urlscan.io logo urlscan.io
SecurityTrails logo

flagstar.onlinebank.com Open in urlscan Pro
66.6.25.4  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://flagstar.onlinebank.com/
Effective URL: https://flagstar.onlinebank.com/SignIn.aspx
Submission: On October 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 4 countries across 14 domains to perform 81 HTTP transactions. The main IP is 66.6.25.4, located in United States and belongs to RADWARE-CLOUD-SERVICES, US. The main domain is flagstar.onlinebank.com. The Cisco Umbrella rank of the primary domain is 553798.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 11th 2023. Valid for: a year.
This is the only time flagstar.onlinebank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 61 66.6.25.4 25773 (RADWARE-C...)
3 172.64.146.116 13335 (CLOUDFLAR...)
1 184.24.77.156 20940 (AKAMAI-ASN1)
1 130.211.29.114 15169 (GOOGLE)
2 104.17.183.88 13335 (CLOUDFLAR...)
2 35.241.15.240 15169 (GOOGLE)
1 142.250.185.131 15169 (GOOGLE)
3 54.228.71.178 16509 (AMAZON-02)
1 142.250.184.200 15169 (GOOGLE)
1 1 34.235.233.25 14618 (AMAZON-AES)
1 65.9.66.120 16509 (AMAZON-02)
1 13.110.56.113 14340 (SALESFORCE)
2 142.250.186.46 15169 (GOOGLE)
1 74.125.133.157 15169 (GOOGLE)
1 142.250.186.68 15169 (GOOGLE)
1 13.110.56.112 14340 (SALESFORCE)
1 13.110.252.28 14340 (SALESFORCE)
81 17
61    66.6.25.4 (United States)

ASN25773 (RADWARE-CLOUD-SERVICES, US)
flagstar.onlinebank.com
3    172.64.146.116 (United States)

ASN13335 (CLOUDFLARENET, US)
www.flagstar.com
1    184.24.77.156 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-156.deploy.static.akamaitechnologies.com
use.typekit.net
1    130.211.29.114 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 114.29.211.130.bc.googleusercontent.com
cdn.perfdrive.com
2    104.17.183.88 (None, )

ASN13335 (CLOUDFLARENET, US)
onlinebank.report-uri.com
2    35.241.15.240 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 240.15.241.35.bc.googleusercontent.com
cas.avalon.perfdrive.com
1    142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net
fonts.gstatic.com
3    54.228.71.178 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-228-71-178.eu-west-1.compute.amazonaws.com
mpsnare.iesnare.com
1    142.250.184.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f8.1e100.net
www.googletagmanager.com
1    34.235.233.25 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-235-233-25.compute-1.amazonaws.com
www.glancecdn.net
1    65.9.66.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-120.fra56.r.cloudfront.net
storage.glancecdn.net
1    13.110.56.113 (Fremont, United States)

ASN14340 (SALESFORCE, US)
PTR: dcl1-ncg1-c5-iad4.la2-c1cs-ia4.salesforceliveagent.com
c.la2-c2cs-iad.salesforceliveagent.com
2    142.250.186.46 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f14.1e100.net
www.google-analytics.com
1    74.125.133.157 (United States)

ASN15169 (GOOGLE, US)
PTR: wo-in-f157.1e100.net
stats.g.doubleclick.net
1    142.250.186.68 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f4.1e100.net
www.google.com
1    13.110.56.112 (Fremont, United States)

ASN14340 (SALESFORCE, US)
PTR: dcl1-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com
d.la2-c2-iad.salesforceliveagent.com
1    13.110.252.28 (Arlington, United States)

ASN14340 (SALESFORCE, US)
PTR: dcl1-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com
d.la5-c1-ia5.salesforceliveagent.com
Apex Domain
Subdomains		 Transfer
61 onlinebank.com
flagstar.onlinebank.com — Cisco Umbrella Rank: 553798
2 MB
3 salesforceliveagent.com
c.la2-c2cs-iad.salesforceliveagent.com
d.la2-c2-iad.salesforceliveagent.com — Cisco Umbrella Rank: 126952
d.la5-c1-ia5.salesforceliveagent.com — Cisco Umbrella Rank: 25320
43 KB
3 iesnare.com
mpsnare.iesnare.com — Cisco Umbrella Rank: 6803
21 KB
3 perfdrive.com
cdn.perfdrive.com — Cisco Umbrella Rank: 32996
cas.avalon.perfdrive.com — Cisco Umbrella Rank: 11111
9 KB
3 flagstar.com
www.flagstar.com — Cisco Umbrella Rank: 371450
20 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 96
21 KB
2 glancecdn.net
www.glancecdn.net — Cisco Umbrella Rank: 12595
storage.glancecdn.net — Cisco Umbrella Rank: 18717
5 KB
2 report-uri.com
onlinebank.report-uri.com — Cisco Umbrella Rank: 188629
852 B
1 google.com
www.google.com — Cisco Umbrella Rank: 11
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 175
352 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 111
67 KB
1 gstatic.com
fonts.gstatic.com
16 KB
1 typekit.net
use.typekit.net — Cisco Umbrella Rank: 1059
7 KB
0 Failed
function sub() { [native code] }. Failed
81 14
Domain Requested by
61 flagstar.onlinebank.com 2 redirects flagstar.onlinebank.com
3 mpsnare.iesnare.com flagstar.onlinebank.com
mpsnare.iesnare.com
3 www.flagstar.com flagstar.onlinebank.com
www.flagstar.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 cas.avalon.perfdrive.com cdn.perfdrive.com
2 onlinebank.report-uri.com flagstar.onlinebank.com
1 d.la5-c1-ia5.salesforceliveagent.com c.la2-c2cs-iad.salesforceliveagent.com
1 d.la2-c2-iad.salesforceliveagent.com c.la2-c2cs-iad.salesforceliveagent.com
1 www.google.com flagstar.onlinebank.com
1 stats.g.doubleclick.net www.google-analytics.com
1 c.la2-c2cs-iad.salesforceliveagent.com flagstar.onlinebank.com
1 storage.glancecdn.net flagstar.onlinebank.com
1 www.glancecdn.net 1 redirects
1 www.googletagmanager.com flagstar.onlinebank.com
1 fonts.gstatic.com flagstar.onlinebank.com
1 cdn.perfdrive.com flagstar.onlinebank.com
1 use.typekit.net flagstar.onlinebank.com
0 truncated Failed flagstar.onlinebank.com
81 18

