urlscan.io logo urlscan.io
SecurityTrails logo

bsso.blpprofessional.com Open in urlscan Pro
69.191.249.87  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://console.bloomberg.com/#/help-requests
Effective URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Submission: On August 24 via manual from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 30 HTTP transactions. The main IP is 69.191.249.87, located in United States and belongs to BLOOMBERG-NET, US. The main domain is bsso.blpprofessional.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on February 19th 2020. Valid for: 2 years.
This is the only time bsso.blpprofessional.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 69.191.252.184 10361 (BLOOMBERG...)
1 69.191.252.166 10361 (BLOOMBERG...)
1 16 69.191.249.87 10361 (BLOOMBERG...)
30 4
Apex Domain
Subdomains		 Transfer
16 blpprofessional.com
bsso.blpprofessional.com
417 KB
16 bloomberg.com
console.bloomberg.com
prod.api.bloomberg.com
1 MB
30 2
Domain Requested by
16 bsso.blpprofessional.com 1 redirects bsso.blpprofessional.com
15 console.bloomberg.com 1 redirects console.bloomberg.com
1 prod.api.bloomberg.com console.bloomberg.com
30 3

This site contains links to these domains. Also see Links.

Domain
bbpwreset.blpprofessional.com
Subject Issuer Validity Valid
console.bloomberg.com
DigiCert SHA2 Extended Validation Server CA		 2020-02-19 -
2022-05-11		 2 years crt.sh
prod.api.bloomberg.com
DigiCert SHA2 Extended Validation Server CA		 2020-01-10 -
2022-03-03		 2 years crt.sh
bsso.blpprofessional.com
DigiCert SHA2 Extended Validation Server CA		 2020-02-19 -
2022-05-06		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Frame ID: 4D28ECA55F6DFF4666603E069F6A117A
Requests: 31 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://console.bloomberg.com/ Page URL
  2. https://console.bloomberg.com/portal/login?redirect_uri=https%3A%2F%2Fconsole.bloomberg.com%2F%23 HTTP 303
    https://prod.api.bloomberg.com/authenticate/connect/authorize?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJp... Page URL
  3. https://bsso.blpprofessional.com/idp/SSO.saml2 HTTP 302
    https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping Page URL

