  2. https://sso.juliusbaer.com// Page URL
  3. https://sso.juliusbaer.com// Page URL
  4. https://idp.juliusbaer.com/mobile/login/ Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

3
Subdomains

3
IPs

1
Countries

601 kB
Transfer

1682 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://mobile-ebanking-de.juliusbaer.com/ HTTP 302
    https://mobile-ebanking-de.juliusbaer.com/ HTTP 302
    https://mobile-ebanking-de.juliusbaer.com/kosmos-cockpit/index.req Page URL
  2. https://sso.juliusbaer.com// Page URL
  3. https://sso.juliusbaer.com// Page URL
  4. https://idp.juliusbaer.com/mobile/login/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://mobile-ebanking-de.juliusbaer.com/ HTTP 302
  • https://mobile-ebanking-de.juliusbaer.com/ HTTP 302
  • https://mobile-ebanking-de.juliusbaer.com/kosmos-cockpit/index.req

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.req
mobile-ebanking-de.juliusbaer.com/kosmos-cockpit/
Redirect Chain
  • http://mobile-ebanking-de.juliusbaer.com/
  • https://mobile-ebanking-de.juliusbaer.com/
  • https://mobile-ebanking-de.juliusbaer.com/kosmos-cockpit/index.req
4 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mobile-ebanking-de.juliusbaer.com/kosmos-cockpit/index.req
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.31 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
598318723aebdab0ddbcaaecdcd66dfcaca46a3dceeaf93d54f0c1e431e1c4b6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self';connect-src 'self' data:;img-src 'self' blob: data: https://ebanking.juliusbaer.eu https://mobile-ebanking-de.juliusbaer.com;media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';frame-ancestors 'self' https://sso.juliusbaer.com;frame-src 'self';base-uri 'self';object-src 'none';font-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Security-Policy
upgrade-insecure-requests;default-src 'self';connect-src 'self' data:;img-src 'self' blob: data: https://ebanking.juliusbaer.eu https://mobile-ebanking-de.juliusbaer.com;media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';frame-ancestors 'self' https://sso.juliusbaer.com;frame-src 'self';base-uri 'self';object-src 'none';font-src 'self' data:
Content-Type
text/html; charset=UTF-8
Date
Sun, 26 Feb 2023 09:50:03 GMT
Keep-Alive
timeout=5, max=100
Pragma
no-cache
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache
Connection
close
Content-Length
298
Content-Type
text/html; charset=utf-8
Date
Sun, 26 Feb 2023 09:50:03 GMT
Location
/kosmos-cockpit/index.req
Pragma
no-cache
Server
Apache
/
sso.juliusbaer.com// 		193 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.juliusbaer.com//
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.11 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' *.juliusbaer.com *.juliusbaer.lu *.juliusbaer.eu
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Origin
https://sso.juliusbaer.com
Cache-Control
no-cache
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' *.juliusbaer.com *.juliusbaer.lu *.juliusbaer.eu
Content-Type
text/html
Date
Sun, 26 Feb 2023 09:50:04 GMT
Keep-Alive
timeout=5, max=100
Referrer-Policy
origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block
/
sso.juliusbaer.com// 		3 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sso.juliusbaer.com//
Requested by
Host: sso.juliusbaer.com
URL: https://sso.juliusbaer.com//
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.11 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' *.juliusbaer.com *.juliusbaer.lu *.juliusbaer.eu
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://sso.juliusbaer.com//
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Access-Control-Allow-Origin
https://sso.juliusbaer.com
Cache-Control
no-cache
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; frame-src 'self' *.juliusbaer.com *.juliusbaer.lu *.juliusbaer.eu
Content-Type
text/html; charset=UTF-8
Date
Sun, 26 Feb 2023 09:50:04 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Referrer-Policy
origin-when-cross-origin
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block
Primary Request /
idp.juliusbaer.com/mobile/login/ 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://idp.juliusbaer.com/mobile/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.12 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
4c4769a7a60cebe043492dc01574bce364ca869aa4ce0a4808ebf55f53071116
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://sso.juliusbaer.com
Referer
https://sso.juliusbaer.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Cache-Control
no-cache
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Content-Type
text/html
Date
Sun, 26 Feb 2023 09:50:05 GMT
ETag
Keep-Alive
timeout=5, max=100
Referrer-Policy
same-origin
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-XSS-Protection
1; mode=block
merged.css
idp.juliusbaer.com/login/resources/nevislogrend/applications/jb-ss1-idp-realm/webdata/css/ 		828 KB
346 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.juliusbaer.com/login/resources/nevislogrend/applications/jb-ss1-idp-realm/webdata/css/merged.css
Requested by
Host: idp.juliusbaer.com
URL: https://idp.juliusbaer.com/mobile/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.12 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
1e0728493a3b00087949a143b4c5987438ceb08c5fc3c6a6a9d049f340b2ab87
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://idp.juliusbaer.com/mobile/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Sun, 26 Feb 2023 09:50:05 GMT
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Apache
ETag
4155a9e48607715ff82297e93001169da31da9fe
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
no-cache
Keep-Alive
timeout=5, max=99
Expires
Sun, 26 Feb 2023 09:58:52 GMT
merged.js
idp.juliusbaer.com/login/resources/nevislogrend/applications/jb-ss1-idp-realm/webdata/js/ 		271 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idp.juliusbaer.com/login/resources/nevislogrend/applications/jb-ss1-idp-realm/webdata/js/merged.js
Requested by
Host: idp.juliusbaer.com
URL: https://idp.juliusbaer.com/mobile/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.12 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
b0287f6b00c2c10f2598fcc765fa23e36121de8c979181eb573e9515023d2018
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://idp.juliusbaer.com/mobile/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Sun, 26 Feb 2023 09:50:05 GMT
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Apache
ETag
3c2b75e14e4acc481af947073ff98d92caec4c1f
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
no-cache
Keep-Alive
timeout=5, max=100
Expires
Sun, 26 Feb 2023 09:58:52 GMT
main.css
idp.juliusbaer.com/mobile/login/ 		64 B
773 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://idp.juliusbaer.com/mobile/login/main.css
Requested by
Host: idp.juliusbaer.com
URL: https://idp.juliusbaer.com/mobile/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.12 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
00271fbaf91d9648bacdcac43d6b0eadf23d94a7f327cc12436459d08bb6dc2b
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://idp.juliusbaer.com/mobile/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Sun, 26 Feb 2023 09:50:06 GMT
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Thu, 11 Nov 2021 10:31:59 GMT
Server
Apache
ETag
X-Frame-Options
sameorigin
Content-Type
text/css
Cache-Control
no-cache
Keep-Alive
timeout=5, max=100
juliusbaer-logo-white.svg
idp.juliusbaer.com/login/resources/nevislogrend/applications/jb-ss1-idp-realm/webdata/img/ 		10 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idp.juliusbaer.com/login/resources/nevislogrend/applications/jb-ss1-idp-realm/webdata/img/juliusbaer-logo-white.svg
Requested by
Host: idp.juliusbaer.com
URL: https://idp.juliusbaer.com/mobile/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.12 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
721c9ab7affebaab2824d8aefafe55b237863e9b54d8a1252b6dfdd8bd0b6332
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://idp.juliusbaer.com/mobile/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Sun, 26 Feb 2023 09:50:07 GMT
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Server
Apache
ETag
e1547057e58c0ae342e8c4a959d0406385cef3d2
X-Frame-Options
sameorigin
Content-Type
image/svg+xml
Cache-Control
no-cache
Keep-Alive
timeout=5, max=98
Expires
Sun, 26 Feb 2023 09:58:52 GMT
main.js
idp.juliusbaer.com/mobile/login/ 		564 KB
156 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://idp.juliusbaer.com/mobile/login/main.js
Requested by
Host: idp.juliusbaer.com
URL: https://idp.juliusbaer.com/mobile/login/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
159.103.127.12 , Switzerland, ASN13283 (BJB1-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
0907905e0bc01b9a048bd962bf8aae0236cf708d0c087889a650e8866c4f2ec6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-US,en;q=0.9
Referer
https://idp.juliusbaer.com/mobile/login/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36