This site contains links to these domains. Also see Links.

Domain
www.flagstar.com
Subject Issuer Validity Valid
flagstar.onlinebank.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-01-11 -
2024-02-11		 a year crt.sh
flagstar.com
Cloudflare Inc ECC CA-3		 2022-11-19 -
2023-11-19		 a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-09-21 -
2024-10-21		 a year crt.sh
*.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2023-09-21 -
2024-09-26		 a year crt.sh
report-uri.com
E1		 2023-09-30 -
2023-12-29		 3 months crt.sh
cas.avalon.perfdrive.com
Go Daddy Secure Certificate Authority - G2		 2023-07-24 -
2024-08-05		 a year crt.sh
*.gstatic.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
mpsnare.iesnare.com
DigiCert SHA2 High Assurance Server CA		 2023-05-01 -
2024-05-29		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
la2-c1cs-ia4.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-04 -
2024-07-01		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
www.google.com
GTS CA 1C3		 2023-09-04 -
2023-11-27		 3 months crt.sh
la2-c2-ia4.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-07-04 -
2024-07-01		 a year crt.sh
la5-c1-ia5.salesforceliveagent.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-03-15 -
2024-03-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://flagstar.onlinebank.com/SignIn.aspx
Frame ID: 21F310411B1C9261416ED258B8823AC5
Requests: 89 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In - Flagstar Bank

Page URL History Show full URLs

  1. http://flagstar.onlinebank.com/ HTTP 302
    https://flagstar.onlinebank.com/ HTTP 302
    https://flagstar.onlinebank.com/SignIn.aspx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

81
Requests

99 %
HTTPS

0 %
IPv6

14
Domains

18
Subdomains

17
IPs

4
Countries

1820 kB
Transfer

1959 kB
Size

24
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://flagstar.onlinebank.com/ HTTP 302
    https://flagstar.onlinebank.com/ HTTP 302
    https://flagstar.onlinebank.com/SignIn.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 73
  • https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19916&site=production HTTP 302
  • https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.0.0M.js

81 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request SignIn.aspx
flagstar.onlinebank.com/
Redirect Chain
  • http://flagstar.onlinebank.com/
  • https://flagstar.onlinebank.com/
  • https://flagstar.onlinebank.com/SignIn.aspx
123 KB
125 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
59f20a4e588490e42376190a6dbed7b8d2429ccfb4c6f2829bdd24dc8c4d9cb6
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, no-store
Connection
keep-alive
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Type
text/html; charset=utf-8
Date
Mon, 02 Oct 2023 19:32:58 GMT
Expires
Sat, 01 Jan 2022 05:00:00 GMT
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY SAMEORIGIN
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce

