checkout.postfinance.ch Open in urlscan Pro
2606:4700:10::ac43:6d9 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://checkout.postfinance.ch/
Effective URL:
https://checkout.postfinance.ch/user/login
Submission: On November 03 via automatic, source certstream-suspicious (November 3rd 2024, 10:11:12 am UTC) — Scanned from CH

Summary HTTP 15 Redirects Links 1 Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 2606:4700:10::ac43:6d9, located in United States and belongs to CLOUDFLARENET, US. The main domain is checkout.postfinance.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2022 - 1 on November 3rd 2024. Valid for: a year.

This is the only time checkout.postfinance.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
1 16	2606:4700:10:... 2606:4700:10::ac43:6d9		13335 (CLOUDFLAR...) (CLOUDFLARENET)
15	1

16 2606:4700:10::ac43:6d9 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

checkout.postfinance.ch	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	postfinance.ch 1 redirects checkout.postfinance.ch	584 KB
15	1

	Domain	Requested by
16	checkout.postfinance.ch	1 redirects checkout.postfinance.ch
15	1

This site contains links to these domains. Also see Links.

Domain
www.postfinance.ch

Subject Issuer	Validity	Valid
checkout.postfinance.ch SwissSign RSA TLS OV ICA 2022 - 1	`2024-11-03` - `2025-11-03`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://checkout.postfinance.ch/user/login
Frame ID: 48484E2DB2E5A58751A0B13320D77DA3
Requests: 15 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Login

Page URL History Show full URLs

https://checkout.postfinance.ch/ HTTP 302
https://checkout.postfinance.ch/user/login Page URL

Detected technologies

Cart Functionality (Ecommerce) Expand

Overall confidence: 100%
Detected patterns

<a[^>]*href=[^>]*/Checkout

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

582 kB
Transfer

2152 kB
Size

7
Cookies

1 Outgoing links

These are links going to different origins than the main page.

URL: https://www.postfinance.ch/checkout-support-de
Title: Kontakt und Support

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://checkout.postfinance.ch/ HTTP 302
https://checkout.postfinance.ch/user/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request login Show response
checkout.postfinance.ch/user/
Redirect Chain

https://checkout.postfinance.ch/
https://checkout.postfinance.ch/user/login

10 KB
3 KB

87ms
86ms

Document
text/html

2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a267675af97671d632bd88a3804035bdd355b02e8ef39b1c684a79f50920ea0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-cache-status: DYNAMIC
cf-ray: 8dcb9411ce404d59-FRA
content-encoding: br
content-language: de-CH
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
content-type: text/html;charset=utf-8
date: Sun, 03 Nov 2024 10:11:07 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
reporting-endpoints: csp-endpoint="/csp-reports"
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-svid: 09a4635658abfe0a8
x-url: /user/login
x-xss-protection: 1

Redirect headers

cf-cache-status: DYNAMIC
cf-ray: 8dcb94109d044d59-FRA
content-language: de-CH
content-length: 0
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
date: Sun, 03 Nov 2024 10:11:07 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
location: https://checkout.postfinance.ch/user/login
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
reporting-endpoints: csp-endpoint="/csp-reports"
server: cloudflare
strict-transport-security: max-age=0; includeSubDomains; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-svid: 09a4635658abfe0a8
x-url: /
x-xss-protection: 1

GET
H2 200 compressed.css
checkout.postfinance.ch/assets/ 496 KB
71 KB 254ms
242ms Stylesheet
text/css 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

981b2ada8aedaac32fc598f1548e3c47889c5f88326b1f215c0f70b60cfc7bf9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-sIS83hyGZn1OuY4jKlzYqw=='; style-src 'self' 'nonce-sIS83hyGZn1OuY4jKlzYqw=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sat, 3 May 2025 11:11:07 CEST
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: text/css
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0cf34196cc188c8d0
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-sIS83hyGZn1OuY4jKlzYqw=='; style-src 'self' 'nonce-sIS83hyGZn1OuY4jKlzYqw=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb94128f0f4d59-FRA
accept-ranges: bytes
content-length: 72461
x-xss-protection: 1
server: cloudflare

GET
H2 200 compressed.css
checkout.postfinance.ch/assets/ 7 KB
2 KB 176ms
165ms Stylesheet
text/css 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/compressed.css?p=eNpLy88rKdYvT8zJSU3VzUzOz9MrSS4uBgBjVAiV&h=4BQ8M5KPc3q33b2mtSV_deZkWAo1wr78snmaP7RJi7Q