Response headers

Date
Sun, 26 Feb 2023 09:50:06 GMT
Content-Security-Policy
upgrade-insecure-requests; default-src 'self' data:; connect-src 'self'; img-src 'self' data:; media-src 'self' data:; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Referrer-Policy
same-origin
Last-Modified
Thu, 11 Nov 2021 10:31:59 GMT
Server
Apache
ETag
X-Frame-Options
sameorigin
Content-Type
application/javascript
Cache-Control
no-cache
Keep-Alive
timeout=5, max=99

Verdicts & Comments Add Verdict or Comment

37 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| $jscomp function| $jscomp$lookupPolyfilledValue function| loadJSON function| decode function| getUrlVars function| getBrowserLanguage function| coloredLanguageButtons function| getListElements function| getQuery function| callLanguageButton function| callTimeoutButton function| redirToSupportedLang function| getActLang undefined| languageJson undefined| i18nJson function| i18n function| addlink function| addlanguage function| loadAndDisplayAddInfo function| focusOnFirstInput function| loadAddInfos number| seconds function| calcTimeoutSec function| browserCheck function| addSupportedBrowsers function| addSupportedBrowser function| $ function| jQuery object| bootstrap function| bowser function| ReplaceHTML function| SAMLPostBinding object| portalApp function| setImmediate function| clearImmediate object| mapCoreApi

3 Cookies

Domain/Path Name / Value
mobile-ebanking-de.juliusbaer.com/ Name: navajo
Value: 6411f80a5be0OvGe6xrAIwXGvKM7g1hyvlgNqA6EZbhRGb5Tll9DEtAVeA
sso.juliusbaer.com/ Name: Navajo
Value: 858ff80a5be0KLij908fSBsR5BNb0X1UgVYNZCx8e18AJXwfkxBDy3ALm4
idp.juliusbaer.com/ Name: Navajo
Value: 2d29f80a5be0NmEDkyJOv4Clmwg7qWxNbHRkTwUmZqRbyrwbHvrbJ3AM76

1 Console Messages

Source Level URL
Text
network error
Message:
The script has an unsupported MIME type ('text/html').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self';connect-src 'self' data:;img-src 'self' blob: data: https://ebanking.juliusbaer.eu https://mobile-ebanking-de.juliusbaer.com;media-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' 'unsafe-inline';frame-ancestors 'self' https://sso.juliusbaer.com;frame-src 'self';base-uri 'self';object-src 'none';font-src 'self' data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block