osappsext.hdfc.com Open in urlscan Pro
13.127.37.75 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
Submission: On February 13 via manual (February 13th 2024, 2:06:00 pm UTC) from IN — Scanned from DE

Summary HTTP 61 Redirects Behaviour Indicators

Summary

This website contacted 5 IPs in 3 countries across 3 domains to perform 61 HTTP transactions. The main IP is 13.127.37.75, located in Mumbai, India and belongs to AMAZON-02, US. The main domain is osappsext.hdfc.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on June 28th 2023. Valid for: a year.

This is the only time osappsext.hdfc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
51	13.127.37.75 13.127.37.75	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:801::200a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:831::2003	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6810:7315	13335 (CLOUDFLAR...) (CLOUDFLARENET)
61	5

51 13.127.37.75 (Mumbai, India)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

osappsext.hdfc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:801::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6810:7315 (United States)

ASN13335 (CLOUDFLARENET, US)

dtclag.hdfc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
54	hdfc.com osappsext.hdfc.com dtclag.hdfc.com	1 MB
3	gstatic.com fonts.gstatic.com	47 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 31	2 KB
61	3

	Domain	Requested by
51	osappsext.hdfc.com	osappsext.hdfc.com dtclag.hdfc.com
3	dtclag.hdfc.com	osappsext.hdfc.com dtclag.hdfc.com
3	fonts.gstatic.com	fonts.googleapis.com
2	fonts.googleapis.com	osappsext.hdfc.com
61	4

This site contains no links.

Subject Issuer	Validity	Valid
osappsext.hdfc.com GeoTrust TLS RSA CA G1	`2023-06-28` - `2024-07-28`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-09` - `2024-04-02`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-04-30` - `2024-04-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
Frame ID: 17F1943B6FFFD2E5D630046D7088FACA
Requests: 62 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Landingpage

Page Statistics

61
Requests

97 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

1225 kB
Transfer

6117 kB
Size

9
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

61 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Landingpage Show response
osappsext.hdfc.com/SPOTOFFER_FE/ 6 KB
6 KB 1355ms
237ms Document
text/html 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

5af5d6c01d029335ef224c8b3f083f35cef755ddbc42c883433f445d69d4251c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Content-Type: text/html; charset=utf-8
Date: Tue, 13 Feb 2024 14:05:49 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000;includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options: nosniff
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsManifestLoader.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 2 KB
5 KB 212ms
211ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsManifestLoader.js?3F3fZzzNKkqKoP2DsjtxFw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

493311edb0b1f52a157355409c53dc39eec132864a53e6c52096acf083906f94

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "6a8bf2a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1036
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK moduleversioninfo Show response
osappsext.hdfc.com/SPOTOFFER_FE/moduleservices/ 41 B
5 KB 211ms
211ms XHR
application/json 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/moduleservices/moduleversioninfo?1707833149864

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsManifestLoader.js?3F3fZzzNKkqKoP2DsjtxFw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

c73f0baff5936fb2680f4415284cceff45fe62fd63f9e5ce13a65f3e95c52492

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
accept-language: de-DE,de;q=0.9
OutSystems-client-env: browser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Expires: -1
Pragma: no-cache
Date: Tue, 13 Feb 2024 14:05:49 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 74
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystems.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 594 KB
144 KB 541ms
539ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

8c90aac40367e011e6fb5f0744ca38e88c70aa927952b4993f7dd5049224fe6a

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "6a8bf2a27843da1:0"
Transfer-Encoding: chunked
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsReactView.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 280 KB
86 KB 229ms
229ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsReactView.js?0bmp5RZ49TZneVNXnO6ymw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

846e86f7d6f12bbdd116258ef2b4630307c87a206a6641004f80da4afefba0c5

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:50 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "0225da27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 83929
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK cordova.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 3 B
4 KB 228ms
228ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/cordova.js?7KqI9_oL9hClomz1RdzTqg

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "bc29dca27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 36
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK NullDebugger.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 6 KB
6 KB 231ms
231ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/NullDebugger.js?pG_2wlzY3NYiuKZRtoLyQQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

1925e7e6d9c81dbc9ddbfb34d43f442f46109b34569a541adcc63543cdb2f16c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "6115e8a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1374
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.appDefinition.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 724 B
5 KB 231ms
231ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.appDefinition.js?pVWeDqT7Gjzg+0_K8N+Rqw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

d6725f66f976eb2ea8ac84436e7326b2a3cd16d3ff4672a4076c743ce2753df1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "54a6ffa27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 466
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsReactWidgets.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 79 KB
20 KB 247ms
247ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsReactWidgets.js?IdWooa_erXOfwU01FQUTuA

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

48436c47953b7a66692f152550c0e4c05f154142cd3d6ba224faefb63478e118

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:51 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "cbedf4a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 16176
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK _Basic.css
osappsext.hdfc.com/SPOTOFFER_FE/css/ 11 KB
8 KB 228ms
227ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/css/_Basic.css?EqGzAe81QbZLXJyfY3oLwA

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

4ab49f49f7c69c8af70734cad1b82d5bde2c5102b0696daf288be6a05f2fd932

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "0225da27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3330
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.index.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 1 KB
5 KB 229ms
229ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.index.js?2B6MU3yWVF4yjXC_CnDAjQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

