www.bp.com Open in urlscan Pro
2a02:26f0:480:5a4::1461 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://www.bppayback.mx/
Effective URL:
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Submission Tags: falconsandbox
Submission: On July 03 via api (July 3rd 2024, 3:59:44 pm UTC) from US — Scanned from DE

Summary HTTP 27 Redirects Behaviour Indicators

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 27 HTTP transactions. The main IP is 2a02:26f0:480:5a4::1461, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.bp.com. The Cisco Umbrella rank of the primary domain is 317992.
TLS certificate: Issued by Entrust Certification Authority - L1K on June 18th 2024. Valid for: 10 months.

This is the only time www.bp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	54.72.215.189 54.72.215.189	16509 (AMAZON-02) (AMAZON-02)
1 25	2a02:26f0:480... 2a02:26f0:480:5a4::1461	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
27	3

1 54.72.215.189 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-215-189.eu-west-1.compute.amazonaws.com

www.bppayback.mx	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 2a02:26f0:480:5a4::1461 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)

www.bp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
apps.bp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	bp.com 1 redirects www.bp.com — Cisco Umbrella Rank: 317992 apps.bp.com — Cisco Umbrella Rank: 690965	760 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 81	533 KB
1	bppayback.mx 1 redirects www.bppayback.mx	863 B
27	3

	Domain	Requested by
23	www.bp.com	1 redirects www.bp.com
3	www.googletagmanager.com	www.bp.com www.googletagmanager.com
2	apps.bp.com	www.bp.com
1	www.bppayback.mx	1 redirects
27	4

This site contains no links.

Subject Issuer	Validity	Valid
www.bp.com Entrust Certification Authority - L1K	`2024-06-18` - `2025-04-27`	10 months	crt.sh
*.google-analytics.com WR2	`2024-06-13` - `2024-09-05`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Frame ID: BC81558A73EF33DD57216AC6C59E424E
Requests: 2 HTTP requests in this frame

Frame: https://www.bp.com/es_mx/mexico/home/error.html
Frame ID: BDCB668CCF4F140BF53958BFDB0EF9AB
Requests: 26 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

BP | Error Page

Page URL History Show full URLs

http://www.bppayback.mx/ HTTP 307
https://www.bppayback.mx/ HTTP 301
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

27
Requests

96 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

1291 kB
Transfer

3881 kB
Size

3
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://www.bppayback.mx/ HTTP 307
https://www.bppayback.mx/ HTTP 301
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 26

https://www.bp.com/favicon.ico HTTP 301
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico

27 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

404

Primary Request registro.html Show response
www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/
Redirect Chain

http://www.bppayback.mx/
https://www.bppayback.mx/
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html

13 KB
15 KB

197ms
117ms

Document
text/html

2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

43d4896bb2b385f6a18768e4a2447122e2ea0af7d28fc1b53d9782ca9fedcaac

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: max-age=0, no-cache, no-store, private
content-length: 13778
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-type: text/html; charset=UTF-8
date: Wed, 03 Jul 2024 15:59:40 GMT
etag: "35d2-5f5f8e2201080"
expires: Wed, 03 Jul 2024 15:59:40 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
platform: Navitas-Blue
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: Apache
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

content-length: 291
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-type: text/html; charset=iso-8859-1
date: Wed, 03 Jul 2024 15:59:40 GMT
location: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
platform: Navitas-Wandel
referrer-policy: no-referrer-when-downgrade
server: Apache
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 error.html Show response
www.bp.com/es_mx/mexico/home/ Frame BDCB 43 KB
9 KB 206ms
206ms Document
text/html 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/es_mx/mexico/home/error.html

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

800c54c8d8ef0ec34228258b653af6ff842e02f46b966dd81136fdb9fafaac97

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Win32"

Response headers

accept-ranges: bytes
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: max-age=0, no-cache, no-store, private
content-encoding: gzip
content-length: 7203
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-type: text/html; charset=UTF-8
date: Wed, 03 Jul 2024 15:59:40 GMT
etag: W/"ac2f-61c59eafff6de"
expires: Wed, 03 Jul 2024 15:59:40 GMT
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
platform: Navitas-Blue
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: Apache
strict-transport-security: max-age=31536000
vary: Accept-Encoding
x-akamai-transformed: 9 6985 0 pmb=mTOE,2
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