Redirect headers

Cache-Control
private, no-store
Connection
keep-alive
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Content-Type
text/html; charset=utf-8
Date
Mon, 02 Oct 2023 19:32:57 GMT
Expires
Sat, 01 Jan 2022 05:00:00 GMT
Location
/SignIn.aspx
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Content-Type-Options
nosniff
X-Frame-Options
DENY SAMEORIGIN
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
EditMode.css
flagstar.onlinebank.com/App_Themes/Theme4/ 		774 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/EditMode.css?h=7935729DD9FA294F5092738F973124A2
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
94fb85c0bd3e70b7508434ba7625483252ed4e86dbde231b7917c9ef0a7ef781
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:58 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:22 GMT
ETag
W/"011106a6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
LinkLive.css
flagstar.onlinebank.com/App_Themes/Theme4/ 		942 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/LinkLive.css?h=388FC12C00CBAE436046EE8C3834A714
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
06435d00e2ab8b3ecd33fc4d19844c8192b2d924576b28bdee45595677174cda
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:22 GMT
ETag
W/"011106a6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
LoadingPanel.css
flagstar.onlinebank.com/App_Themes/Theme4/ 		89 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/LoadingPanel.css?h=C6736EE20123C32E8DED4B22817DC976
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
c0ff4817b1eb977c5bd7b1991006c69090ffdae73733a7d8829fec8d611f69fc
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:22 GMT
ETag
W/"011106a6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
opensans.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/opensans.css?h=00E29AC6B52ACB5DBA6CD365ACF1BA55
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
b9c775232213b8a4b7a63dfaf839757b2a8d1583a1af7b5766030da6e8c474b4
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:58 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
screen.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		835 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
edc9bb5e63c9fbf99f6d5e7448a9454c7b51a8fc5154e9939c863312b19e6f5a
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
surveyor-fonts.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		171 KB
172 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/surveyor-fonts.css?h=F3716756ECF09297422E8F439A93A09D
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
f31e15302a59e25862ffaff4e854830ad9759f948bf537ae5c0dba24a12f2406
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:58 GMT
Last-Modified
Sun, 29 Jul 2018 23:50:06 GMT
ETag
W/"0cb29e09627d41:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
RadDockableObject.css
flagstar.onlinebank.com/Skins/Default/Dock/Default/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Skins/Default/Dock/Default/RadDockableObject.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
926172c6f78bad8d437e449a3309ea0de03199f2bc0d2101899f3ce99df04f4b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:58 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:44 GMT
ETag
W/"002d776035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content.aspx
flagstar.onlinebank.com/ 		39 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=GlobalSkin1&t=07/21/2019%209:49:14%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
29174c3dc55eea46741571209fce99910e494e7a2a5fdfd325a8d20087ef89ed
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Sun, 21 Jul 2019 09:49:14 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content.aspx
flagstar.onlinebank.com/ 		4 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=Live+Person+Merge&t=03/14/2019%205:41:48%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Thu, 14 Mar 2019 05:41:48 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content.aspx
flagstar.onlinebank.com/ 		9 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=AM82AccountChanges&t=02/27/2020%207:14:31%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
283c84201f419afd4b749093bea98993b525892798cb48b34647a74b7a8bcd1b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Thu, 27 Feb 2020 07:14:32 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content.aspx
flagstar.onlinebank.com/ 		11 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=UXUpgradeCustomFixes&t=05/04/2020%206:08:05%20AM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
e6cd6b15bc61a34c36427b98c695507c4eab862607cff420652f0c9384baa6cf
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Mon, 04 May 2020 06:08:05 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Content.aspx
flagstar.onlinebank.com/ 		168 KB
169 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
9021fc16948021389aabeb08d81e444b27588b76de596041a9b3c2e53d313e9a
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 25 Feb 2022 19:20:17 GMT
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Content-Type
text/css
Vary
Accept-Encoding
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
print.css
flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/ 		175 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/print.css?h=DCA7C5838B3CB378F1BD4FAFF65640F3
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
f4f9f204aaab6f4fc1dfda7bc3bd4aad98d4236c7061b144b496dd991cbf12ae
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
WebResource.axd
flagstar.onlinebank.com/ 		23 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZFLi9cQ9SKv4yoO46yO68R0oWbQOkhlAKqSvWYYg4-bJkRC2yuQqJ4ceidrB_H0EeBYpbMI6dsewJZxdfcHUCupoNpm3-OjXzrHbcmrNGgEI0&t=638242705795219488
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 07 Jul 2023 00:02:59 GMT
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:03:09 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		105 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=jQuery1&h=5AFB684F420C244451FFE349F7557002
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
10fee76ac026a21ed3b9b942c737328783bff894cc3f08b875691d8bf59b46ad
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Mon, 02 Oct 2023 05:12:42 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:12:42 GMT
Resource.axd
flagstar.onlinebank.com/ 		5 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Controls.PortalMenuTree.js&h=3CFF7F68632A1ADEE478E6173AFC7011
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
66d03cfbf55f906f2c0c22f6117448948c07881cdf9e3eb287b5cb26a7601895
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:10:34 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:10:34 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		71 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=jQuery&h=37339413BBD44EF1D3C2018A8844F282
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
f780cfd2187eb88efd1d32da69533ae77d16caed4da07d6da7a7e95ac89a3ac3