9e3d167cf971d42193bd02b93dbe99fca4ba43ef1db134819e8efe48efaaa689

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "c0245a37843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 552
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK moduleinfo Show response
osappsext.hdfc.com/SPOTOFFER_FE/moduleservices/ 89 KB
34 KB 236ms
236ms XHR
application/json 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/moduleservices/moduleinfo?x0cfceVuz9dekMxmTOPYeQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsManifestLoader.js?3F3fZzzNKkqKoP2DsjtxFw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

a0cc400181fbf059beb6f6cc5cba91e66d6349871c40dc90e3adefd81255950d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
accept-language: de-DE,de;q=0.9
OutSystems-client-env: browser
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Expires: -1
Pragma: no-cache
Date: Tue, 13 Feb 2024 14:05:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 30875
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.controller.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 88 KB
13 KB 247ms
247ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.controller.js?zr0yZMsunVV1BTjfBwsOgw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e254c859238c2e81e76552e98096d2015b6a0bae7c627a6476fed247605b19ee

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "3ba4fda27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8991
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.LandingPage.Landingpage.mvc.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 98 KB
33 KB 231ms
231ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.LandingPage.Landingpage.mvc.js?hxsgGM7X4zTyV8KSX14+PA

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

2d1d099df52c42fa2a93ef6922a16b86128c0e9bc5f04d42256f5f41ede2961a

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "3ba4fda27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 29398
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.LandingPage.controller.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 1 KB
5 KB 214ms
214ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.LandingPage.controller.js?mGfvdcQYiUEl9nLNv9jTRw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

dd68d3119efeb2b5db07018f959d917f4bc562c1f68e7e1a99e8d545fe644898

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:52 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "3ba4fda27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 445
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.model.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 1 MB
104 KB 419ms
419ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.model.js?+o6BbRDTWYu_9sn9kiZcLQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

028148d9cf621b07e79cf54b68278d9b4eb3f84498663c8376a4b0c4cd5f4f7f

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "80b8f5a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 102498
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.Common.controller.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 10 KB
6 KB 248ms
230ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.Common.controller.js?Wwk0lh2KvVtlj1Fz0NkFaQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

04bae0d253b1b0e1044dd452acddd07ba081c005093f1769321eb94dcefceb1c

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "ff575a37843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2108
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.clientVariables.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 5 KB
5 KB 433ms
210ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.clientVariables.js?kF2FAHOHl8Fp_kF9ErB2JA

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e09fdc14dcef5c7562aebb502d3afd236204d525599bca4d4e2936dbbe8cab9d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "80b8f5a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 731
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK COMMON_BLOCK.controller.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 650 KB
48 KB 372ms
347ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/COMMON_BLOCK.controller.js?H+tfimH3mslVEFALhr+XPw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

89fceada2c375cde694cbb0f17bcfde567965991c99147390a26ed3ad2ccd5c6

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "fcb3daa27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 45184
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.LayoutFlow.Gettingstarted.mvc.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 7 KB
6 KB 409ms
213ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/ONBOARDING_TH.LayoutFlow.Gettingstarted.mvc.js?BJkTVaRsLMxeUWjoByOdVw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

744dfeea7159bacfd8db11ec09fe09e8e181aad4b2151a84271573cad8229273

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "fe93eea27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1740
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.Utilities.InlineSVG.mvc.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 9 KB
6 KB 411ms
214ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsUI.Utilities.InlineSVG.mvc.js?C0zDkU0B15rdwkM5MfeWMg

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

736eae7b490bafcb833c4b62d75b9002ab20ce759e9437e318cffdaf45642da1

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "e1bf4a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2157
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.Adaptive.ColumnsMediumLeft.mvc.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 9 KB
6 KB 399ms
215ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsUI.Adaptive.ColumnsMediumLeft.mvc.js?3dffeKZj_33SS_d3lP1odw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

fd087f936d79fea0bd4206441619763d275b16fda311a7dc0723da68efefd7c8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "cbedf4a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2019
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.referencesHealth.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 7 KB
5 KB 395ms
231ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.referencesHealth.js?Fk2G4QtzQI6azYUNOBGOLw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

f086401ea69a2348e5f5e121e8454c87bed546c10b552ea50f297bc9a59038c9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "76f5fa37843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 778
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.languageResources.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 2 KB
5 KB 251ms
214ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/SPOTOFFER_FE.languageResources.js?XiUe6w+rpzX8wt5CPD0_kg

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

0bfc47c7fc37bc136b4d57934bf61e42f4cc9413b6202d33c4794876dc786257

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "dff37a37843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 614
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK APPLYNOW_COMMON_STRUCTURE.model.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 308 KB
31 KB 492ms
490ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/APPLYNOW_COMMON_STRUCTURE.model.js?FNnvyJw24OZ6izx+txoRAg

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

27a688fbbf0be83f38fa4f8c1e5417b2308511058e2f763b63dc7eb5c888fa68

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "f88cd3a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 27668
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK COMMON_BLOCK.model.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 488 KB
48 KB 520ms
516ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/COMMON_BLOCK.model.js?7Y15xLA1jbFXeawMWHvd7Q

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

276b25528f55ed2219ff582122426302511b92d2354302d2bf1b883312fb6bde

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "15f2d8a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 44708
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK COMMON_BLOCK.clientVariables.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 102 KB
12 KB 231ms
231ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/COMMON_BLOCK.clientVariables.js?tULcj5S3HimJ8w0r3MoJrg

