urlscan.io logo urlscan.io
SecurityTrails logo

dco-sg-cc-uat.lp.hsbc.com.hk Open in urlscan Pro
203.112.89.18  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/
Effective URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/security/?targetAuthLevel=40&destinationURL=%27&__EntryPageParams=returnUrl:/originations/etb/iao
Submission: On November 25 via automatic, source certstream-suspicious — Scanned from SG
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 8 HTTP transactions. The main IP is 203.112.89.18, located in Hong Kong and belongs to HSBC-HK-AS HSBC HongKong, HK. The main domain is dco-sg-cc-uat.lp.hsbc.com.hk.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on December 23rd 2022. Valid for: a year.
This is the only time dco-sg-cc-uat.lp.hsbc.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
6 203.112.89.18 9221 (HSBC-HK-A...)
2 13.33.33.107 16509 (AMAZON-02)
8 3
Apex Domain
Subdomains		 Transfer
6 hsbc.com.hk
dco-sg-cc-uat.lp.hsbc.com.hk
383 KB
2 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1253
910 B
8 2
Domain Requested by
6 dco-sg-cc-uat.lp.hsbc.com.hk dco-sg-cc-uat.lp.hsbc.com.hk
2 tags.tiqcdn.com dco-sg-cc-uat.lp.hsbc.com.hk
8 2

This site contains no links.

Subject Issuer Validity Valid
dco-sg-cc-uat.lp.hsbc.com.hk
DigiCert SHA2 Extended Validation Server CA		 2022-12-23 -
2024-01-23		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M01		 2023-04-18 -
2024-05-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://dco-sg-cc-uat.lp.hsbc.com.hk/security/?targetAuthLevel=40&destinationURL=%27&__EntryPageParams=returnUrl:/originations/etb/iao
Frame ID: 93897BD43ECB2DB039753B24DB4AA989
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Error

Page URL History Show full URLs

  1. https://dco-sg-cc-uat.lp.hsbc.com.hk/ Page URL
  2. https://dco-sg-cc-uat.lp.hsbc.com.hk/security/?targetAuthLevel=40&destinationURL=%27&__EntryPageParams=returnUrl:... Page URL

Page Statistics

8
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

425 kB
Transfer

1159 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://dco-sg-cc-uat.lp.hsbc.com.hk/ Page URL
  2. https://dco-sg-cc-uat.lp.hsbc.com.hk/security/?targetAuthLevel=40&destinationURL=%27&__EntryPageParams=returnUrl:/originations/etb/iao Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
dco-sg-cc-uat.lp.hsbc.com.hk/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dco-sg-cc-uat.lp.hsbc.com.hk/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.112.89.18 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
employeebenefits-api-uat.hsbc.com.hk
Software
/
Resource Hash
83da6cc14f2ad3e1a53ba42e6320c7f1ad6ff0f6a9f94a5c8c02145be6f2612e
Security Headers
Name Value
Content-Security-Policy connect-src 'self' wss: https:; default-src 'self' blob: https:; font-src 'self' data:; frame-src 'self' https:; img-src 'self' data: blob: https:; media-src blob:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https:; worker-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
connect-src 'self' wss: https:; default-src 'self' blob: https:; font-src 'self' data:; frame-src 'self' https:; img-src 'self' data: blob: https:; media-src blob:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https:; worker-src blob:;
Content-Type
text/html; charset=utf-8
Date
Sat, 25 Nov 2023 00:04:15 GMT
ETag
W/"8ab-VMnQJNETDvoiNz11tXQKNwxxt0E"
Expect-CT
max-age=0
Keep-Alive
timeout=5, max=100
Referrer-Policy
no-referrer
S
rproxy_hkg1vl1101_ia_sg
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN DENY
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
utag.sync.js
tags.tiqcdn.com/utag/hsbc/sg-rbwm-ib/qa/ 		1 KB
910 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/sg-rbwm-ib/qa/utag.sync.js
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-107.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
77d6f428739dfc135a0c922fd07dd63efd97d7ac60599c14fc345ac0330d6084