GET
H2 200 NRIcons.woff2
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ Frame BDCB 6 KB
7 KB 80ms
79ms Font
text/plain 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/NRIcons.woff2

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

534ef9c90b1f7da068b665cd36d632002ea9c86082838b71514e84a0a4cfe484

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Origin: https://www.bp.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-length: 5960
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "1748-605c315d053c0"
x-frame-options: SAMEORIGIN
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=35
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:00:15 GMT

GET
H2 200 Roboto-Regular.woff
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ Frame BDCB 92 KB
93 KB 91ms
90ms Font
application/font-woff 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/Roboto-Regular.woff

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

30f35b44f8e8062ce72090ab461396ed263b3d9e0edbad833be0fa47b0d08edb

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Origin: https://www.bp.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-length: 93792
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "16e60-5fb921f458500"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=175
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:02:35 GMT

GET
H2 200 Roboto-Light.woff
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ Frame BDCB 91 KB
92 KB 58ms
57ms Font
application/font-woff 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/Roboto-Light.woff

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

236765cdd11da57ff429fccc35033664069777cae6f46a834d2e29e2672f47b3

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Origin: https://www.bp.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-length: 93480
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "16d28-5fb92401d1cc0"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=233
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:03:33 GMT

GET
H2 200 Roboto-Bold.woff
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ Frame BDCB 92 KB
93 KB 58ms
57ms Font
application/font-woff 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/Roboto-Bold.woff

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

731502cf89d9c2add0feb1634d8f13c56cd0e530a42c5e7641cae78c9865eaeb

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Origin: https://www.bp.com
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-length: 94048
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "16f60-5fb922b6e5000"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=225
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:03:25 GMT

GET
H2 200 assets.css
www.bp.com/apps/settings/wcm/designs/refresh/bp/ Frame BDCB 348 KB
50 KB 60ms
59ms Stylesheet
text/css 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.css

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

8b0b1eb6cdc3040b6bbf8a7ddd73f0b827e3f889fac2ff9ae1900af7b5e3e010

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 50020
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "570f1-61b5f27b0b880"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=64
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:00:44 GMT

GET
H2 200 6949b6bd Show response
www.bp.com/akam/13/ Frame BDCB 26 KB
9 KB 64ms
63ms Script
application/javascript 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bp.com/akam/13/6949b6bd
Requested by: Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 8b83aece0142d5b02d3296e2f9b8b2961c8fd1864e101fafc337050445b97391

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
last-modified: Thu, 22 Feb 2024 19:39:48 GMT
etag: "91835e8be273d887b005d5e0eda144d54da574491d501419ff9d5246cefb7e86"
stored-attribute-sha-checksum: 8b83aece0142d5b02d3296e2f9b8b2961c8fd1864e101fafc337050445b97391
vary: Accept-Encoding
content-type: application/javascript
cache-control: max-age=21600
content-length: 8763
expires: Wed, 03 Jul 2024 15:59:40 GMT

GET
H2 200 bp_horizontal_rgb.svg
www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/ Frame BDCB 14 KB
6 KB 126ms
126ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/bp_horizontal_rgb.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

e9fc9bcacb9378413ce52d76c7a263367f6b77943f1ce775bc223ab7655d5fc2

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 5176
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "363a-5fd1e755675c0"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=257
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:03:57 GMT

GET
H2 200 bp-logo.svg
www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/ Frame BDCB 10 KB
4 KB 58ms
58ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/bp-logo.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

68532cd7e3546faddb5ce30af3e3285006ff4772ee38c21089883d74998c7789

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 2845
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "2784-5bf91c877a280"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=94
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:01:14 GMT

GET
H2 200 invoice.png
www.bp.com/content/dam/bp/master-site/en/global/home/images/icons/ Frame BDCB 20 KB
21 KB 90ms
89ms Image
image/png 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/content/dam/bp/master-site/en/global/home/images/icons/invoice.png