Page Statistics

30
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

1542 kB
Transfer

4509 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://console.bloomberg.com/ Page URL
  2. https://console.bloomberg.com/portal/login?redirect_uri=https%3A%2F%2Fconsole.bloomberg.com%2F%23 HTTP 303
    https://prod.api.bloomberg.com/authenticate/connect/authorize?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MjAxNWQzODk1ZWI1MjFjMDc3MTlhNjY4ZjRlYzhiZSIsImV4cCI6MTU5ODI4NjU4MCwibmJmIjoxNTk4Mjg2MjgwLCJpYXQiOjE1OTgyODYyODAsInJlZ2lvbiI6Im55IiwibWV0aG9kIjoiR0VUIiwicGF0aCI6Ii9hdXRoZW50aWNhdGUvY29ubmVjdC9hdXRob3JpemUiLCJob3N0IjoiaHR0cHM6Ly9wcm9kLmFwaS5ibG9vbWJlcmcuY29tIiwiY2xpZW50X2lkIjoiNTIwMTVkMzg5NWViNTIxYzA3NzE5YTY2OGY0ZWM4YmUiLCJyZXF1ZXN0X2lkIjoiMDI4NDIyNzctNDYxNC00YjcxLWI4MjgtYTIxNDEzOWY0OGEzIiwic2NvcGUiOiJwb3J0YWwgZGV2LWNvbnNvbGUgY3JlZy1leHQgYmNpdXAtYnBtIHNmdHAgYmNpYWRmYXVkIGduZXQgY2lzLWJwbSBiYndjIGNpc2tiIGNpcy1zd2lmdCBjaXNhbGVydG1hbmFnZXIgZWNmY29uc29sZSBlbW1hIGV0a2IiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NvbnNvbGUuYmxvb21iZXJnLmNvbS9wb3J0YWwvcmVkaXJlY3Q_cmVkaXJlY3RfdXJpPWh0dHBzJTI1M0ElMjUyRiUyNTJGY29uc29sZS5ibG9vbWJlcmcuY29tJTI1MkYlMjUyMyIsInN0YXRlIjoiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5Lk5WcFpaMUZuZFUxQ2RXOXJTVzV3T1dselNtbFRaM2RvVlVwdGFqRlVPWEV6WWs5VWRucG9WRkpzTTJNMFIzTlpaa1pWVVhwUFdVdFVXV3hKWjFsWWVUUjJhbmx0TW5FeGVrRlRLMlpzTlZadVdFMTRlRFV2VVZCTVlrNXpSa0psYWtWUlpISjNRMmRQZEN0VU1sZHdNVEpsVW5aME5XcGlRMGc0ZFZoUmFXMD0ueFpkMTVDRlA0cU5JRmN4UmVIZWtFLWJabVRleG9aZE4zanNERHlZbUhkRT0iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoiZTI3ZmQ5MTgtZDU3ZS00YTkxLWIwZmUtM2RlNjcwMzg4MTQ1In0=.5AHNFNXdzwlf8xTCwDNPL3bgiCiQlbL1mLt0nHtXUAw= Page URL
  3. https://bsso.blpprofessional.com/idp/SSO.saml2 HTTP 302
    https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 14
  • https://console.bloomberg.com/portal/login?redirect_uri=https%3A%2F%2Fconsole.bloomberg.com%2F%23 HTTP 303
  • https://prod.api.bloomberg.com/authenticate/connect/authorize?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MjAxNWQzODk1ZWI1MjFjMDc3MTlhNjY4ZjRlYzhiZSIsImV4cCI6MTU5ODI4NjU4MCwibmJmIjoxNTk4Mjg2MjgwLCJpYXQiOjE1OTgyODYyODAsInJlZ2lvbiI6Im55IiwibWV0aG9kIjoiR0VUIiwicGF0aCI6Ii9hdXRoZW50aWNhdGUvY29ubmVjdC9hdXRob3JpemUiLCJob3N0IjoiaHR0cHM6Ly9wcm9kLmFwaS5ibG9vbWJlcmcuY29tIiwiY2xpZW50X2lkIjoiNTIwMTVkMzg5NWViNTIxYzA3NzE5YTY2OGY0ZWM4YmUiLCJyZXF1ZXN0X2lkIjoiMDI4NDIyNzctNDYxNC00YjcxLWI4MjgtYTIxNDEzOWY0OGEzIiwic2NvcGUiOiJwb3J0YWwgZGV2LWNvbnNvbGUgY3JlZy1leHQgYmNpdXAtYnBtIHNmdHAgYmNpYWRmYXVkIGduZXQgY2lzLWJwbSBiYndjIGNpc2tiIGNpcy1zd2lmdCBjaXNhbGVydG1hbmFnZXIgZWNmY29uc29sZSBlbW1hIGV0a2IiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NvbnNvbGUuYmxvb21iZXJnLmNvbS9wb3J0YWwvcmVkaXJlY3Q_cmVkaXJlY3RfdXJpPWh0dHBzJTI1M0ElMjUyRiUyNTJGY29uc29sZS5ibG9vbWJlcmcuY29tJTI1MkYlMjUyMyIsInN0YXRlIjoiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5Lk5WcFpaMUZuZFUxQ2RXOXJTVzV3T1dselNtbFRaM2RvVlVwdGFqRlVPWEV6WWs5VWRucG9WRkpzTTJNMFIzTlpaa1pWVVhwUFdVdFVXV3hKWjFsWWVUUjJhbmx0TW5FeGVrRlRLMlpzTlZadVdFMTRlRFV2VVZCTVlrNXpSa0psYWtWUlpISjNRMmRQZEN0VU1sZHdNVEpsVW5aME5XcGlRMGc0ZFZoUmFXMD0ueFpkMTVDRlA0cU5JRmN4UmVIZWtFLWJabVRleG9aZE4zanNERHlZbUhkRT0iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoiZTI3ZmQ5MTgtZDU3ZS00YTkxLWIwZmUtM2RlNjcwMzg4MTQ1In0=.5AHNFNXdzwlf8xTCwDNPL3bgiCiQlbL1mLt0nHtXUAw=