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:07:35 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:07:35 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		6 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Desktop&h=283B77E1EDDF4F658755DD22F525C858
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
e154e27a9354991258b09c251acd2d5a0645f53ae49a8faec2c092c7fa5906e4
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Mon, 02 Oct 2023 05:04:52 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:04:52 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		36 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=Core&h=D00A7301B949390CCB348600DCCCBA52
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
0d599fedc4092e32effd6d7f8bc4228fc92585203ae898b3c933a968179d33f9
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:08:53 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:08:53 GMT
ScriptRegistrar.aspx
flagstar.onlinebank.com/ 		173 KB
174 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=jQueryUI&h=B05F4ADD235116BA1419492A28AE8947
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
5873e7c2d35cb06973ba528c147fdffbf2f19d0a2c41312c59172d4d823514b3
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Mon, 02 Oct 2023 05:03:09 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:03:09 GMT
Resource.axd
flagstar.onlinebank.com/ 		15 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?k=jquery.tools&r=IDS.Web.Resources.Scripts.jquery.tools.min.js&h=98EDE3E266766F3CC8FBC6447F87BC4A
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
4181ba8af6f8e421d85560793c7dda28d3ec22b6e5f35eb1d21dfde6bf6f6eed
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:13:06 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:13:06 GMT
Resource.axd
flagstar.onlinebank.com/ 		382 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Web.Resources.Scripts.jslogging.js&h=C578B076511D7E36E08287E713D2B08F
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
d91a13ea8b1257f34b0402fba9e9875131d80dfcf2ed3e335fb594d084216a68
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:10:39 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:10:39 GMT
Resource.axd
flagstar.onlinebank.com/ 		738 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Web.Resources.Scripts.orcc.jquery.ajaxextensions.js&h=50186DCB60723F901E4705B188F6386C
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
c7ddf668a7f68684f1c772e99a4d8ce4e4e5ec99d444cbcc2053930d8dea3aba
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:03:12 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:03:12 GMT
Resource.axd
flagstar.onlinebank.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Web.hlm.base.template.Theme4.js.scripts.js&h=CB8D91EFE9F1F8687653F83C97D7BF09
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
d9452167a737f782b3f3137f7e08f73251b330201fa2930f44eec316b34db481
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:03:32 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:03:32 GMT
Resource.axd
flagstar.onlinebank.com/ 		8 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Web.hlm.base.template.Theme4.js.personalize.js&h=9B20C4EB71766A0BED8EF2C7F9A82388
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
d0048d25ebdfe263792166d8dcac3f09d95a62f62dff38fd52f553faa9e133b5
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:03:31 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:03:31 GMT
Resource.axd
flagstar.onlinebank.com/ 		1 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?k=jquery.ui.touch-punch&r=IDS.Web.Resources.Scripts.jquery.ui.touch-punch.js&h=8D54427BA97E1865BDD33FBD942F8243
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
0da5cf16d1a549dc5e4acffcd3f86700a298d6c6702a3b4fe89c5bab314f6c84
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:14:04 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:14:04 GMT
Resource.axd
flagstar.onlinebank.com/ 		8 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Resource.axd?r=IDS.Portal.Web.hlm.base.template.Theme4.MainModuleTemplateHeader.js&h=AAE0C33B512128F3C215464BBF155A7A
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
2909ef308e07542a70540ae09317f0fe01673a35790330b2cb19581c04777219
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:03:09 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:03:09 GMT
ScriptResource.axd
flagstar.onlinebank.com/ 		26 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/ScriptResource.axd?d=nv7asgRUU0tRmHNR2D6t1MuUMADhjQDqweIIWUavfumUrRgefrAoLvf12von5xzCo0LFIDh2TwkJYLekb1CeJEr3psxk0yhT-T-i5M3Np6RZGnEwBa667yeXPF1gUwPMDOUt7TKLG4Yj-WEdFIN98_6EphMf-2OIEgYiHKtuv1tzVsH4r3ztRXa7kGDeZ7nd0&t=ffffffffcc837f48
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 02 Oct 2023 05:09:39 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:09:39 GMT
fp_AA.js
flagstar.onlinebank.com/hlm/base/Authentication/Scripts/ 		32 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/hlm/base/Authentication/Scripts/fp_AA.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
cb5643ffff191bf755e4b0812525d2db86931ea3f666bc8f0bf244f2da2042b9
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:32 GMT
ETag
W/"0f25706035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Telerik.Web.UI.WebResource.axd
flagstar.onlinebank.com/ 		140 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=M_layout_content_ScriptManager_TSM&compress=1&_TSM_CombinedScripts_=%3b%3bSystem.Web.Extensions%2c+Version%3d4.0.0.0%2c+Culture%3dneutral%2c+PublicKeyToken%3d31bf3856ad364e35%3aen-US%3aed4ec4c6-6ace-4ce7-b1cb-2927a11beac8%3aea597d4b%3ab25378d2
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
6841fe4e9e8bf20c1f2716741c50335132b434e4b2510729b4927888f00409e7
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Tue, 15 Sep 2020 00:00:00 GMT
Transfer-Encoding
chunked
Vary
User-Agent
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
Cache-Control
public, max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 19:33:00 GMT
WebResource.axd
flagstar.onlinebank.com/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/WebResource.axd?d=JoBkLzP19aTuxbWOhHobYrbhumlz3QZ7G8hw6GoJSg4e_VAtmDL_JuwN8Neb0Nf7fvcBhjz8o1SkaEZtT2T75zgcSea-S51pjDdZg4f0bR-iXFLVaRf22T4cooSLWR5X0&t=638242705795219488
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Wed, 26 Jul 2023 03:54:46 GMT
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
application/x-javascript
X-Frame-Options
SAMEORIGIN
Cache-Control
public
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
Expires
Tue, 01 Oct 2024 05:14:57 GMT
need-help.css
www.flagstar.com/content/dam/flagstar/components/need-help/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.64.146.116 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
16d8c6c10eca296a3addd2a2316aacd62946e9014e994f6c0a61c454c554f07f
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

