myaccount.ing.com Open in urlscan Pro
145.221.181.252 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://hdaaiic.r.af.d.sendibt2.com/tr/cl/MDtt_7-uZXAqOecL6h385L2-0Cwa5ddfOQOPm1SwguTGLAP9SLLyU4qzS5aKCGtBxROmOllixJDLN_UV5zy_VlhLe3...
Effective URL:
https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2F...
Submission: On April 12 via manual (April 12th 2024, 1:45:41 pm UTC) from DE — Scanned from DE

Summary HTTP 57 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 57 HTTP transactions. The main IP is 145.221.181.252, located in Netherlands and belongs to ING-AS Amsterdam, NL. The main domain is myaccount.ing.com. The Cisco Umbrella rank of the primary domain is 741987.
TLS certificate: Issued by Entrust Certification Authority - L1M on March 20th 2024. Valid for: a year.

This is the only time myaccount.ing.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	1.179.112.197 1.179.112.197	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
34	145.221.181.252 145.221.181.252	15625 (ING-AS Am...) (ING-AS Amsterdam)
1 11	145.221.181.230 145.221.181.230	15625 (ING-AS Am...) (ING-AS Amsterdam)
13	23.195.213.77 23.195.213.77	16625 (AKAMAI-AS) (AKAMAI-AS)
57	3

1 1.179.112.197 (France) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: m1179112197.mailinblue.me

hdaaiic.r.af.d.sendibt2.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

34 145.221.181.252 (Netherlands)

ASN15625 (ING-AS Amsterdam, NL)

myaccount.ing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 145.221.181.230 (Netherlands) 1 redirects

ASN15625 (ING-AS Amsterdam, NL)
PTR: api.myaccount.ing.nl

api.myaccount.ing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.195.213.77 (Houston, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-213-77.deploy.static.akamaitechnologies.com

cdn.ing.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	ing.com 1 redirects myaccount.ing.com — Cisco Umbrella Rank: 741987 api.myaccount.ing.com	707 KB
13	ing.de cdn.ing.de — Cisco Umbrella Rank: 352378	377 KB
1	sendibt2.com 1 redirects hdaaiic.r.af.d.sendibt2.com	375 B
57	3

	Domain	Requested by
34	myaccount.ing.com	myaccount.ing.com
13	cdn.ing.de	api.myaccount.ing.com cdn.ing.de
11	api.myaccount.ing.com	1 redirects myaccount.ing.com api.myaccount.ing.com
1	hdaaiic.r.af.d.sendibt2.com	1 redirects
57	4

This site contains no links.

Subject Issuer	Validity	Valid
myaccount.ing.com Entrust Certification Authority - L1M	`2024-03-20` - `2025-03-26`	a year	crt.sh
api.myaccount.ing.com Entrust Certification Authority - L1M	`2023-07-31` - `2024-08-05`	a year	crt.sh
www.ing-diba.de Entrust Certification Authority - L1M	`2024-03-19` - `2025-04-19`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Frame ID: 40166FCB09F475BA698A37C13BB2DB02
Requests: 35 HTTP requests in this frame

Frame: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Frame ID: FEC4C62F7CF6A87E245FF3766569B857
Requests: 21 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

ING MyAccount

Page URL History Show full URLs

https://hdaaiic.r.af.d.sendibt2.com/tr/cl/MDtt_7-uZXAqOecL6h385L2-0Cwa5ddfOQOPm1SwguTGLAP9SLLyU4qzS5aKCGtBxROmOl... HTTP 302
https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9... Page URL

Detected technologies

basket.js (JavaScript Libraries) Expand

Overall confidence: 10%
Detected patterns

basket.*\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

57
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1081 kB
Transfer

3358 kB
Size

13
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://hdaaiic.r.af.d.sendibt2.com/tr/cl/MDtt_7-uZXAqOecL6h385L2-0Cwa5ddfOQOPm1SwguTGLAP9SLLyU4qzS5aKCGtBxROmOllixJDLN_UV5zy_VlhLe3tYfzfIrZW6PG-7ltypUY8Y8aq2dsHW5gOHqli5yY2vjRQA8musJ8WF_y2HQPKH38OcMUtymE9PkZbhvLoXvK2hmNPTZtuQZ5cpBw-tad4OF919pU5lxBx43p0hIvV23ERCIRqKUFf-5lHRtuV4te1DTWu2m89rGvuWYnjecz-xuU7pPc_P9YBQllFLH7mGjKw_GSlU-A31vHO2h7gaubaV6emWTjwFVsXPcKL8LKhR82H4lZyPjGVRdBI6SmBaCDmDIY3BU1nH2BjOI1BaZR9-9dGxQ8Q3ekTL_tHudVD3g44XEXBqO33_w_5dpptmIa6NF4-pe7VrChhu3rG0KNdY7XNcAvc5PBnypC1uBrbIVVJj8WqrGLApriR5bs_TFDZMCwwaxH3rV7xLVWT5KAJXF322DDQ3bd5384gN3l7pexF3G6SZGVtaDvGUilrDoVVfJXdodA9ZxlUMRWPIe73FZ-hu-keb0zgxAk8AWxzHUWPRB4ZIO0F0Y2R3gcV_FIJx_aafkoLR8WgFFgHDr2uQjBJS8ooA HTTP 302
https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33

https://api.myaccount.ing.com/delogin/oauth/authorize?inframe=true&client_id=wcdefault&response_type=token&pinning=response&redirect_uri=https%3A%2F%2Fapi.myaccount.ing.com%2Fdelogin%2Fa%2Fcallback&scope=openid+tpa&state=123&code_challenge=f94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500&code_challenge_method=s256&tpaAuthenticationContext=%7B%22clientId%22%3A%22ddc7a098-a45a-44d4-89e2-ecbba8b71c98%22%2C%22requiredLevelOfAssurance%22%3A3%2C%22identifyeeType%22%3A%22customer%22%2C%22scopes%22%3A%5B%22granting%22%2C%22trxId%3A3adea23d-1867-46e8-93d7-18e38f12cbff%22%5D%7D&origin=https%3A%2F%2Fmyaccount.ing.com HTTP 302
https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com

57 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request DE Show response
myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/
Redirect Chain

https://hdaaiic.r.af.d.sendibt2.com/tr/cl/MDtt_7-uZXAqOecL6h385L2-0Cwa5ddfOQOPm1SwguTGLAP9SLLyU4qzS5aKCGtBxROmOllixJDLN_UV5zy_VlhLe3tYfzfIrZW6PG-7ltypUY8Y8aq2dsHW5gOHqli5yY2vjRQA8musJ8WF_y2HQPKH38O...
https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6Zm...