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

398daab2895e5110f84d3a99e09a08848b91b8b6f365f9ee08102e5e5412d31e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
date: Wed, 03 Jul 2024 15:59:40 GMT
last-modified: Tue, 02 Jul 2024 00:37:04 GMT
server: Akamai Image Manager
etag: "be11-583e4f84aff40"
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, no-transform, max-age=22581
content-length: 20667
expires: Wed, 03 Jul 2024 22:16:01 GMT

GET
H2 200 bp-icon-pump-station-bp-green-720.png
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/ Frame BDCB 7 KB
7 KB 66ms
64ms Image
image/avif 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/bp-icon-pump-station-bp-green-720.png

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

09e6ab30b43602dfb8fb3d6a7a5f30ea41f4f98e912dcfefdab9eca0a56900e1

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
date: Wed, 03 Jul 2024 15:59:40 GMT
last-modified: Sun, 30 Jun 2024 05:31:11 GMT
server: Akamai Image Manager
etag: "72c9-58e796a96ad80"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, no-transform, max-age=22791
content-length: 6723
expires: Wed, 03 Jul 2024 22:19:31 GMT

GET
H2 200 icono.png
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/payback/ Frame BDCB 6 KB
7 KB 100ms
99ms Image
image/avif 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/payback/icono.png

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Akamai Image Manager /

Resource Hash

1844b0b23c048293271c71be6948afed1bf74d132bdb9962a9537ed483ad78c0

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options	SAMEORIGIN

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
date: Wed, 03 Jul 2024 15:59:40 GMT
last-modified: Mon, 01 Jul 2024 02:36:54 GMT
server: Akamai Image Manager
etag: "6051-591da49496c80"
x-frame-options: SAMEORIGIN
content-type: image/avif
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, no-transform, max-age=21209
content-length: 6628
expires: Wed, 03 Jul 2024 21:53:09 GMT

GET
H2 200 instagram.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ Frame BDCB 2 KB
2 KB 102ms
101ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/instagram.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

50d453933f680e2684bd5cc11545f6e0a2ae3a5f3fcae957aa6b6c91be40d6bc

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 908
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "879-586cfa1a74700"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=275
permissions-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:04:15 GMT

GET
H2 200 twitter.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ Frame BDCB 426 B
1 KB 79ms
78ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/twitter.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

b5a183a6b1e880fc34eb9b66ec585e5c3daefc30ee32aeaecaf34ca05a61612a

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 284
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "1aa-60ae5b93f8400"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=10
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 15:59:50 GMT

GET
H2 200 fb.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ Frame BDCB 562 B
1 KB 80ms
79ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/fb.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

6e1964914997a707c66637e088bcc85eedf432ebf3ce0a92be9b1192ec515b8e

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 335
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "232-56f7144929d00"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=64
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:00:44 GMT

GET
H2 200 assets.js Show response
www.bp.com/apps/settings/wcm/designs/refresh/bp/ Frame BDCB 1 MB
322 KB 81ms
80ms Script
application/javascript 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.js

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

623126383789541ff2f6c12729141a54547d60e66d0ac3edd063501b185061c4

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 328261
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "1178d4-61b5f27b0b880"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
cache-control: private, max-age=1
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 15:59:41 GMT

GET
H2 200 csrf.js Show response
www.bp.com/etc.clientlibs/clientlibs/granite/jquery/granite/ Frame BDCB 0
936 B 80ms
78ms Script
application/javascript 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.js

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-length: 0
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "0-5cc33295e5640"
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: private, max-age=166
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:02:26 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame BDCB 652 KB
158 KB 134ms
82ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WJFXK46

Requested by

Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/error.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

38097ee54b9ed52579bfcb1dadd0f60090e1c2463a58807cd5ac2880a17362f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 161628
x-xss-protection: 0
last-modified: Wed, 03 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Jul 2024 15:59:40 GMT

GET
H2 200 arrow-up.svg
www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/ Frame BDCB 248 B
1 KB 51ms
51ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/arrow-up.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