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

04f19121cc7eb10339cb20d097734c8b77babffe43045e8244c40b4a3ed3d481

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "fcb3daa27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8295
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.model.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 422 KB
42 KB 326ms
326ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/ONBOARDING_TH.model.js?bcZ5tDdTE8UhpOI7lkyF1A

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

7f7ece199c7fe59af1bb3176bb7127b94eaee0d169958b4d1c06eff417cf2777

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "6a8bf2a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 38150
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.controller.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 83 KB
13 KB 213ms
213ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/ONBOARDING_TH.controller.js?ftJJaZp2ci+TB08ugKkiJQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

91102915af8f4ffa462535c5140ee3ddbf96fae4e05ead98eb6d672940933f64

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "0225da27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8353
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.model.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 126 KB
18 KB 428ms
428ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsUI.model.js?vM1glsquXq0qCmIz2qBZ+Q

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e43eee0bf7e199a7090d6b48f48a338d40138d7293901ee2c4a3e258de8e55c8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:53 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "bca5f9a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 13675
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.clientVariables.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 13 KB
6 KB 212ms
212ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/ONBOARDING_TH.clientVariables.js?ZW3LrzO_egof5+JI+to2Mw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

c79a4f0418da93af0b14d34cc78b737a72c4b8aabeca199bad80f88eac814b1a

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "1ac4e8a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1438
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

POST
H/1.1 200
OK DataActionGetThirtyMinJourneyEnableFlag Show response
osappsext.hdfc.com/SPOTOFFER_FE/screenservices/SPOTOFFER_FE/LandingPage/Landingpage/ 138 B
5 KB 213ms
213ms XHR
application/json 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/screenservices/SPOTOFFER_FE/LandingPage/Landingpage/DataActionGetThirtyMinJourneyEnableFlag

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

612cf6abc94d8fa7f60b66b041c01fdf05c1c170da5e21c0910ad72599390123

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
accept-language: de-DE,de;q=0.9
X-CSRFToken: T6C+9iB49TLra4jEsMeSckDMNhQ=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Pragma: no-cache
Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
OutSystems-locale: en-US
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Length: 122
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

POST
H/1.1 200
OK log Show response
osappsext.hdfc.com/SPOTOFFER_FE/moduleservices/ 0
4 KB 214ms
214ms XHR
text/plain 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/moduleservices/log?clientTimeInMillis=1707833154407

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
accept-language: de-DE,de;q=0.9
X-CSRFToken: T6C+9iB49TLra4jEsMeSckDMNhQ=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Expires: -1
Pragma: no-cache
Date: Tue, 13 Feb 2024 14:05:54 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.languageResources.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 2 KB
5 KB 212ms
212ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/ONBOARDING_TH.languageResources.js?nrLj8hMkrSehWUXzvDlvow

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

2da11b9e535caaa5537ce1e583c40ee0d22734a608d3754817f2ee573c4c20e7

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "9dbe9a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 600
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.controller.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 201 KB
27 KB 228ms
228ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsUI.controller.js?C5g5F+0joYDS_AnZbfJRDQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

ca7bb17c121b044a858ea1e465e1b2b5789e6d231cead5e4125e944ce70ef4cc

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "0225da27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22757
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.languageResources.js Show response
osappsext.hdfc.com/SPOTOFFER_FE/scripts/ 2 KB
5 KB 213ms
213ms Script
application/javascript 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystemsUI.languageResources.js?fhuEa1fpipxtRUp8VWBSFQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

89979351d1d036489ceec41ae6d319d21556a7fc81d1377fde408b605526c5a8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:57 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "bca5f9a27843da1:0"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 610
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.OutSystemsUI.extra.css
osappsext.hdfc.com/SPOTOFFER_FE/css/ 6 KB
5 KB 230ms
229ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/css/OutSystemsUI.OutSystemsUI.extra.css?1GjQJ0ulyV5Cvi1VkYiTIw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

c1f527f32364f54a685420e3f019ae356af476fdc034f61b2ac4be5b8edb97c8

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "446b4a27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1029
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.GETTING_STARTED.css
osappsext.hdfc.com/SPOTOFFER_FE/css/ 9 KB
6 KB 217ms
217ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

3fba5649b7b5df99f70648646f71de3b20c516357cf0fb84a768ede71b07812d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "8489b0a27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2151
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsUI.OutSystemsUI.css
osappsext.hdfc.com/SPOTOFFER_FE/css/ 311 KB
44 KB 282ms
282ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/css/OutSystemsUI.OutSystemsUI.css?Y6apNrjcgAIBTlT9OTARJQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

4eeab0af48a5742bb5a43b452f8acc4350c04ef3591916df4c8c2cc4a4458f2b

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "d2ebb2a27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 41044
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK ONBOARDING_TH.LayoutFlow.Gettingstarted.css
osappsext.hdfc.com/SPOTOFFER_FE/css/ 7 KB
6 KB 216ms
215ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.LayoutFlow.Gettingstarted.css?5+lZAwoei_tZ5PICdgYb8Q

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

a92462cfb821ccbe7b21049a91da1042f7b50701a53b8ba555fd78d668ad5adc

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "8489b0a27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1567
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK OutSystemsReactWidgets.css
osappsext.hdfc.com/SPOTOFFER_FE/css/ 43 KB
15 KB 222ms
222ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/css/OutSystemsReactWidgets.css?V4aWVwM5leALLtuu6TDWSA