4 KB
3 KB

201ms
35ms

Document
text/html

145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

1b721ab9d6cbaab5cbc550c1a256d821e409a5579afce1a5ccba09c79c232502

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache
Connection: keep-alive
Content-Encoding: br
Content-Length: 1164
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Content-Type: text/html
Date: Fri, 12 Apr 2024 13:45:35 GMT
ETag: "DA505E3483118215"
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: deny
X-XSS-Protection: 1; mode=block

Redirect headers

content-length: 318
content-type: text/html; charset=utf-8
date: Fri, 12 Apr 2024 13:45:35 GMT
location: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
x-content-type-options: nosniff
x-sib-server: gke-public-cluster-v2-1-179-112-168
x-xss-protection: 1

GET
H/1.1 200
OK font-definition.css
myaccount.ing.com/node_modules/ing-web/assets/INGMe/ 638 B
1 KB 34ms
33ms Stylesheet
text/css 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/font-definition.css

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

865bc75aef7a5e90d37fca43b11bbf8833f1919b754e43cd76d7c215f7e0f503

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "720E691796FBECE0"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: text/css
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 170
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK environment.js Show response
myaccount.ing.com/src/config/ 758 B
1 KB 66ms
32ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/src/config/environment.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

8d68572ae9195503f908c2cf012713af50dd6b3d12ab47616069de615395d27b

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "47184685B2911129"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 336
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK chunk.js Show response
myaccount.ing.com/ 689 KB
139 KB 160ms
98ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/chunk.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

702cebd755e245f478563ab6c077173e621c6ae32b9cd0773eb6e3fa86424ec4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "6CD0D0ECFA4A2FB7"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 140699
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK routing-39a19f22.js Show response
myaccount.ing.com/ 129 KB
34 KB 129ms
63ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/routing-39a19f22.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

35b54d2f78b7235028f5efd29221e3a3783fe8c7b3c12fb274d982f9b503866f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "028CB6840BB2ABCE"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 33849
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ing-logo.svg-03039125.js Show response
myaccount.ing.com/ 32 KB
10 KB 158ms
81ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/ing-logo.svg-03039125.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

7d835a08ccaf25c4c47e4c25710e7c2b9eb67252c113100870670873ff179b46

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "E61B7EA8BF551E98"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 8909
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK overlays-9fa21495.js Show response
myaccount.ing.com/ 59 KB
13 KB 201ms
122ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/overlays-9fa21495.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

1a696ba921020e9ed1e7ad73c9f1bb15e750c30bcc900b0aab7f4cd0c5ad3652

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "292E66645F540088"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 12000
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK main.js Show response
myaccount.ing.com/node_modules/ing-util-scr-session/assets/ 79 KB
17 KB 204ms
126ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/node_modules/ing-util-scr-session/assets/main.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

3569bc3655cf04855f8f64e44dd67e933fa0229c36a2dcfd2625be823386342a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "76477A2A9B1468E8"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 15817
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK INGMeWeb-Regular.woff2
myaccount.ing.com/node_modules/ing-web/assets/INGMe/Regular/ 29 KB
30 KB 127ms
119ms Font
font/woff2 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/Regular/INGMeWeb-Regular.woff2

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/font-definition.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/font-definition.css
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:35 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "EC9A1E438922ED3F"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: font/woff2
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 29563
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK en-ee220352.js Show response
myaccount.ing.com/ 1 KB
2 KB 33ms
33ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/en-ee220352.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

cc289b7d746ffdc51fcbacbfc550849e36b31dfd817a943de298f372e80cb8f1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/chunk.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "341A6E04B65C10A5"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 445
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ing-app-my-account-payment-initiation-cdefcf96.js Show response
myaccount.ing.com/ 227 KB
33 KB 113ms
113ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

314530405186af6ffa9377fe0f54cd7f68f1071962a5deceb934530af50943d5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/chunk.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "C005C6FBE521BACA"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 32967
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK favicon.ico
myaccount.ing.com/assets/images/ 15 KB
16 KB 33ms
33ms Other
image/x-icon 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/assets/images/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

86483564da4610e45ac9e334441da9f13dc13dc84d03b92c5ca76143d1325769

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
X-Content-Type-Options: nosniff
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
ETag: "EA90985BAF00F4D6"
X-Frame-Options: deny
Content-Type: image/x-icon
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 15086
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK IngBasketDescription-e182b202.js Show response
myaccount.ing.com/ 91 KB
14 KB 39ms
38ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/IngBasketDescription-e182b202.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

290dfa643ef35f442dbdea2f8486efc9e4ef8743e793b733a7feda2617c413f9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "207C82CF8F3CE296"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 13055
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK IngSelectOptions-4febd807.js Show response
myaccount.ing.com/ 208 B
1 KB 32ms
31ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/IngSelectOptions-4febd807.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

26e7e79b0ced0544e58ea0c8a74a61709ebb3829b00a6b3cd4f8bf6f4580fc06

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "A5832BA4370703FD"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 121
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK MyAccountLogin-7be60a65.js Show response
myaccount.ing.com/ 58 KB
12 KB 63ms
62ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/MyAccountLogin-7be60a65.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

33624dc024c85beec215b59b0f4286cbe1d53f5548689eb4f4a42189abc3726a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "B7C0AE44C3781B35"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 10664
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK table-759c6472.js Show response
myaccount.ing.com/ 3 KB
2 KB 41ms
40ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/table-759c6472.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

f0b7ff55ced467f6664adb1c51948edfd865071e0e293930c0bfb958719fd24f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "040FCA62FC364241"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 555
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK radio-checkbox-5c5eb795.js Show response
myaccount.ing.com/ 2 KB
2 KB 41ms
40ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/radio-checkbox-5c5eb795.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

1361ca7d2f016fb8b2253dbb20baafc935caa200edabfd1e71d31a44abb89e73

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "0372F125E4FF901C"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 543
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK IngFieldsetMixin-af8d7762.js Show response
myaccount.ing.com/ 11 KB
4 KB 40ms
39ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/IngFieldsetMixin-af8d7762.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

364a6a02939c9ba442ec9395f57186d73c34f01c26d184ed96d5416ca80bdfed

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-app-my-account-payment-initiation-cdefcf96.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:36 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "A36DD4D0FAF9ACE1"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 2581
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-DE-e80d496f.js Show response
myaccount.ing.com/ 67 B
1 KB 34ms
33ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-DE-e80d496f.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