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0143c33928f737ab7ddbda6b5257f75e664580a35c2befcb2799a3fb4498bb4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-jxLwZZdbpm5t1SSkEFhfLA=='; style-src 'self' 'nonce-jxLwZZdbpm5t1SSkEFhfLA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sat, 3 May 2025 11:11:07 CEST
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: text/css
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 09a4635658abfe0a8
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-jxLwZZdbpm5t1SSkEFhfLA=='; style-src 'self' 'nonce-jxLwZZdbpm5t1SSkEFhfLA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb94129f104d59-FRA
accept-ranges: bytes
content-length: 1090
x-xss-protection: 1
server: cloudflare

GET
H2 200 compressed.css
checkout.postfinance.ch/assets/ 44 KB
6 KB 224ms
214ms Stylesheet
text/css 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8d06c1dd392717c0d91bb25247bb234edcaea1ef346e89f25fe4aa9d59bd5640

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-coANuwuYOwO29uQ6NkyPaQ=='; style-src 'self' 'nonce-coANuwuYOwO29uQ6NkyPaQ=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sat, 3 May 2025 11:11:07 CEST
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: text/css
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 038d9c269e58fb594
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-coANuwuYOwO29uQ6NkyPaQ=='; style-src 'self' 'nonce-coANuwuYOwO29uQ6NkyPaQ=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb94129f114d59-FRA
accept-ranges: bytes
content-length: 6107
x-xss-protection: 1
server: cloudflare

GET
H2 200 PostFinance_Logo.svg
checkout.postfinance.ch/assets/images/ 4 KB
2 KB 92ms
81ms Image
image/svg+xml 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://checkout.postfinance.ch/assets/images/PostFinance_Logo.svg

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b41f80bb91f3a2ea338aca8a118c0a2342791d42669be21aece7187543aa00a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: br
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:07 CET
x-url: /assets/images/PostFinance_Logo.svg
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 022334e1580f443ff
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb94129f134d59-FRA
x-xss-protection: 1
server: cloudflare

GET
H2 200 PostFinance_Icon_Color.svg
checkout.postfinance.ch/assets/images/ 1 KB
2 KB 197ms
186ms Image
image/svg+xml 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://checkout.postfinance.ch/assets/images/PostFinance_Icon_Color.svg

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

649ea8f64e804933cbec78fc10448e318d27d63ecb9ede6bc2ee94e8455a3aba

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: br
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:07 CET
x-url: /assets/images/PostFinance_Icon_Color.svg
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: image/svg+xml
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0d74bfd6cb7d73d42
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb94129f144d59-FRA
x-xss-protection: 1
server: cloudflare

GET
H2 200 compressed.js Show response
checkout.postfinance.ch/assets/ 1 MB
294 KB 198ms
195ms Script
text/javascript 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/compressed.js?p=eNrLKtZPSixOBQAKgAKo&h=kQo-d7U8kJ36UkryJKzK7q9lNcVLxrqbJcvLGxrJVsc

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

910a3e77b53c909dfa524af224accaeeaf6535c54bc6ba9b25cbcb1b1ac956c7

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-RZ/X00Sa4/O4AFh0VaSBUA=='; style-src 'self' 'nonce-RZ/X00Sa4/O4AFh0VaSBUA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sat, 3 May 2025 11:11:07 CEST
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0f2aaf45c12a415dc
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-RZ/X00Sa4/O4AFh0VaSBUA=='; style-src 'self' 'nonce-RZ/X00Sa4/O4AFh0VaSBUA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb9412df684d59-FRA
accept-ranges: bytes
content-length: 300391
x-xss-protection: 1
server: cloudflare

GET
H2 200 compressed.js Show response
checkout.postfinance.ch/assets/ 266 KB
62 KB 188ms
186ms Script
text/javascript 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/compressed.js?p=eNrLKtZPLCgAAAfwAk4,&h=J4IujFqMJ_7oj62pshDlBnWUZLNf3PC43nKKcU2ltCk

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

27822e8c5a8c27fee88fada9b210e506759464b35fdcf0b8de728a714da5b429

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-u21zPMPwT9NCKewK1Y4ybg=='; style-src 'self' 'nonce-u21zPMPwT9NCKewK1Y4ybg=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sat, 3 May 2025 11:11:07 CEST
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0b23d5a766bec99b7
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-u21zPMPwT9NCKewK1Y4ybg=='; style-src 'self' 'nonce-u21zPMPwT9NCKewK1Y4ybg=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb9412df6a4d59-FRA
accept-ranges: bytes
content-length: 62587
x-xss-protection: 1
server: cloudflare

GET
H2 200 compressed.js Show response
checkout.postfinance.ch/assets/ 5 KB
2 KB 174ms
172ms Script
text/javascript 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/compressed.js?p=eNrLKtZPKy7QyyoGABDYA2E,&h=mVlD0l0q_tZ4T1y8-9Dvn3YMaXi7AlxNM5-5OAgT1aM