30 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
console.bloomberg.com/ 		655 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
eb5f926ffcc5570d51fb604f0e7c019ded2f710dda4ccb8fa879307d7637152b
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
console.bloomberg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:39 GMT
Content-Type
text/html
Content-Length
655
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
Connection
keep-alive
ETag
"5f3d9042-28f"
X-Frame-Options
SAMEORIGIN
X-Request-ID
1cad3d86-6dde-4256-c238-27666878487a
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
no-referrer
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
Accept-Ranges
bytes
styles.56bcfb09495d6e61b410.css
console.bloomberg.com/ 		147 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/styles.56bcfb09495d6e61b410.css
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
47f82454e4e50716c6e5043f21a8a58f2715bd93b3192cdc27b716bc1d56fe49
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
Transfer-Encoding
chunked
Connection
keep-alive
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
X-Request-ID
d63b1a69-2601-4817-c8c5-7ecc51614acc
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
W/"5f3d9042-24b7f"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
text/css
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
runtime.0a870792f1e001da28cf.js
console.bloomberg.com/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/runtime.0a870792f1e001da28cf.js
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
d81c2be188cacf99a85ba419dae456c2faf0aa8cd771c5b21ed3f4a643683b44
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
Transfer-Encoding
chunked
Connection
keep-alive
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
X-Request-ID
ac61300d-fcea-4e82-ce75-257410d992d4
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
W/"5f3d9042-c08"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/javascript
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
polyfills.d7a1b6bd338bc5afed3b.js
console.bloomberg.com/ 		145 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/polyfills.d7a1b6bd338bc5afed3b.js
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
3a9ab053661726f2f566a08995b9e9da8b5c15e607ead13ac4b0d0277acdb4c2
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
Transfer-Encoding
chunked
Connection
keep-alive
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
X-Request-ID
10b34354-e529-44a5-c4b7-d898044fc1f1
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
W/"5f3d9042-243f9"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/javascript
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
main.3fc7354b96eeb7c9c7da.js
console.bloomberg.com/ 		4 MB
858 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/main.3fc7354b96eeb7c9c7da.js
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
028ed0a587515f03959e5ae8f62d07de28ec420399ffb7c68d4bfef966c0e2a6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
Transfer-Encoding
chunked
Connection
keep-alive
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
X-Request-ID
6f682246-5702-4912-c93f-a372090d8e89
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
W/"5f3d9042-3895f6"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/javascript
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
AvenirNextPForBBG-Regular.eb3bb1b8161ef443e50d.woff2
console.bloomberg.com/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/AvenirNextPForBBG-Regular.eb3bb1b8161ef443e50d.woff2
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/styles.56bcfb09495d6e61b410.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://console.bloomberg.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:39 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
36456
X-XSS-Protection
1; mode=block
X-Request-ID
9803bc33-b1aa-4fd0-cf44-56ba45de45f9
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
"5f3d9042-8e68"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Accept-Ranges
bytes
enabledFeatures
console.bloomberg.com/portal/ecapp/ecfconsole/v1/ 		0
350 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/portal/ecapp/ecfconsole/v1/enabledFeatures
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/polyfills.d7a1b6bd338bc5afed3b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
X-CSRF-Token
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Request-ID
aa1e87aa-e554-4fd7-cf81-f674db42d06d
Expires
-1
user
console.bloomberg.com/portal/api/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/portal/api/user
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/polyfills.d7a1b6bd338bc5afed3b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
X-CSRF-Token
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
2
X-XSS-Protection
1; mode=block
X-Request-ID
37e72d6c-182e-425c-c24b-87139918e614
Referrer-Policy
no-referrer
X-Frame-Options
SAMEORIGIN
X-Download-Options
noopen
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Expires
-1
AvenirNextPForBBG-Demi.b9b4abf0ea70a701fa5c.woff2
console.bloomberg.com/ 		36 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/AvenirNextPForBBG-Demi.b9b4abf0ea70a701fa5c.woff2
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/styles.56bcfb09495d6e61b410.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://console.bloomberg.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
36708
X-XSS-Protection
1; mode=block
X-Request-ID
566c9a75-152b-43a7-c35f-57ab63796824
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
"5f3d9042-8f64"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Accept-Ranges
bytes
truncated
/ 		7 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1b2366b41783b7034e88bf6caaf02c186aaab25aab35f2944b8d5663b8ab23d4