50980aa44a4f4c4a5658774850a196bed5df8901572f74f62913adebb2d0185a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/chunk.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "DA4A72319CE48714"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 70
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-0b74f157.js Show response
myaccount.ing.com/ 2 KB
2 KB 32ms
32ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-0b74f157.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

c42b3527a2c6b196d9d89adaa0a038e8fc6d162f6efc73d8fbf56d2a8609be20

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/de-DE-e80d496f.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "E775D74D143E5241"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 632
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-440f81c2.js Show response
myaccount.ing.com/ 53 B
1 KB 32ms
32ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-440f81c2.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

fc4afa63faba5a7038cb4f4a273bdf23bf1d01dbaccfb0aad36f57735b654d4a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/chunk.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "04F1EAE8F2CF83F3"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 56
X-XSS-Protection: 1; mode=block

GET
H/1.1 200 countries Show response
api.myaccount.ing.com/grants/ 65 B
2 KB 140ms
44ms Fetch
application/json 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/grants/countries

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

d767f215945fef9f4c7a738dca21c2c0a3779183efe65e29b4891c8b949dea55

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
X-XSRF-TOKEN: 6H4q4vOtRGgGwmV3GWXnNRXeJT3L4rnoJk3mWdPfA176m8S8yanlkw0iwLhS8UWL
accept-language: de-DE
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept: application/json
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Vary: Origin
X-Frame-Options: sameorigin
Content-Type: application/json;charset=UTF-8
Access-Control-Allow-Origin: https://myaccount.ing.com
Access-Control-Expose-Headers: location,x-token-expired,x-token-loa,x-token-scope,cache-control,content-disposition,x-ing-crontoencryptedstate,tpp-redirect-uri,x-ing-response-id,x-request-id,x-ing-chatbot-session
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Transfer-Encoding: chunked
Connection: keep-alive
X-ING-Response-ID: 71fd75fe93acbc3cae8c4d06d6c9044c
X-XSS-Protection: 1; mode=block

OPTIONS
H/1.1 204
No Content countries
api.myaccount.ing.com/grants/ Frame 0
0 203ms
78ms Preflight 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/grants/countries

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept: */*
Access-Control-Request-Headers: x-xsrf-token
Access-Control-Request-Method: GET
Origin: https://myaccount.ing.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: authority, authorization, cache-control, content-type, dtab-local, expect, language, pragma, priority, sec-ch-ua, sec-ch-ua-arch, sec-ch-ua-mobile, sec-ch-ua-model, sec-ch-ua-platform, sec-fetch-dest, sec-fetch-mode, sec-fetch-site, sec-fetch-user, sec-gpc, sec-metadata, sec-websocket-extensions, sec-websocket-key, sec-websocket-protocol, sec-websocket-version, te, tppauthorisation, ua-color, ua-cpu, ua-disp, ua-os, ua-pixels, upgrade, via, vnd.ing.ext.ctx-app_id, vnd.ing.ext.ctx-graphite_postfix, x-ing-accessprofiletype, x-ing-crontoencryptedstate, x-ing-fingerprint, x-ing-user-inactivity, x-jws-signature, x-p2p-peerdist, x-p2p-peerdistex, x-request-id, x-xsrf-token
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: https://myaccount.ing.com
Access-Control-Expose-Headers: location,x-token-expired,x-token-loa,x-token-scope,cache-control,content-disposition,x-ing-crontoencryptedstate,tpp-redirect-uri,x-ing-response-id,x-request-id,x-ing-chatbot-session
Access-Control-Max-Age: 600
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Date: Fri, 12 Apr 2024 13:45:37 GMT
Strict-Transport-Security: max-age=31622400; includeSubDomains
Vary: Origin
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-ING-Response-ID: e32b2cf5973bbfd1987858f24fe036d5
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK ingWaitingScreen.svg
myaccount.ing.com/node_modules/ing-message-screen/assets/images/ 7 KB
4 KB 40ms
40ms Image
image/svg+xml 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://myaccount.ing.com/node_modules/ing-message-screen/assets/images/ingWaitingScreen.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

caff6875a1bd2ef792d9d55246d9805c808dba63fbba7e1066a9c7660aedc99e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "439A66AA084539CB"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: image/svg+xml
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 2874
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK INGMeWeb-Bold.woff2
myaccount.ing.com/node_modules/ing-web/assets/INGMe/Bold/ 30 KB
31 KB 41ms
40ms Font
font/woff2 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/Bold/INGMeWeb-Bold.woff2

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/font-definition.css

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/node_modules/ing-web/assets/INGMe/font-definition.css
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "813E0199BD54D835"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: font/woff2
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 30407
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-DE-cd46b3af.js Show response
myaccount.ing.com/ 67 B
1 KB 40ms
40ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-DE-cd46b3af.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/overlays-9fa21495.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

e12c086cbfd8bbd0e8ba1275164309ff1ad514f4212077eca8f8341e254c0be3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/overlays-9fa21495.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "AF78BFD865F78DD5"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 68
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-DE-874b1b0e.js Show response
myaccount.ing.com/ 67 B
1 KB 40ms
40ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-DE-874b1b0e.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

ffbdcd29f388ce17489290a8e46bfcd79506f7128c46f2223383177ec77c4a9d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/chunk.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "48F5E8C163C78054"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 70
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK outline-location-abe82e51.js Show response
myaccount.ing.com/ 83 B
1 KB 32ms
32ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/outline-location-abe82e51.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/ing-logo.svg-03039125.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

5cc368c9f586cf573efd762b2b373b3d5ca4291a1e06b601d1a1c5f0b357c51d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-logo.svg-03039125.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "B95C0A33C648067A"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 81
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-DE-4d588890.js Show response
myaccount.ing.com/ 67 B
1 KB 39ms
39ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-DE-4d588890.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

2f813707780df7868e892e437e7d338d764a8b035e9ec6ccf5f7ed9f54a21157

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/chunk.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "54D3637A6636CBF0"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 69
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK index-55314974.js Show response
myaccount.ing.com/ 2 KB
2 KB 39ms
39ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/index-55314974.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/MyAccountLogin-7be60a65.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

f78d9506bdf380e8a333c0ec0af4c665d360e994a86ae9dcad02f663eedf729d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/MyAccountLogin-7be60a65.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "1804F39157BE31A2"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 883
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-3d24410e.js Show response
myaccount.ing.com/ 82 B
1 KB 67ms
67ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-3d24410e.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

9bd0db488f3292221590b884ddffecb76310eb00fa5b5c9fcc6d03a585fb0906

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/de-DE-cd46b3af.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "8C77D8193BF5509C"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 85
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-99140b62.js Show response
myaccount.ing.com/ 50 B
1 KB 43ms
43ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-99140b62.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

9a469798884386e7cf4fcf12e09a5868979d3609d265f5159ca648dd1261bfe3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/de-DE-874b1b0e.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "C1C662038A5843FF"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 47
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK world_outline.svg-1e09e650.js Show response
myaccount.ing.com/ 3 KB
2 KB 44ms
44ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/world_outline.svg-1e09e650.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

ea87872a1fb7b7a1d756e87cee7305e2d20e4177bd2b3cd8319d53e9a5bbcabd

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/outline-location-abe82e51.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "EE5355B02C40CB70"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 1366
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK de-4ab36a30.js Show response
myaccount.ing.com/ 153 B
1 KB 40ms
40ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/de-4ab36a30.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

534110a6776e13a12f5970769a3640f5301087203bffb1c5c1d5ed0c3fbb532a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/de-DE-4d588890.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "6D0830DE69FB9B1A"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 118
X-XSS-Protection: 1; mode=block

GET
H/1.1

200

https://api.myaccount.ing.com/delogin/oauth/authorize?inframe=true&client_id=wcdefault&response_type=token&pinning=response&redirect_uri=https%3A%2F%2Fapi.myaccount.ing.com%2Fdelogin%2Fa%2Fcallback...
https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26respons...