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

995943d25d2afed6784f5cbcfbd0ef9f760c6978bb025c4d339fb9380813d5a3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-qKBjBfMLZFdZsmdCIRP2GA=='; style-src 'self' 'nonce-qKBjBfMLZFdZsmdCIRP2GA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

content-encoding: gzip
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sat, 3 May 2025 11:11:07 CEST
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: text/javascript; charset=UTF-8
vary: Accept-Encoding
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 02bbd67adbed7916f
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-qKBjBfMLZFdZsmdCIRP2GA=='; style-src 'self' 'nonce-qKBjBfMLZFdZsmdCIRP2GA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb9412df6b4d59-FRA
accept-ranges: bytes
content-length: 1635
x-xss-protection: 1
server: cloudflare

GET
H2 200 input-border-left.png
checkout.postfinance.ch/assets/images/ 942 B
3 KB 194ms
194ms Image
image/png 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://checkout.postfinance.ch/assets/images/input-border-left.png

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Response headers

cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:07 CET
x-url: /assets/images/input-border-left.png
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: image/png
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 06367dc5d3e3f9c42
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb9414c9744d59-FRA
accept-ranges: bytes
content-length: 942
x-xss-protection: 1
server: cloudflare

GET
H2 200 icons--sprite--2.png
checkout.postfinance.ch/assets/images/ 61 KB
61 KB 179ms
178ms Image
image/png 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://checkout.postfinance.ch/assets/images/icons--sprite--2.png

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fd054e12c437b67c0fb469ac789f7d471ea53f28c965edb84e974faffb333b23

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-Cpy3GuJoH2ma9Rz0Y1+65w=='; style-src 'self' 'nonce-Cpy3GuJoH2ma9Rz0Y1+65w=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Response headers

strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0cb50c80819a4ab2d
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-Cpy3GuJoH2ma9Rz0Y1+65w=='; style-src 'self' 'nonce-Cpy3GuJoH2ma9Rz0Y1+65w=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
cf-ray: 8dcb9414d9774d59-FRA
expires: Sun, 3 Nov 2024 13:11:07 CET
date: Sun, 03 Nov 2024 10:11:07 GMT
x-xss-protection: 1
content-type: image/png
vary: Accept-Encoding
server: cloudflare

GET
H2 200 frutiger-light.woff2
checkout.postfinance.ch/assets/fonts/frutiger/ 23 KB
23 KB 200ms
199ms Font
application/font-woff2 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/fonts/frutiger/frutiger-light.woff2

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cc096bfc8cf24ef257e6f7915b5eb4d0764e51aac0736c62e5ad90194fd360d9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://checkout.postfinance.ch
Referer: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Response headers

cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:07 CET
x-url: /assets/fonts/frutiger/frutiger-light.woff2
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: application/font-woff2
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0cfab57e31dad37c8
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb941519b94d59-FRA
accept-ranges: bytes
content-length: 23500
x-xss-protection: 1
server: cloudflare

GET
H2 200 frutiger-bold.woff2
checkout.postfinance.ch/assets/fonts/frutiger/ 23 KB
23 KB 206ms
205ms Font
application/font-woff2 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/fonts/frutiger/frutiger-bold.woff2

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8344685be20012c5aa9370634a97d4906e1dc9e9e5032f9c87290f2fb6b1cb57

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://checkout.postfinance.ch
Referer: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Response headers

cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:07 CET
x-url: /assets/fonts/frutiger/frutiger-bold.woff2
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: application/font-woff2
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0e2afcb4a64f075d9
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb941519bd4d59-FRA
accept-ranges: bytes
content-length: 23616
x-xss-protection: 1
server: cloudflare

GET
H2 200 frutiger-normal.woff2
checkout.postfinance.ch/assets/fonts/frutiger/ 23 KB
23 KB 189ms
188ms Font
application/font-woff2 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/fonts/frutiger/frutiger-normal.woff2

Requested by

Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3485c87f397dd46d3772d92ac4dc20f11b23ca441b9a540c48e190db7bdc3ff3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://checkout.postfinance.ch
Referer: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Response headers

cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:07 CET
x-url: /assets/fonts/frutiger/frutiger-normal.woff2
date: Sun, 03 Nov 2024 10:11:07 GMT
content-type: application/font-woff2
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 04869ad29699b41c7
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb941519c14d59-FRA
accept-ranges: bytes
content-length: 23380
x-xss-protection: 1
server: cloudflare