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

a05061eab73eadfde0ade90d0ce95b361230d7e89b5bbb815d5b6e7aab6ac4e2

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "d2ebb2a27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 10459
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK bootstrap.min.css
osappsext.hdfc.com/ONBOARDING_TH/ 152 KB
27 KB 246ms
245ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/ONBOARDING_TH/bootstrap.min.css

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

a0a1e0b60776a8447c1f268a48ed738dbcb60df9d4bee382de332e837302aa90

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ub%2BbVAXvJ8udA7R%2F3gAJcH0VW69qcEjTwtl98jOBNQWAGo4XrV%2F%2Fkh0Mz6EiORovd%2F5rOwGBLH90zms6kxr8QA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ub%2BbVAXvJ8udA7R%2F3gAJcH0VW69qcEjTwtl98jOBNQWAGo4XrV%2F%2Fkh0Mz6EiORovd%2F5rOwGBLH90zms6kxr8QA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Fri, 05 Jan 2024 17:06:52 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ub%2BbVAXvJ8udA7R%2F3gAJcH0VW69qcEjTwtl98jOBNQWAGo4XrV%2F%2Fkh0Mz6EiORovd%2F5rOwGBLH90zms6kxr8QA%3D%3D;
ETag: "53e74d94f93fda1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 22825
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ub%2BbVAXvJ8udA7R%2F3gAJcH0VW69qcEjTwtl98jOBNQWAGo4XrV%2F%2Fkh0Mz6EiORovd%2F5rOwGBLH90zms6kxr8QA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=ub%2BbVAXvJ8udA7R%2F3gAJcH0VW69qcEjTwtl98jOBNQWAGo4XrV%2F%2Fkh0Mz6EiORovd%2F5rOwGBLH90zms6kxr8QA%3D%3D;

GET
H/1.1 200
OK slick.css
osappsext.hdfc.com/SPOTOFFER_FE/ 2 KB
5 KB 214ms
214ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/slick.css?HdkaKBrzGqteMDIiIsZFHw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

bd51b51fbf41d51bba0ee6c5c08d1d61cbd42048e9253423d98d8feb9e99585e

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "2727aea27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 588
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK slick-theme.css
osappsext.hdfc.com/SPOTOFFER_FE/ 4 KB
5 KB 211ms
210ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/slick-theme.css?_Y0BdxVDHQHtTpboB1SXnw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

3da216975ebbf84f1af88928c7447d7b4c5be1ab97d809d4d7ce7831fa8471c2

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "0225da27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 895
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK base.css
osappsext.hdfc.com/SPOTOFFER_FE/ 189 KB
34 KB 262ms
257ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/base.css?+1EZIERrSUqanIKaFoJssw

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

f02d7ad355445a41f1795f1c9020f4a91b3d245aeacc8c07af25ff951a65e1ab

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "e8aeaca27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 30126
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK nice-select.css
osappsext.hdfc.com/SPOTOFFER_FE/ 4 KB
5 KB 241ms
229ms Stylesheet
text/css 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/nice-select.css?p6zjI7n8ioMabmT+sj+guQ

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

c13280e79f74109c5e3854822c0f0c972d0a57245c95b0b3762f9788bd918f8d

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/css/ONBOARDING_TH.GETTING_STARTED.css?WEt+tPrKvDYi6pBQIY3YHQ
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:54 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
ETag: "9e49a4a27843da1:0"
Vary: Accept-Encoding
Content-Type: text/css
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1060
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H2 200 css2
fonts.googleapis.com/ 14 KB
992 B 152ms
66ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;0,500;0,700;1,300;1,400&display=swap

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/base.css?+1EZIERrSUqanIKaFoJssw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca2b7b745d4745e73d2be9ec6b0acaba7d743a3f21ba66374e1f8a3af328c007

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Feb 2024 14:05:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 14:05:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Feb 2024 14:05:55 GMT

GET
H2 200 css2
fonts.googleapis.com/ 4 KB
903 B 145ms
59ms Stylesheet
text/css 2a00:1450:4001:801::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Titillium+Web:wght@300;400;600;700;900&display=swap

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/base.css?+1EZIERrSUqanIKaFoJssw

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:801::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

9ac8b374b0f93c9565c7b18969093b1484505aa5b960676c983f106ca32a7156

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Tue, 13 Feb 2024 14:05:55 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Tue, 13 Feb 2024 14:05:55 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Tue, 13 Feb 2024 14:05:55 GMT

GET
H/1.1 200
OK SPOTOFFER_FE.gettingstartedbg.png
osappsext.hdfc.com/SPOTOFFER_FE/img/ 65 KB
70 KB 212ms
212ms Image
image/png 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/img/SPOTOFFER_FE.gettingstartedbg.png?ujlHInGTFWYlNSe_qPeMYw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

0f2b7abec0062c233a661ce1779dc7c8fdd7fe9c08d5b5591f23c80aeca492c9

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:55 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
ETag: "e950c1a27843da1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 66984
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.gettingstartedico.png
osappsext.hdfc.com/SPOTOFFER_FE/img/ 12 KB
16 KB 214ms
214ms Image
image/png 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/img/SPOTOFFER_FE.gettingstartedico.png?4PquZrWqQ8sJ8wLSdv1EZA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

ed8ab3cdda6a7e74e9653e4d5e4eb8964246acd45319950289b2546d1ccf12da

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:55 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
ETag: "935ec8a27843da1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 11965
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H/1.1 200
OK SPOTOFFER_FE.aadhaar.png
osappsext.hdfc.com/SPOTOFFER_FE/img/ 3 KB
8 KB 229ms
229ms Image
image/png 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/img/SPOTOFFER_FE.aadhaar.png?eiKOeEOKxr5eErVFBKbfEw