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
24.49bc036a60b813f6dd29.js
console.bloomberg.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/24.49bc036a60b813f6dd29.js
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/runtime.0a870792f1e001da28cf.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
Transfer-Encoding
chunked
Connection
keep-alive
X-DNS-Prefetch-Control
off
X-XSS-Protection
1; mode=block
X-Request-ID
a8b041b2-62ee-4d51-cdcb-340c9cb462fb
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
W/"5f3d9042-774"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/javascript
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
MaterialIcons-Regular.06454b8d81f83c8cb96c.woff2
console.bloomberg.com/ 		43 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/MaterialIcons-Regular.06454b8d81f83c8cb96c.woff2
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/styles.56bcfb09495d6e61b410.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://console.bloomberg.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
44299
X-XSS-Protection
1; mode=block
X-Request-ID
d5c456fd-c4a7-487e-c84b-0bdb2ab7660b
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
"5f3d9042-ad0b"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Accept-Ranges
bytes
enabledFeatures
console.bloomberg.com/portal/ecapp/ecfconsole/v1/ 		0
238 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/portal/ecapp/ecfconsole/v1/enabledFeatures
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/polyfills.d7a1b6bd338bc5afed3b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains

Request headers

Accept
application/json, text/plain, */*
Referer
X-CSRF-Token
f33830e7937093f63561bca379e2e6753c628771-1598286280633-fcfaafd2e104d61d4afc85ee
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Request-ID
37796ef2-fbc4-4961-c930-5bcc79f07a60
Expires
-1
user
console.bloomberg.com/portal/api/ 		2 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/portal/api/user
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/polyfills.d7a1b6bd338bc5afed3b.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
X-CSRF-Token
d04ac24c3c63f201433a10870dec531d2eb8756b-1598286280664-7930e599dad0d63e4a698f49
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
2
X-XSS-Protection
1; mode=block
X-Request-ID
dadea817-7137-4a2d-cae8-46367badfaf7
Referrer-Policy
no-referrer
X-Frame-Options
SAMEORIGIN
X-Download-Options
noopen
Strict-Transport-Security
max-age=63072000; includeSubDomains
Content-Type
application/json
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Expires
-1
authorize
prod.api.bloomberg.com/authenticate/connect/
Redirect Chain
  • https://console.bloomberg.com/portal/login?redirect_uri=https%3A%2F%2Fconsole.bloomberg.com%2F%23
  • https://prod.api.bloomberg.com/authenticate/connect/authorize?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MjAxNWQzODk1ZWI1MjFjMDc3MTlhNjY4ZjRlYzhiZSIsImV4cCI6MTU5ODI4NjU4MCwibmJmIjoxNTk4Mj...
6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://prod.api.bloomberg.com/authenticate/connect/authorize?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MjAxNWQzODk1ZWI1MjFjMDc3MTlhNjY4ZjRlYzhiZSIsImV4cCI6MTU5ODI4NjU4MCwibmJmIjoxNTk4Mjg2MjgwLCJpYXQiOjE1OTgyODYyODAsInJlZ2lvbiI6Im55IiwibWV0aG9kIjoiR0VUIiwicGF0aCI6Ii9hdXRoZW50aWNhdGUvY29ubmVjdC9hdXRob3JpemUiLCJob3N0IjoiaHR0cHM6Ly9wcm9kLmFwaS5ibG9vbWJlcmcuY29tIiwiY2xpZW50X2lkIjoiNTIwMTVkMzg5NWViNTIxYzA3NzE5YTY2OGY0ZWM4YmUiLCJyZXF1ZXN0X2lkIjoiMDI4NDIyNzctNDYxNC00YjcxLWI4MjgtYTIxNDEzOWY0OGEzIiwic2NvcGUiOiJwb3J0YWwgZGV2LWNvbnNvbGUgY3JlZy1leHQgYmNpdXAtYnBtIHNmdHAgYmNpYWRmYXVkIGduZXQgY2lzLWJwbSBiYndjIGNpc2tiIGNpcy1zd2lmdCBjaXNhbGVydG1hbmFnZXIgZWNmY29uc29sZSBlbW1hIGV0a2IiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NvbnNvbGUuYmxvb21iZXJnLmNvbS9wb3J0YWwvcmVkaXJlY3Q_cmVkaXJlY3RfdXJpPWh0dHBzJTI1M0ElMjUyRiUyNTJGY29uc29sZS5ibG9vbWJlcmcuY29tJTI1MkYlMjUyMyIsInN0YXRlIjoiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5Lk5WcFpaMUZuZFUxQ2RXOXJTVzV3T1dselNtbFRaM2RvVlVwdGFqRlVPWEV6WWs5VWRucG9WRkpzTTJNMFIzTlpaa1pWVVhwUFdVdFVXV3hKWjFsWWVUUjJhbmx0TW5FeGVrRlRLMlpzTlZadVdFMTRlRFV2VVZCTVlrNXpSa0psYWtWUlpISjNRMmRQZEN0VU1sZHdNVEpsVW5aME5XcGlRMGc0ZFZoUmFXMD0ueFpkMTVDRlA0cU5JRmN4UmVIZWtFLWJabVRleG9aZE4zanNERHlZbUhkRT0iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoiZTI3ZmQ5MTgtZDU3ZS00YTkxLWIwZmUtM2RlNjcwMzg4MTQ1In0=.5AHNFNXdzwlf8xTCwDNPL3bgiCiQlbL1mLt0nHtXUAw=
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/main.3fc7354b96eeb7c9c7da.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.166 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Host
prod.api.bloomberg.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
same-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://console.bloomberg.com/#/

Response headers

Date
Mon, 24 Aug 2020 16:24:41 GMT
Content-Type
text/html; charset=UTF-8
Transfer-Encoding
chunked
Connection
keep-alive
Content-Encoding
gzip