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 00:04:17 GMT
x-amz-version-id
5tPt3h0QrvuMSi6H9F1DB8Ozbpfbrk30
content-encoding
br
last-modified
Tue, 31 Oct 2023 17:59:54 GMT
server
AmazonS3
via
1.1 500f4e37798a0a47047ecfa48f4fd932.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN2-P1
etag
W/"c3f5b1cddd3c509983c20c652fe75835"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
tg-kHF2YJJluNiJQQzg2wUWCbJ2NP_tYmsKW0vbhtOjyg8Fo1KToyQ==
main.364effb888c1d21abe12.css
dco-sg-cc-uat.lp.hsbc.com.hk/ 		254 KB
117 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://dco-sg-cc-uat.lp.hsbc.com.hk/main.364effb888c1d21abe12.css
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.112.89.18 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
employeebenefits-api-uat.hsbc.com.hk
Software
/
Resource Hash
7b8729909620e47771c469209612ed26507f56a982fbd346f8e0e512d1476cbf
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
Origin
https://dco-sg-cc-uat.lp.hsbc.com.hk
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 25 Nov 2023 00:04:15 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2023 06:44:34 GMT
ETag
W/"3f65e-18bb2d34c50"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
S
rproxy_hkg1vl1101_ia_sg
Keep-Alive
timeout=5, max=99
main.8b52bb58bb87334031bc.js
dco-sg-cc-uat.lp.hsbc.com.hk/ 		849 KB
250 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dco-sg-cc-uat.lp.hsbc.com.hk/main.8b52bb58bb87334031bc.js
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.112.89.18 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
employeebenefits-api-uat.hsbc.com.hk
Software
/
Resource Hash
ef32be6984ff2c5504ce1bf0d6f21e29d3a439dcdf4067797bcccf04c9e2b709
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
Origin
https://dco-sg-cc-uat.lp.hsbc.com.hk
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 25 Nov 2023 00:04:15 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2023 06:44:34 GMT
ETag
W/"d445b-18bb2d34c50"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript; charset=UTF-8
Transfer-Encoding
chunked
Cache-Control
public, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
S
rproxy_hkg1vl1101_ia_sg
Keep-Alive
timeout=5, max=98
utag.js
tags.tiqcdn.com/utag/hsbc/sg-rbwm-ib/qa/ 		1 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/sg-rbwm-ib/qa/utag.js
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.33.107 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-33-107.sin2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

date
Sat, 25 Nov 2023 00:04:19 GMT
x-amz-version-id
zpO8fXSasEeTKbOv.pxcGFe7JxzdunpZ
content-encoding
br
last-modified
Tue, 31 Oct 2023 17:59:53 GMT
server
AmazonS3
via
1.1 500f4e37798a0a47047ecfa48f4fd932.cloudfront.net (CloudFront)
x-amz-cf-pop
SIN2-P1
etag
W/"9f13bae659264257904fafb5c122a781"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
gKzVKuRG5LrLmKM0WwKzA8apxr8uAoLRMhlVNIp2tiQk2xANxdUyNw==
truncated
/ 		21 KB
21 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a3a59834fae8583a5fb9791490cae9a2ef067da1b2e6ccfcf229ec5ca29ca2ed

Request headers

Referer
Origin
https://dco-sg-cc-uat.lp.hsbc.com.hk
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		20 KB
20 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
43a9665b03a307a6c8beff167ce4ea8fdbdc5f9631cabbb528601e977e748422

Request headers

Referer
Origin
https://dco-sg-cc-uat.lp.hsbc.com.hk
accept-language
zh-SG,zh;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Content-Type
font/woff
f662d802fcd686a0c4af4106c3c172fa.png
dco-sg-cc-uat.lp.hsbc.com.hk/ 		10 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dco-sg-cc-uat.lp.hsbc.com.hk/f662d802fcd686a0c4af4106c3c172fa.png
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.112.89.18 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
employeebenefits-api-uat.hsbc.com.hk
Software
/
Resource Hash
94231b544b8203ae56787cdc99131204f647771cd0da2658f42d0b7dfcb9fa02
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
zh-SG,zh;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36

Response headers

Date
Sat, 25 Nov 2023 00:04:17 GMT
Strict-Transport-Security
max-age=16070400; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Thu, 09 Nov 2023 06:44:34 GMT
ETag
W/"286a-18bb2d34c50"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public, max-age=0
Connection
Keep-Alive
Accept-Ranges
bytes
S
rproxy_hkg1vl1101_ia_sg
Keep-Alive
timeout=5, max=97
Content-Length
10346
eligibility
dco-sg-cc-uat.lp.hsbc.com.hk/api/etb/ 		179 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://dco-sg-cc-uat.lp.hsbc.com.hk/api/etb/eligibility
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/main.8b52bb58bb87334031bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.112.89.18 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
employeebenefits-api-uat.hsbc.com.hk
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy connect-src 'self' wss: https:; default-src 'self' blob: https:; font-src 'self' data:; frame-src 'self' https:; img-src 'self' data: blob: https:; media-src blob:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https:; worker-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