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

25620c904261cdf27771abd7efb1ca231990497cb5fc8482a717c394300ef015

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Date: Tue, 13 Feb 2024 14:05:55 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Last-Modified: Wed, 10 Jan 2024 03:53:56 GMT
ETag: "1bc1bfa27843da1:0"
Content-Type: image/png
Cache-Control: max-age=2592000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3340
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
DATA 200
OK truncated
/ 18 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 94a9c63a01e5960c15367abc0d7ca7e6bbb666e4e26054c7a8c21ff75b395f6a

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

Content-Type: image/png

POST
H/1.1 200
OK ActionGetDynatraceScriptSrcURL Show response
osappsext.hdfc.com/SPOTOFFER_FE/screenservices/ONBOARDING_TH/ 206 B
4 KB 215ms
215ms XHR
application/json 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SPOTOFFER_FE/screenservices/ONBOARDING_TH/ActionGetDynatraceScriptSrcURL

Requested by

Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/OutSystems.js?RnlDcii3Xz75iIHHERIZtA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e735e905478a42480c5ec5568c35c58aa01ef5061160c2ffd39d2bcf6ada85b4

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
accept-language: de-DE,de;q=0.9
X-CSRFToken: T6C+9iB49TLra4jEsMeSckDMNhQ=
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/json; charset=UTF-8

Response headers

Pragma: no-cache
Date: Tue, 13 Feb 2024 14:05:55 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31536000;includeSubDomains
OutSystems-locale: en-US
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
Cache-Control: no-store, no-cache
Connection: keep-alive
Content-Length: 182
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 126ms
40ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;0,500;0,700;1,300;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://osappsext.hdfc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:51:30 GMT
x-content-type-options: nosniff
age: 18865
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:51:30 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 169ms
83ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;0,500;0,700;1,300;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://osappsext.hdfc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 08:49:41 GMT
x-content-type-options: nosniff
age: 18974
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 08:49:41 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 16 KB
16 KB 136ms
50ms Font
font/woff2 2a00:1450:4001:831::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:ital,wght@0,100;0,400;0,500;0,700;1,300;1,400&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://osappsext.hdfc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 09:13:54 GMT
x-content-type-options: nosniff
age: 17521
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15920
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 12 Feb 2025 09:13:54 GMT

GET
H2 200 d576d7d083ccb2e9_complete.js Show response
dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/ 317 KB
117 KB 1051ms
941ms Script
application/javascript 2606:4700::6810:7315
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/d576d7d083ccb2e9_complete.js
Requested by: Host: osappsext.hdfc.com
URL: https://osappsext.hdfc.com/SPOTOFFER_FE/scripts/ONBOARDING_TH.controller.js?ftJJaZp2ci+TB08ugKkiJQ
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b6a7107a083845133fe6f9f0675c4606bc45c354be3406a3b0932858d620a55

Request headers

Referer: https://osappsext.hdfc.com/
Origin: https://osappsext.hdfc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 14:05:56 GMT
content-encoding: gzip
cf-cache-status: EXPIRED
last-modified: Mon, 12 Feb 2024 14:30:44 GMT
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=86400
timing-allow-origin: *
cf-ray: 854da106cc903a54-FRA
expires: Wed, 14 Feb 2024 14:05:56 GMT

GET
H2 200 ruxitagent_D_10281231207105659.js Show response
dtclag.hdfc.com/jstag/managed/ 42 KB
16 KB 689ms
689ms Script
application/javascript 2606:4700::6810:7315
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dtclag.hdfc.com/jstag/managed/ruxitagent_D_10281231207105659.js
Requested by: Host: dtclag.hdfc.com
URL: https://dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/d576d7d083ccb2e9_complete.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 757897be220168d6e40c6f5663c3f9fa4a57bb9f79c843a731789b3606b7a8a8

Request headers

Referer: https://osappsext.hdfc.com/
Origin: https://osappsext.hdfc.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36

Response headers

date: Tue, 13 Feb 2024 14:05:57 GMT
content-encoding: gzip
cf-cache-status: MISS
last-modified: Tue, 13 Feb 2024 14:05:57 GMT
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
timing-allow-origin: *
cf-ray: 854da10edeef3a54-FRA
expires: Wed, 12 Feb 2025 14:05:57 GMT

POST
H/1.1 200
OK ReportViolations
osappsext.hdfc.com/SecurityUtils/rest/Report/ 0
4 KB 212ms
212ms Other
text/plain 13.127.37.75
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://osappsext.hdfc.com/SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D

Requested by

Host: dtclag.hdfc.com
URL: https://dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/d576d7d083ccb2e9_complete.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

13.127.37.75 Mumbai, India, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-13-127-37-75.ap-south-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=mwpeH1SuGck1m%2BS9blakWZjmZ2ejZvUv0r69uWd5aPZyqoAHT%2FtBLg81qXgiOocJNOZOgJUBt7iygBLKyfuniQ%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=mwpeH1SuGck1m%2BS9blakWZjmZ2ejZvUv0r69uWd5aPZyqoAHT%2FtBLg81qXgiOocJNOZOgJUBt7iygBLKyfuniQ%3D%3D;
X-Content-Type-Options	nosniff