5f8b38bbe25343e6a001ec3914920d7a4deb9012d419a8eb8005bc7c7a2de644

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 209
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "f8-5bf91c877a280"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=265
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:04:05 GMT

GET
H2 200 arrow-down.svg
www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/ Frame BDCB 249 B
1 KB 38ms
38ms Image
image/svg+xml 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/arrow-down.svg

Requested by

Host: www.bp.com
URL: https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

62801af240a5c3659f75300983cd3babeafede7c85d21d26120147492be6eef7

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.css
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:40 GMT
content-encoding: gzip
content-length: 206
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "f9-5bf91c877a280"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: private, max-age=145
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:02:05 GMT

GET
DATA 200
OK truncated
/ Frame BDCB 9 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame BDCB 157 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

OPTIONS
H2 200 SharePriceFeed
apps.bp.com/ Frame 0
0 198ms
119ms Preflight
application/json 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://apps.bp.com/SharePriceFeed?cb=1720022380878
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: x-api-key
Access-Control-Request-Method: GET
Origin: https://www.bp.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
access-control-allow-methods: GET,OPTIONS
access-control-allow-origin: *
cache-control: max-age=0, no-cache, private
content-length: 0
content-type: application/json
date: Wed, 03 Jul 2024 15:59:41 GMT
expires: Wed, 03 Jul 2024 15:59:41 GMT
pragma: no-cache
x-amz-apigw-id: aV9JFFRMjoEEU-A=
x-amzn-requestid: c12609e7-1e95-4a8d-9bb3-df48cee318dd

GET
H2 200 SharePriceFeed Show response
apps.bp.com/ Frame BDCB 445 B
1 KB 78ms
77ms XHR
application/json 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://apps.bp.com/SharePriceFeed?cb=1720022380878
Requested by: Host: www.bp.com
URL: https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: a7eb486b7cc9eca6f3cf0f0f034c5667ae21b2ada7cddae60ebcedec6133fbcb

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.bp.com/es_mx/mexico/home/error.html
x-api-key: 8tmAkp0htLAW4cq1zSPk8YGgKpG4dU62gl80C6Cj
sec-ch-ua-platform: "Win32"

Response headers

pragma: no-cache
date: Wed, 03 Jul 2024 15:59:41 GMT
x-amzn-trace-id: Root=1-6685756d-4182543d14566c563f088694;Parent=6164c24446912f8a;Sampled=0;lineage=69a5f5ca:0
x-amzn-requestid: 14bcc2ba-5048-4516-9d50-444e2ebec34e
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, no-cache, private
x-amz-apigw-id: aV9JGHf3DoEEL3w=
content-length: 445
expires: Wed, 03 Jul 2024 15:59:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame BDCB 529 KB
141 KB 80ms
79ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-WXHV2VT&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJFXK46

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

01c5d02cc09b6b376dadf434e12e8c8465f8253e10f9db23cc287ea5d1f15da3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 15:59:41 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 143908
x-xss-protection: 0
last-modified: Wed, 03 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Jul 2024 15:59:41 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ Frame BDCB 785 KB
233 KB 89ms
89ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KX7KMTR&l=dataLayer

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJFXK46

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f68b41cf4d24bb9af7868def126a577dc9ac6a32acb8db07812af205e06ede9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform: "Win32"

Response headers

date: Wed, 03 Jul 2024 15:59:41 GMT
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 238778
x-xss-protection: 0
last-modified: Wed, 03 Jul 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 03 Jul 2024 15:59:41 GMT

GET
H2

200

favicon.ico
www.bp.com/apps/settings/wcm/designs/refresh/bp/
Redirect Chain

https://www.bp.com/favicon.ico
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico

15 KB
16 KB

43ms
43ms

Other
image/vnd.microsoft.icon

2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico

Protocol

Server

2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

019cf0094d22ea2704104fc8192856f859d86e2fbd50dbcd07d86926e7e6f35c

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=0; includeSubDomains;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: de-DE,de;q=0.9;q=0.9
Referer: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
strict-transport-security: max-age=0; includeSubDomains;
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:41 GMT
content-length: 15406
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
etag: "3c2e-5bf91c877a280"
x-frame-options: SAMEORIGIN
content-type: image/vnd.microsoft.icon
cache-control: private, max-age=216
feature-policy: accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges: bytes
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:03:17 GMT