Redirect headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Content-Length
0
Connection
keep-alive
Expires
-1
Location
https://prod.api.bloomberg.com/authenticate/connect/authorize?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI1MjAxNWQzODk1ZWI1MjFjMDc3MTlhNjY4ZjRlYzhiZSIsImV4cCI6MTU5ODI4NjU4MCwibmJmIjoxNTk4Mjg2MjgwLCJpYXQiOjE1OTgyODYyODAsInJlZ2lvbiI6Im55IiwibWV0aG9kIjoiR0VUIiwicGF0aCI6Ii9hdXRoZW50aWNhdGUvY29ubmVjdC9hdXRob3JpemUiLCJob3N0IjoiaHR0cHM6Ly9wcm9kLmFwaS5ibG9vbWJlcmcuY29tIiwiY2xpZW50X2lkIjoiNTIwMTVkMzg5NWViNTIxYzA3NzE5YTY2OGY0ZWM4YmUiLCJyZXF1ZXN0X2lkIjoiMDI4NDIyNzctNDYxNC00YjcxLWI4MjgtYTIxNDEzOWY0OGEzIiwic2NvcGUiOiJwb3J0YWwgZGV2LWNvbnNvbGUgY3JlZy1leHQgYmNpdXAtYnBtIHNmdHAgYmNpYWRmYXVkIGduZXQgY2lzLWJwbSBiYndjIGNpc2tiIGNpcy1zd2lmdCBjaXNhbGVydG1hbmFnZXIgZWNmY29uc29sZSBlbW1hIGV0a2IiLCJyZWRpcmVjdF91cmkiOiJodHRwczovL2NvbnNvbGUuYmxvb21iZXJnLmNvbS9wb3J0YWwvcmVkaXJlY3Q_cmVkaXJlY3RfdXJpPWh0dHBzJTI1M0ElMjUyRiUyNTJGY29uc29sZS5ibG9vbWJlcmcuY29tJTI1MkYlMjUyMyIsInN0YXRlIjoiZXlKaGJHY2lPaUpJVXpJMU5pSXNJblI1Y0NJNklrcFhWQ0o5Lk5WcFpaMUZuZFUxQ2RXOXJTVzV3T1dselNtbFRaM2RvVlVwdGFqRlVPWEV6WWs5VWRucG9WRkpzTTJNMFIzTlpaa1pWVVhwUFdVdFVXV3hKWjFsWWVUUjJhbmx0TW5FeGVrRlRLMlpzTlZadVdFMTRlRFV2VVZCTVlrNXpSa0psYWtWUlpISjNRMmRQZEN0VU1sZHdNVEpsVW5aME5XcGlRMGc0ZFZoUmFXMD0ueFpkMTVDRlA0cU5JRmN4UmVIZWtFLWJabVRleG9aZE4zanNERHlZbUhkRT0iLCJyZXNwb25zZV90eXBlIjoiY29kZSIsIm5vbmNlIjoiZTI3ZmQ5MTgtZDU3ZS00YTkxLWIwZmUtM2RlNjcwMzg4MTQ1In0=.5AHNFNXdzwlf8xTCwDNPL3bgiCiQlbL1mLt0nHtXUAw=
Set-Cookie
PLAY_SESSION=eyJhbGciOiJIUzI1NiJ9.eyJkYXRhIjp7IjhmZDZlNmEzLTRjOWMtNDczMS05ZTg4LTczMGFjM2E2YjY1NiI6ImV5SmhiR2NpT2lKSVV6STFOaUlzSW5SNWNDSTZJa3BYVkNKOS5OVnBaWjFGbmRVMUNkVzlyU1c1d09XbHpTbWxUWjNkb1ZVcHRhakZVT1hFellrOVVkbnBvVkZKc00yTTBSM05aWmtaVlVYcFBXVXRVV1d4SloxbFllVFIyYW5sdE1uRXhla0ZUSzJac05WWnVXRTE0ZURVdlVWQk1ZazV6UmtKbGFrVlJaSEozUTJkUGRDdFVNbGR3TVRKbFVuWjBOV3BpUTBnNGRWaFJhVzA9LnhaZDE1Q0ZQNHFOSUZjeFJlSGVrRS1iWm1UZXhvWmROM2pzRER5WW1IZEU9In0sIm5iZiI6MTU5ODI4NjI4MCwiaWF0IjoxNTk4Mjg2MjgwfQ.W08wLzAeSBNf4-1yNbKkZEONiFw9LauFtoFEsCQSEf4; SameSite=Lax; Path=/; HTTPOnly
X-Frame-Options