21 KB
23 KB

122ms
122ms

Document
text/html

145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/routing-39a19f22.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

66764b1ec8dcaaee40567824c528b0076b8a2ba5fe80c638021ea5153c71792f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://myaccount.ing.com/payment-initiation/3adea23d-1867-46e8-93d7-18e38f12cbff/DE?state=eyJvYXV0aF9zdGF0ZV9pZCI6IjdlN2FmYzJlLTg5NTUtNGMzNy04YTkyLWM3YjQ4NDY1ZGJiOCIsInVzZV9vYXV0aF9jYWxsYmFjayI6ZmFsc2UsInBsYWlkX2VudiI6InByb2R1Y3Rpb24iLCJyZWRpcmVjdF91cmkiOiJwbGFpZC1saW5rLW9hdXRoOi8vaGFuZG9mZiJ9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

Cache-Control: no-cache, no-store
Connection: keep-alive
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Content-Type: text/html;charset=UTF-8
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Cross-Origin-Opener-Policy: same-origin
Date: Fri, 12 Apr 2024 13:45:37 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Strict-Transport-Security: max-age=31622400; includeSubDomains
Transfer-Encoding: chunked
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-ING-Response-ID: 45b36e12e31771ce45343373549f0890
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Connection: keep-alive
Content-Length: 0
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
Date: Fri, 12 Apr 2024 13:45:37 GMT
Expires: 0
Location: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Pragma: no-cache
Strict-Transport-Security: max-age=31622400; includeSubDomains
Vary: Origin Access-Control-Request-Method Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-Frame-Options: sameorigin
X-ING-Response-ID: f8c5cd3ee5e383b805498b1c9f292b51
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK filledin-notification-60d804a2.js Show response
myaccount.ing.com/ 164 B
1 KB 41ms
41ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/filledin-notification-60d804a2.js

Requested by

Host: myaccount.ing.com
URL: https://myaccount.ing.com/ing-logo.svg-03039125.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

d2032509f3294e7790e663b975e63fd2340206e2fca84185ea06db73d7620d04

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/ing-logo.svg-03039125.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:32 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "28F0318E94FE075D"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 97
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK notification_warning_filledin.svg-fd0a4300.js Show response
myaccount.ing.com/ 2 KB
2 KB 40ms
40ms Script
application/javascript 145.221.181.252
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://myaccount.ing.com/notification_warning_filledin.svg-fd0a4300.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

145.221.181.252 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

Software

Resource Hash

1e9344dfba444b51fd7f4e537311251f3088fb2b0006d35e4b636ee1632fdee8

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://myaccount.ing.com/filledin-notification-60d804a2.js
Origin: https://myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Encoding: br
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains; preload
Last-Modified: Wed, 03 Apr 2024 14:58:33 GMT
Referrer-Policy: no-referrer-when-downgrade
Content-Security-Policy: default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
ETag: "59AED1E9B0C53DC8"
Vary: Accept-Encoding
X-Frame-Options: deny
Content-Type: application/javascript
Cache-Control: no-cache
Connection: keep-alive
Content-Length: 864
X-XSS-Protection: 1; mode=block

GET
H2 200 bundle.ibbr.css
cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/ Frame FEC4 769 KB
109 KB 607ms
152ms Stylesheet
text/css 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/bundle.ibbr.css

Requested by

Host: api.myaccount.ing.com
URL: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

e0094a3b8b19d8790dc913e4a0762f6807cd7729bd747ca0336aabe066b3a481

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:38 GMT
akamai-cache-status: Hit from child
content-length: 111145
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-1b229"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70512
x-ing-response-id: c63923ea5e00d954e8023d5be5d0129e
expires: Sat, 13 Apr 2024 09:20:50 GMT

GET
H/1.1 200 qrl-ver-F28B541D99A1764E2AA842CB219CB826.svg
api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-0qNcFMCgijWELocrXtXOrUiMfHgPf0-Gkf9nHdL8Xvq5RdU3yY7rGeUxo5OFIsJM/ Frame FEC4 2 KB
4 KB 78ms
78ms Image
image/svg+xml 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-0qNcFMCgijWELocrXtXOrUiMfHgPf0-Gkf9nHdL8Xvq5RdU3yY7rGeUxo5OFIsJM/qrl-ver-F28B541D99A1764E2AA842CB219CB826.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:37 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Content-Disposition: inline
Connection: keep-alive
Content-Length: 1973
X-XSS-Protection: 1; mode=block
Pragma: cache
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Accept-Range: bytes
Last-Modified: Fri, 05 Apr 2024 07:32:30 GMT
Cross-Origin-Opener-Policy: same-origin
Vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
X-Frame-Options: sameorigin
Content-Type: image/svg+xml
Cache-Control: public, max-age=31536000
X-ING-Response-ID: dcae953cd4df6a3f6633cf436c5c9c12
Expires: Sat, 12 Apr 2025 13:45:37 GMT

GET
H/1.1 200 qrlhint-ver-47C8089113DCF2806105F0D1ABC5821C.png
api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-0qNcFMCgijWELocrXtXOrUiMfHgPf0-Gkf9nHdL8Xvq5RdU3yY7rGeUxo5OFIsJM/ Frame FEC4 131 KB
133 KB 169ms
90ms Image
image/png 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-0qNcFMCgijWELocrXtXOrUiMfHgPf0-Gkf9nHdL8Xvq5RdU3yY7rGeUxo5OFIsJM/qrlhint-ver-47C8089113DCF2806105F0D1ABC5821C.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

a501d1dfaa5ce19c381254353da7b398c5d6bb9f2549daaca73aa93b557be2b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:38 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Content-Disposition: inline
Connection: keep-alive
Content-Length: 134504
X-XSS-Protection: 1; mode=block
Pragma: cache
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Accept-Range: bytes
Last-Modified: Fri, 05 Apr 2024 07:32:30 GMT
Cross-Origin-Opener-Policy: same-origin
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Frame-Options: sameorigin
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-ING-Response-ID: a357e09df9cd46646aa5defed0282995
Expires: Sat, 12 Apr 2025 13:45:37 GMT