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options: nosniff
date: Wed, 03 Jul 2024 15:59:41 GMT
content-length: 275
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: Apache
x-frame-options: SAMEORIGIN
content-type: text/html; charset=iso-8859-1
access-control-allow-origin: https://bppay-wallet-web-app.bp.com
location: https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico
cache-control: private, max-age=165
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
platform: Navitas-Blue
expires: Wed, 03 Jul 2024 16:02:26 GMT

POST
H2 200 pixel_6949b6bd Show response
www.bp.com/akam/13/ Frame BDCB 0
682 B 26ms
26ms XHR
text/html 2a02:26f0:480:5a4::1461
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bp.com/akam/13/pixel_6949b6bd
Requested by: Host: www.bp.com
URL: https://www.bp.com/akam/13/6949b6bd
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:5a4::1461 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua: "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-platform: "Win32"
Referer: https://www.bp.com/es_mx/mexico/home/error.html
Accept-Language: de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

expires: Wed, 03 Jul 2024 15:59:41 GMT
pragma: no-cache
date: Wed, 03 Jul 2024 15:59:41 GMT
cache-control: max-age=0, no-cache, no-store, private
content-length: 0
content-type: text/html

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bp.com/	1970-01-20 21:47:09	Name: bm_mi Value: 46CB498215A081AF7D70B690151BECF2~YAAQptAXAsBw31OQAQAAT7BSeRgMqIaI8xrnphzfesx+I7mLIxNT0nrt/xddFqRiF20115j/yyi2MGkM8pvyg5jNMlr8XVVTGt1QHh0F6els9NLc2lvzgyU9OcnAaO0hE+fzaCVrBpGjSWR8LTA87FOQGv0KgRkJCd7mUvMbBKSGGK9oTQspSm/Sn6sBtoyt0suGZ5M5y3AL/xoQjKOm9F5wDfnuOTi1lYkJi+iyy65CmX4IfyVqOEeDN9PKDXtK9u3sw8leohOUGBw7nrH4JKYzS2aV28hObjTCbxzi9iqvc1LUk8gvVYNOT+NPLKl8qgSzI2GmYzmg7SeAV6YlXTclSwByIQ==~1
.bp.com/	1970-01-20 21:47:09	Name: bm_sv Value: A2A16A1867A93039F869ABAB32881CC7~YAAQptAXAsFw31OQAQAAT7BSeRgXGP9vTYSfor8q7VjV9vdzoTjoUOorHdhaFRLGngc6XBxJOKYCLqozFIC2uSOQ3cJ3YKgwYMUfs8wh255vRa+fwrMaQ9nbC9oyZkMy4eiJKcqsosQHOLB7Z5kciiuHG4DNOxmYV3fd7GQ1sbW5xQxR3+oFPHQaM+f/xKuB6gSyZcZTk32+/MRrmK4ZNgN/cwacH0lPHim1gCCS0zqg4zt/+9VAJegbK/s=~1
.bp.com/	1970-01-20 21:47:09	Name: ak_bmsc Value: F818CA846DE545087BA1662967567176~000000000000000000000000000000~YAAQptAXAtRw31OQAQAAM7NSeRhKFNBQs8JfYfcMh+FOj8g0Fg21QwO9Ifh/Pld+jB1OAdvqmOODGk6DnzPAh49iU1KPZkL5JLpG7QS27lZGJ2v79eI0J1AS1NhK2Hk+AonIAbRe79z6IBuQVIMLGrsnUOWAbW+vzmT3+tRy+4svADjqFEARLfTj9wYYywnIdL1cO7Te8jKSdFV7TGfshth/d7rgW3BRNtwyptSnTQBr0AuLeyI7O524ns3VaI68jEqpWIAZij4RUhR475XQttWmQQ2xBJqiw7cj/CS4HgxRxPOGKbpGVI38BWejoSxzj5desrbA7CyT0lBOIt62DyHOQchIYUuLk4Bw/nP2kbpegHjCbbD5k4WOT6UxpOL1g8wJVr2zoXyssVD6E0ThYqzndHSNDPk+X8P3TYHK2ig/fwQkx9rkrFbQ2dUZSU+IgCv3fTpw4zloWoqe3OHvC/0JpJD40BU+HTEZDkSwA+9aZRoFNtcipJXwPz8GI3dZN7JCyIVoaqrPd7G5kgG0FfY=