SAMEORIGIN
X-Request-ID
216a36d6-0b18-4b0e-cbc3-e565fa8ffc4a
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Permitted-Cross-Domain-Policies
none
Referrer-Policy
no-referrer
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
X-Download-Options
noopen
MaterialIcons-Regular.012cf6a10129e2275d79.woff
console.bloomberg.com/ 		56 KB
58 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://console.bloomberg.com/MaterialIcons-Regular.012cf6a10129e2275d79.woff
Requested by
Host: console.bloomberg.com
URL: https://console.bloomberg.com/styles.56bcfb09495d6e61b410.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.252.184 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://console.bloomberg.com
Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 24 Aug 2020 16:24:40 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Surrogate-Control
no-store
X-DNS-Prefetch-Control
off
Connection
keep-alive
Content-Length
57620
X-XSS-Protection
1; mode=block
X-Request-ID
cd7f3973-86fd-4ff7-cfc7-835d3f0bf641
Referrer-Policy
no-referrer
Last-Modified
Wed, 19 Aug 2020 20:49:06 GMT
ETag
"5f3d9042-e114"
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/font-woff
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; usb 'none'; vr 'none'
Content-Security-Policy
default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Accept-Ranges
bytes
Primary Request Cookie set SSO.ping
bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/
Redirect Chain
  • https://bsso.blpprofessional.com/idp/SSO.saml2
  • https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
25c70a013ce18121250ab50a971307d315259be0e53ceb1cecddb057d2968f8e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Host
bsso.blpprofessional.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
document
Referer
https://prod.api.bloomberg.com/
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
PF=v7Tst91eLlsw09OoeKr9BiUpn96kNP7JpUNteivtw8Tf
Upgrade-Insecure-Requests
1
Origin
https://prod.api.bloomberg.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://prod.api.bloomberg.com/