Request headers

Referer: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: application/csp-report

Response headers

Expires: -1
Pragma: no-cache
Date: Tue, 13 Feb 2024 14:05:57 GMT
Strict-Transport-Security: max-age=31536000;includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=mwpeH1SuGck1m%2BS9blakWZjmZ2ejZvUv0r69uWd5aPZyqoAHT%2FtBLg81qXgiOocJNOZOgJUBt7iygBLKyfuniQ%3D%3D;
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 0
X-WebKit-CSP: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=mwpeH1SuGck1m%2BS9blakWZjmZ2ejZvUv0r69uWd5aPZyqoAHT%2FtBLg81qXgiOocJNOZOgJUBt7iygBLKyfuniQ%3D%3D;
X-Content-Security-Policy: base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=mwpeH1SuGck1m%2BS9blakWZjmZ2ejZvUv0r69uWd5aPZyqoAHT%2FtBLg81qXgiOocJNOZOgJUBt7iygBLKyfuniQ%3D%3D;

POST
H2 200 9a874d0b-1c45-48da-84a3-05f8d52e728f Show response
dtclag.hdfc.com/bf/ 2 KB
1 KB 558ms
558ms Fetch
text/plain 2606:4700::6810:7315
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://dtclag.hdfc.com/bf/9a874d0b-1c45-48da-84a3-05f8d52e728f?type=js3&sn=v_4_srv_-2D94_sn_2FMO5E2URE3PK74FBOE510Q3J6N5BOKU&svrid=-94&flavor=cors&vi=WMOEFSCWAPDDKGJTWIRAARFCHCURGKQK-0&modifiedSince=1698814019704&rf=https%3A%2F%2Fosappsext.hdfc.com%2FSPOTOFFER_FE%2FLandingpage%3FIsSpotOffer%3Dfalse%26LeadID%3D0210029345%26IsChannel%3Dtrue%26IsChannelOnline%3Dtrue&bp=3&app=d576d7d083ccb2e9&crc=3969518659&en=pznzp9p4&end=1
Requested by: Host: dtclag.hdfc.com
URL: https://dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/d576d7d083ccb2e9_complete.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:7315 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 13b2c103984b2ea2ecbcd2b30631298458fb81e65bf6efc3b60cab515e737f69

Request headers

Referer: https://osappsext.hdfc.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.160 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 13 Feb 2024 14:05:58 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
server: cloudflare
ntcoent-length: 2060
content-type: text/plain;charset=utf-8
access-control-allow-origin: https://osappsext.hdfc.com
cache-control: no-cache
cf-ray: 854da1158f363a54-FRA
content-length: 783

POST 9a874d0b-1c45-48da-84a3-05f8d52e728f
dtclag.hdfc.com/bf/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: dtclag.hdfc.com
URL: https://dtclag.hdfc.com/bf/9a874d0b-1c45-48da-84a3-05f8d52e728f?type=js3&sn=v_4_srv_4_sn_2FMO5E2URE3PK74FBOE510Q3J6N5BOKU_app-3Ad576d7d083ccb2e9_1_ol_0_perc_100000_mul_1_rcs-3Acss_1&svrid=4&flavor=cors&vi=WMOEFSCWAPDDKGJTWIRAARFCHCURGKQK-0&modifiedSince=1707708235154&rf=https%3A%2F%2Fosappsext.hdfc.com%2FSPOTOFFER_FE%2FLandingpage%3FIsSpotOffer%3Dfalse%26LeadID%3D0210029345%26IsChannel%3Dtrue%26IsChannelOnline%3Dtrue&bp=3&app=d576d7d083ccb2e9&crc=172334136&en=pznzp9p4&end=1

Domain: dtclag.hdfc.com
URL: https://dtclag.hdfc.com/bf/9a874d0b-1c45-48da-84a3-05f8d52e728f?type=js3&sn=v_4_srv_4_sn_2FMO5E2URE3PK74FBOE510Q3J6N5BOKU_app-3Ad576d7d083ccb2e9_1_ol_0_perc_100000_mul_1_rcs-3Acss_1&svrid=4&flavor=cors&vi=WMOEFSCWAPDDKGJTWIRAARFCHCURGKQK-0&modifiedSince=1707708235154&rf=https%3A%2F%2Fosappsext.hdfc.com%2FSPOTOFFER_FE%2FLandingpage%3FIsSpotOffer%3Dfalse%26LeadID%3D0210029345%26IsChannel%3Dtrue%26IsChannelOnline%3Dtrue&bp=3&app=d576d7d083ccb2e9&crc=710361075&en=pznzp9p4&end=1