GET
H/1.1 200 jquery-3.5.1.min-ver-DC5E7F18C8D36AC1D3D4753A87C98D0A.js Show response
api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-qK-YujedTtq7ndlqCpab1EzCpgD_dyHUcnjYL059kxtLlX8L18vALVsUXlzDwu8FBfN2FbAYoR_EvfHph2iEfw/ Frame FEC4 87 KB
89 KB 217ms
123ms Script
application/javascript 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-qK-YujedTtq7ndlqCpab1EzCpgD_dyHUcnjYL059kxtLlX8L18vALVsUXlzDwu8FBfN2FbAYoR_EvfHph2iEfw/jquery-3.5.1.min-ver-DC5E7F18C8D36AC1D3D4753A87C98D0A.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:38 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Content-Disposition: inline
Connection: keep-alive
Content-Length: 89476
X-XSS-Protection: 1; mode=block
Pragma: cache
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Accept-Range: bytes
Last-Modified: Fri, 05 Apr 2024 07:32:30 GMT
Cross-Origin-Opener-Policy: same-origin
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
X-ING-Response-ID: 639699795bdba7e0665b1b74b9671c52
Expires: Sat, 12 Apr 2025 13:45:38 GMT

GET
H/1.1 200 wicket-ajax-jquery-ver-6C3579C63E0C4EBFA954D232A7F1B943.js Show response
api.myaccount.ing.com/delogin/w/w/r/fOviCm_TvQ_zG60_fl-Yje8XyIxW_ahW8COr9tQRuB6R6bJQRCbze_0EUtTWNbtn3yYC0R6_-ec/res/js/ Frame FEC4 27 KB
28 KB 218ms
123ms Script
application/javascript 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/fOviCm_TvQ_zG60_fl-Yje8XyIxW_ahW8COr9tQRuB6R6bJQRCbze_0EUtTWNbtn3yYC0R6_-ec/res/js/wicket-ajax-jquery-ver-6C3579C63E0C4EBFA954D232A7F1B943.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

5909162c02a4a4d0d416ef6c415ef7ac13ce245129596c567cbaaca68aef0d36

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:38 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Content-Disposition: inline
Connection: keep-alive
Content-Length: 27349
X-XSS-Protection: 1; mode=block
Pragma: cache
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Accept-Range: bytes
Last-Modified: Fri, 05 Apr 2024 07:28:02 GMT
Cross-Origin-Opener-Policy: same-origin
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
X-ING-Response-ID: 6c98790fb1d9e37891ba673b9036090f
Expires: Sat, 12 Apr 2025 13:45:38 GMT

GET
H/1.1 200 busy-ver-C331575AF308054F00673A92BCB41217.js Show response
api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVypuDO4q6CZvTqxO8zVczbxBr7eENRPMjGtSKzwclIZlpwwxXkYYpt_cjC5wngRueskVl8r5KTcx6Q/ Frame FEC4 7 KB
9 KB 174ms
79ms Script
application/javascript 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVypuDO4q6CZvTqxO8zVczbxBr7eENRPMjGtSKzwclIZlpwwxXkYYpt_cjC5wngRueskVl8r5KTcx6Q/busy-ver-C331575AF308054F00673A92BCB41217.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

76c784ae844d93674c22dd9ca5124e99f04e00363f5381e79e44a40e8f440bfb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:38 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Content-Disposition: inline
Connection: keep-alive
Content-Length: 7149
X-XSS-Protection: 1; mode=block
Pragma: cache
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Last-Modified: Fri, 05 Apr 2024 07:28:02 GMT
Cross-Origin-Opener-Policy: same-origin
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
X-ING-Response-ID: a387280bbcc9659a2c091cdc7fb4ba36
Expires: Sat, 12 Apr 2025 13:45:38 GMT

GET
H/1.1 200 fingerprint.min-ver-5ABAFE414AABFCF4539DD4C317CD5DA6.js Show response
api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-b70i61myrwuKo6XsNYLJ8vVKcZHHyXWSleBsxxRBCCDspk08W0Q7W1RHdgDNz-5w/ Frame FEC4 30 KB
31 KB 250ms
134ms Script
application/javascript 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVyo_Yp7sHye14lW0C_oeAxg-b70i61myrwuKo6XsNYLJ8vVKcZHHyXWSleBsxxRBCCDspk08W0Q7W1RHdgDNz-5w/fingerprint.min-ver-5ABAFE414AABFCF4539DD4C317CD5DA6.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

ab634fa0e8eca8ca6aeaad0c15c1e2a2c70c921288c6a6ed4889688b6402a2cb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:38 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
Content-Disposition: inline
Connection: keep-alive
Content-Length: 30342
X-XSS-Protection: 1; mode=block
Pragma: cache
Cross-Origin-Embedder-Policy-Report-Only: require-corp
Accept-Range: bytes
Last-Modified: Fri, 05 Apr 2024 07:32:30 GMT
Cross-Origin-Opener-Policy: same-origin
Vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
X-Frame-Options: sameorigin
Content-Type: application/javascript
Cache-Control: public, max-age=31536000
X-ING-Response-ID: bff9f5f2467b8be11528895e80e48ab5
Expires: Sat, 12 Apr 2025 13:45:38 GMT

GET
H2 200 bundle.all.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/ Frame FEC4 567 KB
148 KB 974ms
522ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

de1f262a6f4a40ca41c08ff4e4a08e4bffc33fdcca04403caddf7042288504ce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:38 GMT
akamai-cache-status: Hit from child
content-length: 150816
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-24d20"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=71462
x-ing-response-id: 817988f7e67ade1cdd0e8afe15d9b41c
expires: Sat, 13 Apr 2024 09:36:40 GMT

GET
H/1.1 414
Request-URI Too Large SuppressJavascriptConsoleBehavior-ver-1EA60D9506B6FAC9D0B9E6C1B184247A.js
api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVypuDO4q6CZvTqxO8zVczbxBr7eENRPMjGtKp62OBiqmyNBRt1Dw2E_cSyUPDsXGOhUKgv8wByv5cTxjj0VJ6ZfL6hAZRaVeCO55hiYo22z8ViaxKyQjk5d7/resource/ Frame FEC4 0
0 86ms
42ms Script
text/html 145.221.181.230
ING-AS Amsterdam