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000
Date
Mon, 24 Aug 2020 16:24:42 GMT
X-Frame-Options
SAMEORIGIN
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
Set-Cookie
PF=v7Tst91eLlsw09OoeKr9BiUpn96kNP7JpUNteivtw8Tf;Path=/;Secure;HttpOnly;SameSite=None
Content-Length
3301

Redirect headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload max-age=31536000
Date
Mon, 24 Aug 2020 16:24:42 GMT
X-Frame-Options
SAMEORIGIN
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Cache-Control
no-cache, no-store
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=utf-8
Set-Cookie
PF=v7Tst91eLlsw09OoeKr9BiUpn96kNP7JpUNteivtw8Tf;Path=/;Secure;HttpOnly;SameSite=None
Location
https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Content-Length
0
font-awesome.min.css
bsso.blpprofessional.com/assets/portal/css/ 		26 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/css/font-awesome.min.css
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
4fafd619f4c42bd22a4a7d617f495d50a23af4fe0032bea360badd3273a9825a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
26825
main.css
bsso.blpprofessional.com/assets/portal/css/ 		27 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/css/main.css
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
4ad725bf313f199b15fc17334f14faba69db6afbb9b9a58bbaed6cb98527475f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
27827
responsive.css
bsso.blpprofessional.com/assets/portal/css/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/css/responsive.css
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
d251c439ee586fd578a43277a92f0cc6937cb7a43213c3bc436489b893c656c9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
5694
logo.png
bsso.blpprofessional.com/assets/portal/img/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bsso.blpprofessional.com/assets/portal/img/logo.png
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
0e5bbfbd577ba781cfe1ae6387cf4af48ec504fdc2bf690c14ee797af63786ab
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
4443
bb_util.js
bsso.blpprofessional.com/assets/portal/js/library/ 		656 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/js/library/bb_util.js
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
47ce88813a692e83a2f8355357aa4d569566a1363e269d36aa2a54242128c518
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
656
bb_form.js
bsso.blpprofessional.com/assets/portal/js/library/ 		10 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/js/library/bb_form.js
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
75eb3533ca10df661a2218daf8d3a4bbf1510020111112d6099db56696ffc096
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
10076
login.js
bsso.blpprofessional.com/assets/portal/js/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/js/login.js
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/idp/ewXsv/resumeSAML20/idp/SSO.ping
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
b2aac5ab36dd2f58815b2c8adb2bf388f92da268fc84542849164aa98b2c097f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
1386
bg-left.png
bsso.blpprofessional.com/assets/portal/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bsso.blpprofessional.com/assets/portal/img/bg-left.png
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
3632f5c9e47019373d1bf2a4ee4e77c72623e0ef4c609038debbe0cb17427e0e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
2491
terminal.svg
bsso.blpprofessional.com/assets/portal/img/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bsso.blpprofessional.com/assets/portal/img/terminal.svg
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
5922db5ee9de9845327bd792403016a6ccce5c0acb30351f7c48856e266986f2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
1262
password.svg
bsso.blpprofessional.com/assets/portal/img/ 		943 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bsso.blpprofessional.com/assets/portal/img/password.svg
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