Verdicts & Comments Add Verdict or Comment

33 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
osappsext.hdfc.com/	1970-01-20 18:23:54	Name: osVisit Value: 11abca61-75b9-425b-af7e-f54999b8c6d0
osappsext.hdfc.com/	1970-01-21 03:59:53	Name: osVisitor Value: b7c16ae6-bc2c-419f-84dd-903566cae8cf
osappsext.hdfc.com/	1970-01-21 03:09:29	Name: nr1Users Value: lid%3dAnonymous%3btuu%3d0%3bexp%3d0%3brhs%3dXBC1ss1nOgYW1SmqUjSxLucVOAg%3d%3bhmc%3dWhLHxtPaFripVsdOy%2fcZHHaHEyc%3d
osappsext.hdfc.com/	1970-01-21 03:09:29	Name: nr2Users Value: crf%3dT6C%2b9iB49TLra4jEsMeSckDMNhQ%3d%3buid%3d0%3bunm%3d
.hdfc.com/	1969-12-31 23:59:59	Name: rxVisitor Value: 1707833156907U8HNN3T3LDKBCOUE2JUV3RBNNBOQMFCS
.hdfc.com/	1969-12-31 23:59:59	Name: dtSa Value: -
.hdfc.com/	1969-12-31 23:59:59	Name: rxvt Value: 1707834956920\|1707833156911
.hdfc.com/	1969-12-31 23:59:59	Name: dtPC Value: -94$233156905_761h-vWMOEFSCWAPDDKGJTWIRAARFCHCURGKQK-0e0
.hdfc.com/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_4_sn_2FMO5E2URE3PK74FBOE510Q3J6N5BOKU_app-3Ad576d7d083ccb2e9_1_ol_0_perc_100000_mul_1_rcs-3Acss_1