clientname
flagstar
date
Mon, 02 Oct 2023 19:32:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=86400; includeSubDomains
cf-cache-status
HIT
age
396488
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1170762592"
content-length
2059
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Mon, 25 Sep 2023 19:33:06 GMT
server
cloudflare
etag
"2235-6063407128c10-gzip"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
80ff5fdf3bd22c1c-FRA
expires
Wed, 01 Nov 2023 19:32:59 GMT
need-help.js
www.flagstar.com/content/dam/flagstar/components/need-help/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.64.146.116 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98786cd3697252c29f2a583f7d17d7e7850c07261c5dfd7109c1a1fd64f6a9ec
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

clientname
flagstar
date
Mon, 02 Oct 2023 19:32:59 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=86400; includeSubDomains
cf-cache-status
HIT
age
396488
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="-1896065442"
content-length
3109
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Fri, 22 Sep 2023 20:03:57 GMT
server
cloudflare
etag
"2c28-605f81bd8bb55-gzip"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
80ff5fdf3bd72c1c-FRA
expires
Wed, 01 Nov 2023 19:32:59 GMT
cpm8xio.js
use.typekit.net/ 		17 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://use.typekit.net/cpm8xio.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.24.77.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-24-77-156.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
71fec1bd82c5066abdd38f689c7078411e9e73a479ff9d0681de0968c3363a7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Mon, 02 Oct 2023 19:33:00 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript;charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
6704
accordion.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/accordion.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
90a5e085de08b76787107ea46a188afc417537f1903e36ef89b6c63d5b0581e2
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
carousel.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/carousel.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
bc5427c8becdc12dbb8026919b68588038af5c479590819134593e007eadfa67
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
checkBoxList.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/checkBoxList.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
2ea7c05ebc9afbf695a66e0d86c1a4ec99c81bd71afd1c7c545165980b696557
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
common.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		13 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/common.css?v=2020.1
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
dc4688372f9f18ec8fd4265f947de23ae7df92e0f3214209c6a6686581125d7f
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:58 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
google-map.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		724 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/google-map.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
5c541e2e8634c45cd04c9cebc6f84b3c0a5bfe126b515cecc87ca428af1da52c
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
template.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		56 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/template.css?v=2019.4
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
da2ee22c8a2e3f8713bf425acb1673a4aba3ff8d3a22065f93822fe90b756049
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
module.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		191 KB
192 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css?v=2020.1
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
203cdd448bcad60326d48f1388f7d02d6c0fde930aa1550ebba325cb4ed49352
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
printer.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/printer.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
367da0b2f03e6a6035c24189543b0cab1980e2e62b38c8ad1efa69cd06097562
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
tileManager.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/tileManager.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
3a080f18685baaf2be511a9859d6bbeee808392ac034e12c9da7894aef487920
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
menu.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		12 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/menu.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
bfc59a75bccdb0ec1a57be01f8e7e6888b9fdfaccaf1f311bcf105bdbc5f4e2d
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
wizard.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		63 KB
64 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/wizard.css?v=2019.4
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
2bf6835a2691eabb4c9b42590869dc3e2f8c658fb9bd0aae277519e1699f03f3
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
tab.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/tab.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
5ef32ff73136070a4d457187063dcb443eaa6edc7c9408feffa1ae3f19a66996
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
progress-bar.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/progress-bar.css?v=2019.3
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
7671989da274ffd9497bd1dac6f07c7463f85a34efdbed6c8561220adce7b506
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
drawer.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		983 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/drawer.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
3e667460fefce5a2fe970fe89057f6c18e7b72e63067df7c3b4168b36d587a08
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
atmLocator.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		218 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/atmLocator.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
b7acb047f2d46898d4fe77b16ab0aeb7f66b0124d50bab9fa39ce26fa32bc3e9
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
range.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/range.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
900c3453f4434eeed8a825da471927e0e8483768f2f91ca75b300d127c460f9b
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
switch.css
flagstar.onlinebank.com/App_Themes/theme4-css/ 		4 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/App_Themes/theme4-css/switch.css
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
45b648ffbe4bda170b2cda93900228a1c57ea28583dcb6a0d2319ef5b6c868b7
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/screen.css?h=549CC0B71293AD1BE3E239CC865F6EAB
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:32:59 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:24 GMT
ETag
W/"03e416b6035d81:0"
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
Cache-Control
max-age=604800
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
aperture.js
cdn.perfdrive.com/aperture/ 		26 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.perfdrive.com/aperture/aperture.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
130.211.29.114 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
114.29.211.130.bc.googleusercontent.com
Software
nginx/1.24.0 /
Resource Hash
9fb91ff0e8c179aea40dbe6842b36fd201654f5647c21dcec41fd18be535d506