GET
H2 200 favicon-32px.png
checkout.postfinance.ch/assets/images/favicon/ 2 KB
3 KB 192ms
192ms Other
image/png 2606:4700:10::ac43:6d9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://checkout.postfinance.ch/assets/images/favicon/favicon-32px.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:6d9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74a2e805d52457ef4ad63a293549c591fa49d292abdfd3a5d61bc99707033617

Security Headers

Name	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://checkout.postfinance.ch/user/login

Response headers

cf-cache-status: BYPASS
report-to: { "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options: nosniff
expires: Sun, 3 Nov 2024 13:11:08 CET
x-url: /assets/images/favicon/favicon-32px.png
date: Sun, 03 Nov 2024 10:11:08 GMT
content-type: image/png
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0; includeSubDomains; preload
reporting-endpoints: csp-endpoint="/csp-reports"
x-svid: 0d74bfd6cb7d73d42
content-security-policy: default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray: 8dcb9416ab394d59-FRA
accept-ranges: bytes
content-length: 1841
x-xss-protection: 1
server: cloudflare

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
checkout.postfinance.ch/user	1969-12-31 23:59:59	Name: storage-layout Value: {}
checkout.postfinance.ch/user	1969-12-31 23:59:59	Name: storage-grid Value: {}
checkout.postfinance.ch/	1970-01-21 00:45:15	Name: _csrf_token_443 Value: v1rog2ncscp0djdpvasluf90uh
checkout.postfinance.ch/	1969-12-31 23:59:59	Name: language Value: de-CH
checkout.postfinance.ch/	1969-12-31 23:59:59	Name: time-zone-name Value: Europe/Zurich
checkout.postfinance.ch/	1969-12-31 23:59:59	Name: time-zone-offset Value: -60
checkout.postfinance.ch/	1969-12-31 23:59:59	Name: dbcctx Value: 1c79891f7597e9c:1c7990306d8b9a9

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self'; child-src 'self'; connect-src 'self' https://.google-analytics.com https://.analytics.google.com https://analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://.google-analytics.com https://.analytics.google.com https://.googletagmanager.com https://.g.doubleclick.net https://.google.com https://.google.at https://.google.be https://.google.ch https://.google.de https://.google.es https://.google.fr https://.google.ga https://.google.ge https://.google.gg https://.google.com.gh https://.google.com.gi https://.google.gl https://.google.gm https://.google.gr https://.google.it https://.google.li https://.google.lt https://.google.lu https://.google.pl https://.google.pt https://.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action ; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security	max-age=0; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

checkout.postfinance.ch
2606:4700:10::ac43:6d9
02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58
27822e8c5a8c27fee88fada9b210e506759464b35fdcf0b8de728a714da5b429
2b41f80bb91f3a2ea338aca8a118c0a2342791d42669be21aece7187543aa00a
3485c87f397dd46d3772d92ac4dc20f11b23ca441b9a540c48e190db7bdc3ff3
5a267675af97671d632bd88a3804035bdd355b02e8ef39b1c684a79f50920ea0
649ea8f64e804933cbec78fc10448e318d27d63ecb9ede6bc2ee94e8455a3aba
74a2e805d52457ef4ad63a293549c591fa49d292abdfd3a5d61bc99707033617
8344685be20012c5aa9370634a97d4906e1dc9e9e5032f9c87290f2fb6b1cb57
8d06c1dd392717c0d91bb25247bb234edcaea1ef346e89f25fe4aa9d59bd5640
910a3e77b53c909dfa524af224accaeeaf6535c54bc6ba9b25cbcb1b1ac956c7
981b2ada8aedaac32fc598f1548e3c47889c5f88326b1f215c0f70b60cfc7bf9
995943d25d2afed6784f5cbcfbd0ef9f760c6978bb025c4d339fb9380813d5a3
cc096bfc8cf24ef257e6f7915b5eb4d0764e51aac0736c62e5ad90194fd360d9
e0143c33928f737ab7ddbda6b5257f75e664580a35c2befcb2799a3fb4498bb4
fd054e12c437b67c0fb469ac789f7d471ea53f28c965edb84e974faffb333b23

checkout.postfinance.ch Open in urlscan Pro 2606:4700:10::ac43:6d9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

15 Requests

100 %HTTPS

100 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

582 kBTransfer

2152 kBSize

7 Cookies

1 Outgoing links

Page URL History

Redirected requests

15 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

7 Cookies

Security Headers

Indicators

checkout.postfinance.ch Open in urlscan Pro
2606:4700:10::ac43:6d9 Public Scan

Screenshot
Live screenshot

Full Image

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

582 kB
Transfer

2152 kB
Size

7
Cookies

15 HTTP transactions
0 data transactions