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true(Line 8) Message: The Content Security Policy directive 'frame-ancestors' is ignored when delivered via a <meta> element.
security	error	URL: https://osappsext.hdfc.com/SPOTOFFER_FE/Landingpage?IsSpotOffer=false&LeadID=0210029345&IsChannel=true&IsChannelOnline=true(Line 8) Message: The Content Security Policy directive 'report-uri' is ignored when delivered via a <meta> element.
security	error	URL: https://dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/d576d7d083ccb2e9_complete.js(Line 29) Message: Refused to create a worker from 'blob:https://osappsext.hdfc.com/a1b95bdf-1f39-4a46-8e61-ab97d97d262e' because it violates the following Content Security Policy directive: "child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com". Note that 'worker-src' was not explicitly set, so 'child-src' is used as a fallback.
security	error	URL: https://dtclag.hdfc.com/jstag/managed/9a874d0b-1c45-48da-84a3-05f8d52e728f/d576d7d083ccb2e9_complete.js(Line 29) Message: Refused to create a worker from 'blob:https://osappsext.hdfc.com/a1b95bdf-1f39-4a46-8e61-ab97d97d262e' because it violates the following Content Security Policy directive: "child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com". Note that 'worker-src' was not explicitly set, so 'child-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
Strict-Transport-Security	max-age=31536000;includeSubDomains
X-Content-Security-Policy	base-uri 'self'; child-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; frame-src 'self' www.google.com gap: https://docs.google.com https://services.billdesk.com https://pgi.billdesk.com; connect-src 'self' https://maps.googleapis.com https://fonts.googleapis.com https://extuatos.hdfc.com https://dtclag.hdfc.com; default-src 'self' gap: https://pws.hdfc.com data: https://dtclag.hdfc.com blob: 'unsafe-inline' 'unsafe-eval'; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: blob: https://khms0.googleapis.com https://khms1.googleapis.com https://maps.gstatic.com https://maps.googleapis.com https://applicationsuat.hdfc.com https://pws.hdfc.com https://lh3.ggpht.com https://learning.hdfcsales.com blob:; media-src 'self' https://pws.hdfc.com * data: https://extuatos.hdfc.com; script-src 'self' www.google.com www.gstatic.com https://maps.googleapis.com https://services.billdesk.com https://pgi.billdesk.com https://dtclag.hdfc.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://fonts.googleapis.com 'unsafe-inline'; frame-ancestors 'self' gap: https://docs.google.com; report-uri /SecurityUtils/rest/Report/ReportViolations?Params=NiZV6xwwTZT60oi42%2B0yqQYQJmUmMOMcukQpTgbgsGKG1y3hmoL0DnhgKgD9hZp6uQrSn8GgExFIXutE0klh%2FA%3D%3D;
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dtclag.hdfc.com
fonts.googleapis.com
fonts.gstatic.com
osappsext.hdfc.com
dtclag.hdfc.com
13.127.37.75
2606:4700::6810:7315
2a00:1450:4001:801::200a
2a00:1450:4001:831::2003
028148d9cf621b07e79cf54b68278d9b4eb3f84498663c8376a4b0c4cd5f4f7f
04bae0d253b1b0e1044dd452acddd07ba081c005093f1769321eb94dcefceb1c
04f19121cc7eb10339cb20d097734c8b77babffe43045e8244c40b4a3ed3d481
0b6a7107a083845133fe6f9f0675c4606bc45c354be3406a3b0932858d620a55
0bfc47c7fc37bc136b4d57934bf61e42f4cc9413b6202d33c4794876dc786257
0f2b7abec0062c233a661ce1779dc7c8fdd7fe9c08d5b5591f23c80aeca492c9
13b2c103984b2ea2ecbcd2b30631298458fb81e65bf6efc3b60cab515e737f69
1925e7e6d9c81dbc9ddbfb34d43f442f46109b34569a541adcc63543cdb2f16c
25620c904261cdf27771abd7efb1ca231990497cb5fc8482a717c394300ef015
276b25528f55ed2219ff582122426302511b92d2354302d2bf1b883312fb6bde
27a688fbbf0be83f38fa4f8c1e5417b2308511058e2f763b63dc7eb5c888fa68
2d1d099df52c42fa2a93ef6922a16b86128c0e9bc5f04d42256f5f41ede2961a
2da11b9e535caaa5537ce1e583c40ee0d22734a608d3754817f2ee573c4c20e7
3da216975ebbf84f1af88928c7447d7b4c5be1ab97d809d4d7ce7831fa8471c2
3fba5649b7b5df99f70648646f71de3b20c516357cf0fb84a768ede71b07812d
48436c47953b7a66692f152550c0e4c05f154142cd3d6ba224faefb63478e118
493311edb0b1f52a157355409c53dc39eec132864a53e6c52096acf083906f94
4ab49f49f7c69c8af70734cad1b82d5bde2c5102b0696daf288be6a05f2fd932
4eeab0af48a5742bb5a43b452f8acc4350c04ef3591916df4c8c2cc4a4458f2b
5af5d6c01d029335ef224c8b3f083f35cef755ddbc42c883433f445d69d4251c
612cf6abc94d8fa7f60b66b041c01fdf05c1c170da5e21c0910ad72599390123
736eae7b490bafcb833c4b62d75b9002ab20ce759e9437e318cffdaf45642da1
744dfeea7159bacfd8db11ec09fe09e8e181aad4b2151a84271573cad8229273
757897be220168d6e40c6f5663c3f9fa4a57bb9f79c843a731789b3606b7a8a8
7f7ece199c7fe59af1bb3176bb7127b94eaee0d169958b4d1c06eff417cf2777
846e86f7d6f12bbdd116258ef2b4630307c87a206a6641004f80da4afefba0c5
89979351d1d036489ceec41ae6d319d21556a7fc81d1377fde408b605526c5a8
89fceada2c375cde694cbb0f17bcfde567965991c99147390a26ed3ad2ccd5c6
8c90aac40367e011e6fb5f0744ca38e88c70aa927952b4993f7dd5049224fe6a
91102915af8f4ffa462535c5140ee3ddbf96fae4e05ead98eb6d672940933f64
94a9c63a01e5960c15367abc0d7ca7e6bbb666e4e26054c7a8c21ff75b395f6a
9ac8b374b0f93c9565c7b18969093b1484505aa5b960676c983f106ca32a7156
9e3d167cf971d42193bd02b93dbe99fca4ba43ef1db134819e8efe48efaaa689
a05061eab73eadfde0ade90d0ce95b361230d7e89b5bbb815d5b6e7aab6ac4e2
a0a1e0b60776a8447c1f268a48ed738dbcb60df9d4bee382de332e837302aa90
a0cc400181fbf059beb6f6cc5cba91e66d6349871c40dc90e3adefd81255950d
a92462cfb821ccbe7b21049a91da1042f7b50701a53b8ba555fd78d668ad5adc
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
bd51b51fbf41d51bba0ee6c5c08d1d61cbd42048e9253423d98d8feb9e99585e
c13280e79f74109c5e3854822c0f0c972d0a57245c95b0b3762f9788bd918f8d
c1f527f32364f54a685420e3f019ae356af476fdc034f61b2ac4be5b8edb97c8
c73f0baff5936fb2680f4415284cceff45fe62fd63f9e5ce13a65f3e95c52492
c79a4f0418da93af0b14d34cc78b737a72c4b8aabeca199bad80f88eac814b1a
ca2b7b745d4745e73d2be9ec6b0acaba7d743a3f21ba66374e1f8a3af328c007
ca7bb17c121b044a858ea1e465e1b2b5789e6d231cead5e4125e944ce70ef4cc
d6725f66f976eb2ea8ac84436e7326b2a3cd16d3ff4672a4076c743ce2753df1
dd68d3119efeb2b5db07018f959d917f4bc562c1f68e7e1a99e8d545fe644898
e09fdc14dcef5c7562aebb502d3afd236204d525599bca4d4e2936dbbe8cab9d
e254c859238c2e81e76552e98096d2015b6a0bae7c627a6476fed247605b19ee
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e43eee0bf7e199a7090d6b48f48a338d40138d7293901ee2c4a3e258de8e55c8
e735e905478a42480c5ec5568c35c58aa01ef5061160c2ffd39d2bcf6ada85b4
ed8ab3cdda6a7e74e9653e4d5e4eb8964246acd45319950289b2546d1ccf12da
f02d7ad355445a41f1795f1c9020f4a91b3d245aeacc8c07af25ff951a65e1ab
f086401ea69a2348e5f5e121e8454c87bed546c10b552ea50f297bc9a59038c9
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fd087f936d79fea0bd4206441619763d275b16fda311a7dc0723da68efefd7c8

osappsext.hdfc.com Open in urlscan Pro 13.127.37.75 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page Statistics

61 Requests

97 %HTTPS

75 %IPv6

3 Domains

4 Subdomains

5 IPs

3 Countries

1225 kBTransfer

6117 kBSize

9 Cookies

0 Outgoing links

Redirected requests

61 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

osappsext.hdfc.com Open in urlscan Pro
13.127.37.75 Public Scan

Screenshot
Live screenshot

Full Image

61
Requests

97 %
HTTPS

75 %
IPv6

3
Domains

4
Subdomains

5
IPs

3
Countries

1225 kB
Transfer

6117 kB
Size

9
Cookies

61 HTTP transactions
1 data transactions