X-HSBC-Global-Channel-Id
WEB
X-HSBC-Chnl-CountryCode
SG
x-csrf-token
yyrHq2EZ-VE44llW24vwzEusmv9YBvZWQNBw
accept-language
zh-SG,zh;q=0.9
X-HSBC-Channel-Id
OHI
ui-request-timestamp
2023-11-25T00:04:17.260Z
X-HSBC-Chnl-Group-Member
HBSP
X-HSBC-Locale
en
X-HSBC-Request-Correlation-Id
2034b663-d387-4422-8f44-60888a885838
Pragma
no-cache
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
Accept
application/json
X-HSBC-Session-Correlation-Id
f8db054a-a9a8-4b59-b9de-7cd710b53d13
cache-control
no-cache
Referer
X-HSBC-Application-Type
ETB_IAO

Response headers

Content-Security-Policy
connect-src 'self' wss: https:; default-src 'self' blob: https:; font-src 'self' data:; frame-src 'self' https:; img-src 'self' data: blob: https:; media-src blob:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https:; worker-src blob:;
Date
Sat, 25 Nov 2023 00:04:17 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=16070400; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-DNS-Prefetch-Control
off
Connection
Keep-Alive
Content-Length
179
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
ETag
W/"b3-OWLOMNWj4PUHeIfxz/YCA+4P/1U"
Expect-CT
max-age=0
X-Frame-Options
SAMEORIGIN, DENY
Vary
Accept-Encoding
X-Download-Options
noopen
Content-Type
application/json; charset=utf-8
Cache-Control
no-store, no-cache, max-age=0
S
rproxy_hkg1vl1101_ia_sg
Keep-Alive
timeout=5, max=100
Primary Request /
dco-sg-cc-uat.lp.hsbc.com.hk/security/ 		148 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dco-sg-cc-uat.lp.hsbc.com.hk/security/?targetAuthLevel=40&destinationURL=%27&__EntryPageParams=returnUrl:/originations/etb/iao
Requested by
Host: dco-sg-cc-uat.lp.hsbc.com.hk
URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/main.8b52bb58bb87334031bc.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
203.112.89.18 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
employeebenefits-api-uat.hsbc.com.hk
Software
/
Resource Hash
a8c47476bdc67d5d6a975b0a42bc59037c8b00134fca8c2ae3449204ba29b7d0
Security Headers
Name Value
Content-Security-Policy default-src 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.159 Safari/537.36
accept-language
zh-SG,zh;q=0.9

Response headers

Cache-Control
no-store, no-cache, max-age=0
Connection
Keep-Alive
Content-Length
148
Content-Security-Policy
default-src 'none'
Content-Type
text/html; charset=utf-8
Date
Sat, 25 Nov 2023 00:04:18 GMT
Expect-CT
max-age=0
Keep-Alive
timeout=5, max=96
Referrer-Policy
no-referrer
S
rproxy_hkg1vl1101_ia_sg
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN DENY
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

5 Cookies

Domain/Path Name / Value
dco-sg-cc-uat.lp.hsbc.com.hk/ Name: _csrf
Value: epT3-Wsl95zU60JmDy8Vu4Ka
dco-sg-cc-uat.lp.hsbc.com.hk/ Name: LB_COOKIE_1
Value: !9Eb2LbhJ00rLT9OxdsPGax06Ct8tBkXezOpn1vLPkSMc4Iz8yhkIFuK2YhLN4Xp8iVieBWN13GjubNY=
dco-sg-cc-uat.lp.hsbc.com.hk/ Name: TS01f477b4
Value: 0199e0537fe5fdf93730e88a924bc87d4cea1826ba3fc668bf02a4974af9d817daa367549fad241b29dbaa30d3d579bbf17bac26cc
dco-sg-cc-uat.lp.hsbc.com.hk/ Name: cid
Value: undefined
dco-sg-cc-uat.lp.hsbc.com.hk/ Name: promo
Value: undefined

2 Console Messages

Source Level URL
Text
network error URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/api/etb/eligibility
Message:
Failed to load resource: the server responded with a status of 401 (Unauthorized)
network error URL: https://dco-sg-cc-uat.lp.hsbc.com.hk/security/?targetAuthLevel=40&destinationURL=%27&__EntryPageParams=returnUrl:/originations/etb/iao
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy connect-src 'self' wss: https:; default-src 'self' blob: https:; font-src 'self' data:; frame-src 'self' https:; img-src 'self' data: blob: https:; media-src blob:; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' blob: https:; script-src-elem 'unsafe-inline' 'unsafe-eval' https:; style-src 'unsafe-inline' https:; style-src-elem 'unsafe-inline' https:; worker-src blob:;
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=16070400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block