General

Check archive.org

Show headers Download Go to

Full URL

https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVypuDO4q6CZvTqxO8zVczbxBr7eENRPMjGtKp62OBiqmyNBRt1Dw2E_cSyUPDsXGOhUKgv8wByv5cTxjj0VJ6ZfL6hAZRaVeCO55hiYo22z8ViaxKyQjk5d7/resource/SuppressJavascriptConsoleBehavior-ver-1EA60D9506B6FAC9D0B9E6C1B184247A.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

145.221.181.230 , Netherlands, ASN15625 (ING-AS Amsterdam, NL),

Reverse DNS

api.myaccount.ing.nl

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://.ing.de https://.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://.ing.de data: https://cdn.ing.com; frame-src 'self' https://.ing.de api.api.myaccount.ing.com .luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://.ing.de https://.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://.ing.de https://.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

Date: Fri, 12 Apr 2024 13:45:38 GMT
Content-Security-Policy: default-src 'self'; script-src 'self' data: api.api.myaccount.ing.com https://*.ing.de 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; style-src 'self' https://*.ing.de 'unsafe-inline' data: https://cdn.ing.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://*.ing.de https://*.usercentrics.eu api.api.myaccount.ing.com; font-src 'self' https://*.ing.de data: https://cdn.ing.com; frame-src 'self' https://*.ing.de api.api.myaccount.ing.com *.luxtrust.com https://aweucn1-3.advanced-web-analytics.com; img-src 'self' https: data: https://*.ing.de https://*.usercentrics.eu https://cdn.ing.com; manifest-src 'self'; media-src 'self' https://cdn.ing.com; worker-src 'none'; form-action 'self' https://*.ing.de api.api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; frame-ancestors 'self' https://*.ing.de https://*.ing.com;
X-Content-Type-Options: nosniff
Strict-Transport-Security: max-age=31622400; includeSubDomains
X-Frame-Options: sameorigin
Content-Type: text/html
X-Cnection: close
X-ING-Response-ID: 5475020e561306eac697c4dce5f7d4ff
Content-Length: 580
X-XSS-Protection: 1; mode=block

GET
H2 200 browser-notification.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/ Frame FEC4 3 KB
2 KB 602ms
150ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/browser-notification.js

Requested by

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

db26cf11701f569bf67854ac7f2f13381e29b043ca491fac87a153419a2625a5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:38 GMT
akamai-cache-status: Hit from child
content-length: 1243
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-4db"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70638
x-ing-response-id: 4bfdb10b9b2e4b8313455998c6eca7ff
expires: Sat, 13 Apr 2024 09:22:56 GMT

GET
H2 200 INGMeWeb-Regular.woff2
cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/webfonts/ Frame FEC4 29 KB
30 KB 751ms
330ms Font
font/woff2 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/webfonts/INGMeWeb-Regular.woff2

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/bundle.ibbr.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/bundle.ibbr.css
Origin: https://api.myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 29614
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-73ae"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=69970
x-ing-response-id: 4755f34ed8ff90ef96ef58b25f1824ef
expires: Sat, 13 Apr 2024 09:11:49 GMT

GET
H2 200 INGMeWeb-Bold.woff2
cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/webfonts/ Frame FEC4 30 KB
30 KB 590ms
169ms Font
font/woff2 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/webfonts/INGMeWeb-Bold.woff2

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/bundle.ibbr.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/stylesheets/bundle.ibbr.css
Origin: https://api.myaccount.ing.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 30447
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-76ef"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=69812
x-ing-response-id: 2c460d30f768b07e0adcc231c31d3c32
expires: Sat, 13 Apr 2024 09:09:11 GMT

GET
H2 200 dots.lottie Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/images/ Frame FEC4 5 KB
1 KB 614ms
329ms XHR
application/octet-stream 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/images/dots.lottie

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

43cd4999e420fc3aed8d6157b43c444bb1b02b4e9d1c14d6ffb35a0e20a26a8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=31622400; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 12 Apr 2024 13:45:39 GMT
content-encoding: gzip
akamai-cache-status: Hit from child
content-length: 755
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-150a"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=69909
access-control-allow-credentials: true
x-ing-response-id: c05a25e7ef1403fb9b089b6d53763403
expires: Sat, 13 Apr 2024 09:10:48 GMT

GET
H2 200 dots.lottie Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/images/ Frame FEC4 5 KB
0 614ms
614ms Fetch
application/octet-stream 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/images/dots.lottie

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

43cd4999e420fc3aed8d6157b43c444bb1b02b4e9d1c14d6ffb35a0e20a26a8a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 755
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-150a"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/octet-stream
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=69909
access-control-allow-credentials: true
x-ing-response-id: c05a25e7ef1403fb9b089b6d53763403
expires: Sat, 13 Apr 2024 09:10:48 GMT

GET
H2 200 3514.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/ Frame FEC4 57 KB
16 KB 162ms
162ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/3514.js

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

2d13d15dcf17ff888441b0f4fbb03402ab8fd7a57f3e748b0bbf0461e3142daa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 15493
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-3c85"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70531
x-ing-response-id: 1c31f2f2f1eb30a8f6a633708f7cac80
expires: Sat, 13 Apr 2024 09:21:10 GMT

GET
H2 200 9479.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/ Frame FEC4 4 KB
2 KB 170ms
169ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/9479.js

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

e375911052577b7499fd266f2ed8693982c5858f0819d423718c904208ad2f6e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 1367
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-557"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70599
x-ing-response-id: 2e850e4fd6ff00f003286ec4424ed8a2
expires: Sat, 13 Apr 2024 09:22:18 GMT

GET
H2 200 7760.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/ Frame FEC4 48 KB
16 KB 217ms
216ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/7760.js

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

a8944c4db20738f5562a817a5200e11dcf5b94f7518816edd9010ac013f851c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 16056
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-3eb8"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70498
x-ing-response-id: 356d88e298feafc269f06ff1b96882ef
expires: Sat, 13 Apr 2024 09:20:37 GMT

GET
H2 200 1171.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/ Frame FEC4 35 KB
12 KB 164ms
164ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/1171.js

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

1265a68a051ccc1413be3efd4176708b2c1ad086471c7c5d338a7ab5a81f652d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 11567
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-2d2f"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70559
x-ing-response-id: 960c3c71671de956a05d22fac130711d
expires: Sat, 13 Apr 2024 09:21:38 GMT

GET
H2 200 3241.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/ Frame FEC4 6 KB
2 KB 168ms
168ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/3241.js

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

96a76700efc2b55e32742e60ef121988f09e9557276979358f0673a0f7c56582

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 1837
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-72d"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70684
x-ing-response-id: 0cf9762a5e28f6a53993367a434c8521
expires: Sat, 13 Apr 2024 09:23:43 GMT