2091beb64ff7953f068013de72c7bc48f76482186589644bb2e602537512a3a2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:44 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
943
bg-right.png
bsso.blpprofessional.com/assets/portal/img/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bsso.blpprofessional.com/assets/portal/img/bg-right.png
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
ebe179e1b0610316311f1321a5f8d750f4209327d46b5a53dd0d05be64957740
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:44 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
1553
AvenirNextPForBBG-Regular.otf
bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Regular/ 		107 KB
108 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Regular/AvenirNextPForBBG-Regular.otf
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://bsso.blpprofessional.com
Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/vnd.oasis.opendocument.formula-template
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
109676
AvenirNextPForBBG-Demi.otf
bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Demi/ 		107 KB
108 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Demi/AvenirNextPForBBG-Demi.otf
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://bsso.blpprofessional.com
Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/vnd.oasis.opendocument.formula-template
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
109784
AvenirNextPForBBG-Medium.otf
bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Medium/ 		107 KB
108 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://bsso.blpprofessional.com/assets/portal/fonts/AvenirNextPForBBG-Medium/AvenirNextPForBBG-Medium.otf
Requested by
Host: bsso.blpprofessional.com
URL: https://bsso.blpprofessional.com/assets/portal/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
69.191.249.87 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Strict-Transport-Security Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Origin
https://bsso.blpprofessional.com
Referer
https://bsso.blpprofessional.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Strict-Transport-Security
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload, max-age=31536000
Referrer-Policy
origin
Last-Modified
Fri, 31 Jul 2020 22:31:43 GMT
Date
Mon, 24 Aug 2020 16:24:43 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/vnd.oasis.opendocument.formula-template
Cache-Control
max-age=0, must-revalidate
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' data:;frame-src data:;img-src *;frame-src 'self' data:;frame-ancestors 'self' https://staging.bloomberg.com ;
Connection
close
Content-Length
109664

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| trustedTypes object| BB_UTIL function| BB_FORM

1 Cookies

Domain/Path Name / Value
bsso.blpprofessional.com/ Name: PF
Value: v7Tst91eLlsw09OoeKr9BiUpn96kNP7JpUNteivtw8Tf

2 Console Messages

Source Level URL
Text
console-api error URL: https://console.bloomberg.com/main.3fc7354b96eeb7c9c7da.js(Line 1)
Message:
API request error. endpoint is: https://console.bloomberg.com/portal/ecapp/ecfconsole/v1/enabledFeatures, error response is: null
console-api error URL: https://console.bloomberg.com/main.3fc7354b96eeb7c9c7da.js(Line 1)
Message:
API request error. endpoint is: https://console.bloomberg.com/portal/ecapp/ecfconsole/v1/enabledFeatures, error response is: null

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; connect-src 'self' *.bloomberg.com:*; img-src 'self' data:; media-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.bloomberg.com:* *.blpprofessional.com:* *.bbthat.com:* *.bwbx.io:*; base-uri 'self'; font-src 'self' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:* data:; frame-ancestors 'self'; frame-src 'self'; object-src 'self'; style-src 'self' 'unsafe-inline' *.bloomberg.com:* *.bbthat.com:* *.bwbx.io:*; worker-src 'strict-dynamic'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block