21 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.
network	error	URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html Message: Failed to load resource: the server responded with a status of 404 ()
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security	warning	Message: Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.bp.com
www.bp.com
www.bppayback.mx
www.googletagmanager.com
2a00:1450:4001:830::2008
2a02:26f0:480:5a4::1461
54.72.215.189
019cf0094d22ea2704104fc8192856f859d86e2fbd50dbcd07d86926e7e6f35c
01c5d02cc09b6b376dadf434e12e8c8465f8253e10f9db23cc287ea5d1f15da3
09e6ab30b43602dfb8fb3d6a7a5f30ea41f4f98e912dcfefdab9eca0a56900e1
1844b0b23c048293271c71be6948afed1bf74d132bdb9962a9537ed483ad78c0
236765cdd11da57ff429fccc35033664069777cae6f46a834d2e29e2672f47b3
30f35b44f8e8062ce72090ab461396ed263b3d9e0edbad833be0fa47b0d08edb
38097ee54b9ed52579bfcb1dadd0f60090e1c2463a58807cd5ac2880a17362f8
398daab2895e5110f84d3a99e09a08848b91b8b6f365f9ee08102e5e5412d31e
43d4896bb2b385f6a18768e4a2447122e2ea0af7d28fc1b53d9782ca9fedcaac
50d453933f680e2684bd5cc11545f6e0a2ae3a5f3fcae957aa6b6c91be40d6bc
534ef9c90b1f7da068b665cd36d632002ea9c86082838b71514e84a0a4cfe484
5f68b41cf4d24bb9af7868def126a577dc9ac6a32acb8db07812af205e06ede9
5f8b38bbe25343e6a001ec3914920d7a4deb9012d419a8eb8005bc7c7a2de644
623126383789541ff2f6c12729141a54547d60e66d0ac3edd063501b185061c4
62801af240a5c3659f75300983cd3babeafede7c85d21d26120147492be6eef7
68532cd7e3546faddb5ce30af3e3285006ff4772ee38c21089883d74998c7789
6e1964914997a707c66637e088bcc85eedf432ebf3ce0a92be9b1192ec515b8e
731502cf89d9c2add0feb1634d8f13c56cd0e530a42c5e7641cae78c9865eaeb
800c54c8d8ef0ec34228258b653af6ff842e02f46b966dd81136fdb9fafaac97
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
8b0b1eb6cdc3040b6bbf8a7ddd73f0b827e3f889fac2ff9ae1900af7b5e3e010
8b83aece0142d5b02d3296e2f9b8b2961c8fd1864e101fafc337050445b97391
a7eb486b7cc9eca6f3cf0f0f034c5667ae21b2ada7cddae60ebcedec6133fbcb
b5a183a6b1e880fc34eb9b66ec585e5c3daefc30ee32aeaecaf34ca05a61612a
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9fc9bcacb9378413ce52d76c7a263367f6b77943f1ce775bc223ab7655d5fc2

www.bp.com Open in urlscan Pro 2a02:26f0:480:5a4::1461 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

27 Requests

96 %HTTPS

67 %IPv6

3 Domains

4 Subdomains

3 IPs

2 Countries

1291 kBTransfer

3881 kBSize

3 Cookies

0 Outgoing links

Page URL History

Redirected requests

27 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bp.com Open in urlscan Pro
2a02:26f0:480:5a4::1461 Public Scan

Screenshot
Live screenshot

Full Image

27
Requests

96 %
HTTPS

67 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

1291 kB
Transfer

3881 kB
Size

3
Cookies

27 HTTP transactions
2 data transactions