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 19:06:30 GMT
content-encoding
gzip
via
1.1 google
last-modified
Fri, 21 Jul 2023 07:03:07 GMT
server
nginx/1.24.0
age
1590
etag
W/"64ba2dab-6844"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=3600,public
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7938
enforce
onlinebank.report-uri.com/r/t/csp/ 		0
593 B 		Other
General
Check archive.org
Download Go to
Full URL
https://onlinebank.report-uri.com/r/t/csp/enforce
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.183.88 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

Referer
https://flagstar.onlinebank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 02 Oct 2023 19:33:00 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
80ff5fe85c52bbb5-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
truncated
/ 		0
0
content.aspx
flagstar.onlinebank.com/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?name=loader
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
c9c2484b74bd1885ba68e33680ded5ee482470df6937369a4699c3f5ca9dbba6
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 27 Aug 2018 07:07:34 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
public
Connection
keep-alive
Content-Length
2329
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
jsdata
cas.avalon.perfdrive.com/ 		316 B
470 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
28dc3e1a41a2df739e0be6a54f7dfc7448d3c6c8c4b99e1da12388e1d5a18fbe

Request headers

Referer
https://flagstar.onlinebank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
x-response-time
2ms
date
Mon, 02 Oct 2023 19:33:00 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
316
content-type
text/plain; charset=UTF-8
jsdata
cas.avalon.perfdrive.com/ 		211 B
277 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://cas.avalon.perfdrive.com/jsdata?
Requested by
Host: cdn.perfdrive.com
URL: https://cdn.perfdrive.com/aperture/aperture.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.241.15.240 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
240.15.241.35.bc.googleusercontent.com
Software
/
Resource Hash
ad2fa2b8a425dcd3425956800a4b78f9306f1487eb6ba5a758ff2b954e3cc200

Request headers

Referer
https://flagstar.onlinebank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
*
x-response-time
1ms
date
Mon, 02 Oct 2023 19:33:00 GMT
via
1.1 google
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
211
content-type
text/plain; charset=UTF-8
content.aspx
flagstar.onlinebank.com/ 		9 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?name=FlagstarLogo300px.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
2e562036b690beaf9b3edd4daf553da86a3fc67d12d5649e32d7395b75f97e38
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 06 Aug 2018 20:19:19 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Connection
keep-alive
Content-Length
9498
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
content.aspx
flagstar.onlinebank.com/ 		853 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?theme=Theme4&color1=white&image=svg/help-solid.svg
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
d65a44667683feb04ff9c1a60c5dd16a7451d3252ec2a8152efdc3ffee016e01
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Mon, 01 Jan 0001 05:00:00 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
public
Connection
keep-alive
Content-Length
853
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
fonts.gstatic.com/s/opensans/v13/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3VtXRa8TVwTICgirnJhmVJw.woff2
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/Theme4/stylesheets/opensans.css?h=00E29AC6B52ACB5DBA6CD365ACF1BA55
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
sffe /
Resource Hash
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://flagstar.onlinebank.com/
Origin
https://flagstar.onlinebank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Thu, 28 Sep 2023 06:37:26 GMT
x-content-type-options
nosniff
age
392135
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15572
x-xss-protection
0
last-modified
Mon, 27 Apr 2015 23:46:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Sep 2024 06:37:26 GMT
static_wdp.js
flagstar.onlinebank.com/iojs/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/iojs/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Transfer-Encoding
chunked
X-Frame-Options
SAMEORIGIN
Content-Type
text/html
Connection
keep-alive
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
wdp.js
mpsnare.iesnare.com/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/ 		42 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-71-178.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9d66f0afc79401d5c11b2baea9c114a76ac07161f364bebb23142b27ceeda4ed
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 02 Oct 2023 19:33:01 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Server
nginx
Accept-CH
Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=utf-8
p3p
CP="NON DSP COR CURa"
Cache-Control
no-cache, private
Connection
keep-alive
Expires
0
ajax-loader.gif
flagstar.onlinebank.com/App_Themes/Theme4/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/images/ajax-loader.gif
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css?v=2020.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
93c99b1a62bdef426c6029d8eeaa796af079bd0b67c7bd67fda444e8afb6f562
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css?v=2020.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:22 GMT
ETag
"011106a6035d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/gif
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4178
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
sprite-y.png
flagstar.onlinebank.com/App_Themes/Theme4/images/ 		7 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/images/sprite-y.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css?v=2020.1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
85c5b4224b245a27a2ed39a18a2b2be57bc4ee9a3e676a8cdbec9a3480732dff
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/theme4-css/module.css?v=2020.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:22 GMT
ETag
"011106a6035d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
7663
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
content.aspx
flagstar.onlinebank.com/ 		606 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/content.aspx?theme=theme4-css&skinimage=flagstar/icon-logout.svg&Color1=%23FFFFFF
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
dc62b6009c4b39570ce7e78ff114a134d8e56ba71b75deb0b971d736e3e9aaee
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/Content.aspx?name=FlagstarDefaultColor&t=02/25/2022%207:20:17%20PM
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:01 GMT
Last-Modified
Mon, 01 Jan 0001 05:00:00 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
public
Connection
keep-alive
Content-Length
606
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
js
www.googletagmanager.com/gtag/ 		182 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-34304025-1
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=jQuery1&h=5AFB684F420C244451FFE349F7557002
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.200 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
8b69e119b4c4a57a14d8f6e3a53b3c5e0a9a4880715cd462214a788e21a90876
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 19:33:01 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
67897
x-xss-protection
0
last-modified
Mon, 02 Oct 2023 18:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 02 Oct 2023 19:33:01 GMT
GlanceCobrowseLoader_5.0.0M.js
storage.glancecdn.net/cobrowse/js/
Redirect Chain
  • https://www.glancecdn.net/cobrowse/CobrowseJS.ashx?group=19916&site=production
  • https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.0.0M.js
12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.0.0M.js
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Server
65.9.66.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-120.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ac3ef8856b0cd2fcd04fa7547397075e975061d6ebb3d4b50be9a5c19b373d47