GET
H2 200 9934.js Show response
cdn.ing.de/ing-feat-uilib-de/7.7.1/ Frame FEC4 20 KB
8 KB 167ms
166ms Script
application/javascript 23.195.213.77
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.ing.de/ing-feat-uilib-de/7.7.1/9934.js

Requested by

Host: cdn.ing.de
URL: https://cdn.ing.de/ing-feat-uilib-de/7.7.1/javascripts/bundle.all.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.195.213.77 Houston, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-195-213-77.deploy.static.akamaitechnologies.com

Software

Resource Hash

0ceaa1f5e717f4a480fb8e111a8007ef3cbbfd9f9113dc0fc702da09b7e8afae

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://.ing.de https://.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	sameorigin
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer: https://api.myaccount.ing.com/
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self' https://*.ing.de https://*.ing.com; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.cdn.ing.com; style-src 'self' 'unsafe-inline' data:; img-src https: data:; script-src 'self' data: 'unsafe-inline' 'unsafe-eval'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31622400; includeSubDomains; preload
date: Fri, 12 Apr 2024 13:45:39 GMT
akamai-cache-status: Hit from child
content-length: 7252
x-xss-protection: 1; mode=block
last-modified: Fri, 01 Dec 2023 12:18:38 GMT
etag: "6569cf1e-1c54"
x-frame-options: sameorigin
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
cache-control: max-age=70525
x-ing-response-id: f1a5344d0cfb0d21876f588837b6401e
expires: Sat, 13 Apr 2024 09:21:04 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.myaccount.ing.com/	1969-12-31 23:59:59	Name: XSRF-TOKEN Value: 6H4q4vOtRGgGwmV3GWXnNRXeJT3L4rnoJk3mWdPfA176m8S8yanlkw0iwLhS8UWL
myaccount.ing.com/	1969-12-31 23:59:59	Name: fecvm Value: 18.8.6
myaccount.ing.com/	1969-12-31 23:59:59	Name: lb-3-p-219 Value: !syqlB50scaXmKu4Ydy+W6/wonW0E6tne+Xpmv8S2DrM1WzwQnq8eK1kmxbYWb7muP1V8AgJ4LcAyXCm8PHRzzK/rv1352a0Hmf0utoGCgFu6
myaccount.ing.com/	1969-12-31 23:59:59	Name: TS019d407a Value: 01f83a9401b7bf789fe5da275384db64963557a6163aa718864069cd538cf7d672241be50f63fc0eb7d9f0a766999547328245580c
.myaccount.ing.com/	1969-12-31 23:59:59	Name: TS017af1d0 Value: 01f83a9401b7bf789fe5da275384db64963557a6163aa718864069cd538cf7d672241be50f63fc0eb7d9f0a766999547328245580c
myaccount.ing.com/	1970-01-21 04:34:25	Name: country Value: DE
myaccount.ing.com/	1970-01-21 04:34:25	Name: lang Value: de-DE
api.myaccount.ing.com/	1969-12-31 23:59:59	Name: T-SESSION-ID Value: jnsOrCYv6T6a8TqtiIHY3kphSy4Z4sQPF7h-c-oifIjo9Do8gjCQLVqOrREEyn6v
api.myaccount.ing.com/	1969-12-31 23:59:59	Name: lb-3-p-232 Value: !f3oTx+zJvPscbzMYdy+W6/wonW0E6gZfjGzPoq8boW5qy0/AMd6lfIiN6c4zltW3tCPVmy4J50d0qwNyYG3l/6SPvVjc5qQG0cakMS9sKjo=
api.myaccount.ing.com/	1969-12-31 23:59:59	Name: TS019d407a Value: 01f83a940162ab7c8aab78fd0bbff7b957b8870f58b99f3718874cfcc8bb8e0cc99bef704aaa876ed5ab22c8e5952327adb7e78d18
api.myaccount.ing.com/	1969-12-31 23:59:59	Name: inframe Value: aHR0cHM6Ly9teWFjY291bnQuaW5nLmNvbQ==
api.myaccount.ing.com/	1969-12-31 23:59:59	Name: SID Value: ZGY5YWM1MWYtOWNjYy00OTZmLThhMTYtYTg5NTVkYmM3Nzc0
api.myaccount.ing.com/	1969-12-31 23:59:59	Name: fp Value: d78eee527c80bd8bbd0bfbeada218b39

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com(Line 86) Message: Blocked autofocusing on a <input> element in a cross-origin subframe.
network	error	URL: https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVypuDO4q6CZvTqxO8zVczbxBr7eENRPMjGtKp62OBiqmyNBRt1Dw2E_cSyUPDsXGOhUKgv8wByv5cTxjj0VJ6ZfL6hAZRaVeCO55hiYo22z8ViaxKyQjk5d7/resource/SuppressJavascriptConsoleBehavior-ver-1EA60D9506B6FAC9D0B9E6C1B184247A.js Message: Failed to load resource: the server responded with a status of 414 (Request-URI Too Large)
security	error	URL: https://api.myaccount.ing.com/delogin/w/login?embedded=true&origin=https://myaccount.ing.com&t=https://api.myaccount.ing.com/delogin/oauth/authorize?inframe%3Dtrue%26client_id%3Dwcdefault%26response_type%3Dtoken%26pinning%3Dresponse%26redirect_uri%3Dhttps%253A%252F%252Fapi.myaccount.ing.com%252Fdelogin%252Fa%252Fcallback%26scope%3Dopenid+tpa%26state%3D123%26code_challenge%3Df94244e435026064d9c6243600ca27040295a5b06a279727bbd7aa714c5ad500%26code_challenge_method%3Ds256%26tpaAuthenticationContext%3D%257B%2522clientId%2522%253A%2522ddc7a098-a45a-44d4-89e2-ecbba8b71c98%2522%252C%2522requiredLevelOfAssurance%2522%253A3%252C%2522identifyeeType%2522%253A%2522customer%2522%252C%2522scopes%2522%253A%255B%2522granting%2522%252C%2522trxId%253A3adea23d-1867-46e8-93d7-18e38f12cbff%2522%255D%257D%26origin%3Dhttps%253A%252F%252Fmyaccount.ing.com Message: Refused to execute script from 'https://api.myaccount.ing.com/delogin/w/w/r/tssV3vNFVypuDO4q6CZvTqxO8zVczbxBr7eENRPMjGtKp62OBiqmyNBRt1Dw2E_cSyUPDsXGOhUKgv8wByv5cTxjj0VJ6ZfL6hAZRaVeCO55hiYo22z8ViaxKyQjk5d7/resource/SuppressJavascriptConsoleBehavior-ver-1EA60D9506B6FAC9D0B9E6C1B184247A.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; font-src 'self' data: https://cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; form-action 'self' api.myaccount.ing.com; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.myaccount.ing.com; style-src 'self' 'unsafe-inline' data: https://cdn.ing.com; img-src https: data: https://cdn.ing.com; script-src 'self' data: api.myaccount.ing.com 'unsafe-inline' 'unsafe-eval' https://cdn.ing.com; frame-src 'self' api.myaccount.ing.com *.luxtrust.com https://access.ing.de https://aweucn1-3.advanced-web-analytics.com; media-src https://cdn.ing.com;
Strict-Transport-Security	max-age=31622400; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.myaccount.ing.com
cdn.ing.de
hdaaiic.r.af.d.sendibt2.com
myaccount.ing.com
1.179.112.197
145.221.181.230
145.221.181.252
23.195.213.77
0ceaa1f5e717f4a480fb8e111a8007ef3cbbfd9f9113dc0fc702da09b7e8afae
1265a68a051ccc1413be3efd4176708b2c1ad086471c7c5d338a7ab5a81f652d
1361ca7d2f016fb8b2253dbb20baafc935caa200edabfd1e71d31a44abb89e73
1470546a5f8d7a68deb045a9f3be48c3fa818c53c0b4f8c854d6acdec64aa225
1a696ba921020e9ed1e7ad73c9f1bb15e750c30bcc900b0aab7f4cd0c5ad3652
1b721ab9d6cbaab5cbc550c1a256d821e409a5579afce1a5ccba09c79c232502
1e9344dfba444b51fd7f4e537311251f3088fb2b0006d35e4b636ee1632fdee8
26e7e79b0ced0544e58ea0c8a74a61709ebb3829b00a6b3cd4f8bf6f4580fc06
290dfa643ef35f442dbdea2f8486efc9e4ef8743e793b733a7feda2617c413f9
2d13d15dcf17ff888441b0f4fbb03402ab8fd7a57f3e748b0bbf0461e3142daa
2f813707780df7868e892e437e7d338d764a8b035e9ec6ccf5f7ed9f54a21157
314530405186af6ffa9377fe0f54cd7f68f1071962a5deceb934530af50943d5
33624dc024c85beec215b59b0f4286cbe1d53f5548689eb4f4a42189abc3726a
3569bc3655cf04855f8f64e44dd67e933fa0229c36a2dcfd2625be823386342a
35b54d2f78b7235028f5efd29221e3a3783fe8c7b3c12fb274d982f9b503866f
364a6a02939c9ba442ec9395f57186d73c34f01c26d184ed96d5416ca80bdfed
3a135f82b209a59959b162a1fbc9b0b38856d1332af286f86046b06357b3811e
43cd4999e420fc3aed8d6157b43c444bb1b02b4e9d1c14d6ffb35a0e20a26a8a
50980aa44a4f4c4a5658774850a196bed5df8901572f74f62913adebb2d0185a
534110a6776e13a12f5970769a3640f5301087203bffb1c5c1d5ed0c3fbb532a
5909162c02a4a4d0d416ef6c415ef7ac13ce245129596c567cbaaca68aef0d36
5cc368c9f586cf573efd762b2b373b3d5ca4291a1e06b601d1a1c5f0b357c51d
66764b1ec8dcaaee40567824c528b0076b8a2ba5fe80c638021ea5153c71792f
702cebd755e245f478563ab6c077173e621c6ae32b9cd0773eb6e3fa86424ec4
76c784ae844d93674c22dd9ca5124e99f04e00363f5381e79e44a40e8f440bfb
7d835a08ccaf25c4c47e4c25710e7c2b9eb67252c113100870670873ff179b46
86483564da4610e45ac9e334441da9f13dc13dc84d03b92c5ca76143d1325769
865bc75aef7a5e90d37fca43b11bbf8833f1919b754e43cd76d7c215f7e0f503
8d68572ae9195503f908c2cf012713af50dd6b3d12ab47616069de615395d27b
96a76700efc2b55e32742e60ef121988f09e9557276979358f0673a0f7c56582
9a469798884386e7cf4fcf12e09a5868979d3609d265f5159ca648dd1261bfe3
9bd0db488f3292221590b884ddffecb76310eb00fa5b5c9fcc6d03a585fb0906
a501d1dfaa5ce19c381254353da7b398c5d6bb9f2549daaca73aa93b557be2b0
a8944c4db20738f5562a817a5200e11dcf5b94f7518816edd9010ac013f851c6
ab634fa0e8eca8ca6aeaad0c15c1e2a2c70c921288c6a6ed4889688b6402a2cb
c42b3527a2c6b196d9d89adaa0a038e8fc6d162f6efc73d8fbf56d2a8609be20
caff6875a1bd2ef792d9d55246d9805c808dba63fbba7e1066a9c7660aedc99e
cc289b7d746ffdc51fcbacbfc550849e36b31dfd817a943de298f372e80cb8f1
d2032509f3294e7790e663b975e63fd2340206e2fca84185ea06db73d7620d04
d767f215945fef9f4c7a738dca21c2c0a3779183efe65e29b4891c8b949dea55
db26cf11701f569bf67854ac7f2f13381e29b043ca491fac87a153419a2625a5
de1f262a6f4a40ca41c08ff4e4a08e4bffc33fdcca04403caddf7042288504ce
e0094a3b8b19d8790dc913e4a0762f6807cd7729bd747ca0336aabe066b3a481
e12c086cbfd8bbd0e8ba1275164309ff1ad514f4212077eca8f8341e254c0be3
e375911052577b7499fd266f2ed8693982c5858f0819d423718c904208ad2f6e
ea87872a1fb7b7a1d756e87cee7305e2d20e4177bd2b3cd8319d53e9a5bbcabd
f0b7ff55ced467f6664adb1c51948edfd865071e0e293930c0bfb958719fd24f
f74c344733a85af20d2754b208f12309e2a30c591795d0881cb0ad94c4be6155
f78d9506bdf380e8a333c0ec0af4c665d360e994a86ae9dcad02f663eedf729d
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fc4afa63faba5a7038cb4f4a273bdf23bf1d01dbaccfb0aad36f57735b654d4a
ffbdcd29f388ce17489290a8e46bfcd79506f7128c46f2223383177ec77c4a9d

myaccount.ing.com Open in urlscan Pro 145.221.181.252 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

57 Requests

100 %HTTPS

0 %IPv6

3 Domains

4 Subdomains

3 IPs

3 Countries

1081 kBTransfer

3358 kBSize

13 Cookies

0 Outgoing links

Page URL History

Redirected requests

57 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

myaccount.ing.com Open in urlscan Pro
145.221.181.252 Public Scan

Screenshot
Live screenshot

Full Image

57
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

1081 kB
Transfer

3358 kB
Size

13
Cookies

57 HTTP transactions
0 data transactions