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Thu, 26 Jan 2023 09:36:40 GMT
x-amz-version-id
aXwkQ2JfFHPaHqWUyusXzCpaP_CxbLQ8
content-encoding
gzip
via
1.1 f58d1aa3b3b084adbea41c7523e2047e.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
21549382
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 26 May 2021 20:59:48 GMT
server
AmazonS3
etag
W/"3a337f5a5d8e7ca6db7ce8af1f16ba16"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=31556926
x-amz-cf-id
6UgYxjwyLoJiTxMK1xorpWGXgdaunuWzVRqIVigrwVQVI_q9lmrpiw==

Redirect headers

date
Mon, 02 Oct 2023 19:33:01 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
content-type
text/html; charset=utf-8
location
https://storage.glancecdn.net/cobrowse/js/GlanceCobrowseLoader_5.0.0M.js
access-control-allow-origin
*
cache-control
max-age=3600
content-length
189
deployment.js
c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/ 		41 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/deployment.js?_=1696275180633
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=jQuery1&h=5AFB684F420C244451FFE349F7557002
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.56.113 Fremont, United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl1-ncg1-c5-iad4.la2-c1cs-ia4.salesforceliveagent.com
Software
Jetty /
Resource Hash
f64ef4a15bcabc99c1b1d29eee628dade3617a51abdc311c8ca1a6516673d013

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Mon, 02 Oct 2023 19:33:02 GMT
Cache-Control
max-age=60, must-revalidate
Last-Modified
Fri, 15 Sep 2023 16:55:50 GMT
Server
Jetty
Accept-Ranges
bytes
Content-Length
42107
Content-Type
application/javascript
equal-housing.png
flagstar.onlinebank.com/App_Themes/Theme4/images/ 		387 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/App_Themes/Theme4/images/equal-housing.png
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/App_Themes/theme4-css/template.css?v=2019.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
50643218771ecacfbc4589c853574765f447e0c9ff848a58d540eafb8fb2afac
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/App_Themes/theme4-css/template.css?v=2019.4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:00 GMT
Last-Modified
Fri, 11 Mar 2022 15:55:22 GMT
ETag
"011106a6035d81:0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=604800
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
387
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
need-help.png
www.flagstar.com/content/dam/flagstar/components/need-help/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.png
Requested by
Host: www.flagstar.com
URL: https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.css
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.64.146.116 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb02a2263dbdf8acde8fbc6b18ccccf901e011b276b592aacfc810c7ceb8f7ec
Security Headers
Name Value
Strict-Transport-Security max-age=86400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.flagstar.com/content/dam/flagstar/components/need-help/need-help.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

clientname
flagstar
date
Mon, 02 Oct 2023 19:33:01 GMT
strict-transport-security
max-age=86400; includeSubDomains
x-content-type-options
nosniff
cf-cache-status
HIT
x-cnection
close
server-timing
dtSInfo;desc="0", dtRpid;desc="1152443693"
content-length
14074
x-xss-protection
1; mode=block
x-ua-compatible
IE=Edge
last-modified
Thu, 07 Sep 2023 20:09:43 GMT
server
cloudflare
etag
"36fa-604ca70d67095"
x-frame-options
DENY
vary
Accept-Encoding
content-type
image/png
cache-control
public, max-age=2592000
accept-ranges
bytes
cf-ray
80ff5fe9cfc72c1c-FRA
expires
Wed, 01 Nov 2023 19:33:01 GMT
MCMRequest.aspx
flagstar.onlinebank.com/ 		34 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://flagstar.onlinebank.com/MCMRequest.aspx
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/ScriptRegistrar.aspx?bundle=jQuery1&h=5AFB684F420C244451FFE349F7557002
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
ac84a1fc24f8507f8583351d4da90bdac4d56d2a3c086ba3c3551642715b8dad
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://flagstar.onlinebank.com/SignIn.aspx
X-Requested-With
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:01 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
application/json; charset=utf-8
Cache-Control
private
Connection
keep-alive
Content-Length
34
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
logo.js
mpsnare.iesnare.com/5.7.0/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/ 		505 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/5.7.0/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/logo.js
Requested by
Host: mpsnare.iesnare.com
URL: https://mpsnare.iesnare.com/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-71-178.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1688f32f0c9b3f7d208e5d4d33b1143be7c93bcb6dbed2a78a6c41237767a020
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Date
Mon, 02 Oct 2023 19:33:01 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Content-Encoding
gzip
Last-Modified
Tue, 06 May 2014 00:01:40 GMT
Server
nginx
Accept-CH
Sec-CH-UA-Full-Version, Sec-CH-UA-Arch, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA, Sec-CH-UA-Model, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Bitness, Sec-CH-UA-WoW64, ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Transfer-Encoding
chunked
Content-Type
text/javascript; charset=utf-8
p3p
CP="NON DSP COR CURa"
Cache-Control
private
Connection
keep-alive
Expires
Tue, 01 Oct 2024 19:33:01 GMT
time.mp3
mpsnare.iesnare.com/ 		504 B
881 B 		Media
General
Check archive.org
Download Go to
Full URL
https://mpsnare.iesnare.com/time.mp3?nocache=0.032162650549256266
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
54.228.71.178 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-228-71-178.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6570c735518d3b261611298f4d3bf3775d607b282b28b1695cb12a593b69b0f8
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains

Request headers

Referer
https://flagstar.onlinebank.com/
Accept-Encoding
identity;q=1, *;q=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Range
bytes=0-

Response headers

Pragma
public
Date
Mon, 02 Oct 2023 19:33:01 GMT
Strict-Transport-Security
max-age=15552000; includeSubDomains
Server
nginx
Content-Type
audio/mpeg
Content-Range
bytes 0-503/504
Content-Disposition
inline; filename=time.mp3
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
504
Expires
Thu, 01 Jan 1970 00:00:00 GMT
enforce
onlinebank.report-uri.com/r/t/csp/ 		0
259 B 		Other
General
Check archive.org
Download Go to
Full URL
https://onlinebank.report-uri.com/r/t/csp/enforce
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.183.88 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63113904; includeSubDomains; preload

Request headers

Referer
https://flagstar.onlinebank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Mon, 02 Oct 2023 19:33:01 GMT
strict-transport-security
max-age=63113904; includeSubDomains; preload
nel
{"report_to":"default","max_age":3600,"include_subdomains":true,"failure_fraction":0.00001}
server
cloudflare
vary
Accept-Encoding
report-to
{"group":"default","max_age":3600,"endpoints":[{"url":"https://scotthelme.report-uri.com/a/d/g"}],"include_subdomains":true}
content-type
text/plain;charset=UTF-8
access-control-allow-origin
*
cross-origin-resource-policy
cross-origin
cf-ray
80ff5febe947bbb5-FRA
alt-svc
h3=":443"; ma=86400
content-length
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-34304025-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 02 Oct 2023 17:49:43 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
6198
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Mon, 02 Oct 2023 19:49:43 GMT
collect
www.google-analytics.com/j/ 		2 B
212 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=751266608&t=pageview&_s=1&dl=https%3A%2F%2Fflagstar.onlinebank.com%2FSignIn.aspx&ul=en-us&de=UTF-8&dt=Sign%20In%20-%20Flagstar%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAACAAI~&jid=1514838603&gjid=1454031936&cid=1805704450.1696275182&tid=UA-34304025-1&_gid=1597043088.1696275182&_r=1&gtm=457e39r0&jsscut=1&z=1636006780
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.46 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f14.1e100.net
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://flagstar.onlinebank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 02 Oct 2023 19:33:01 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://flagstar.onlinebank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		2 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-34304025-1&cid=1805704450.1696275182&jid=1514838603&gjid=1454031936&_gid=1597043088.1696275182&_u=YEBAAUAAAAAAACAAI~&z=112500501
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
74.125.133.157 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wo-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://flagstar.onlinebank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Mon, 02 Oct 2023 19:33:02 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://flagstar.onlinebank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-34304025-1&cid=1805704450.1696275182&jid=1514838603&_u=YEBAAUAAAAAAACAAI~&z=1257602869
Requested by
Host: flagstar.onlinebank.com
URL: https://flagstar.onlinebank.com/SignIn.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.68 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 02 Oct 2023 19:33:02 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
Content.aspx
flagstar.onlinebank.com/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://flagstar.onlinebank.com/Content.aspx?name=eye_open_bRe_2.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
66.6.25.4 , United States, ASN25773 (RADWARE-CLOUD-SERVICES, US),
Reverse DNS
Software
/
Resource Hash
163ec7b6b44ddb03fc49d929366f6ec2b93dcf6750b3ed7d601b302c1d056acf
Security Headers
Name Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/SignIn.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
X-Content-Type-Options
nosniff
Date
Mon, 02 Oct 2023 19:33:02 GMT
Last-Modified
Thu, 19 Nov 2020 02:59:53 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
Cache-Control
public
Connection
keep-alive
Content-Length
2462
X-XSS-Protection
1; report=https://architect.report-uri.com/r/d/xss/enforce
MultiNoun.jsonp
d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/ 		226 B
592 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=5721M000000XZBZ&org_id=00DG0000000Bvr7&version=44
Requested by
Host: c.la2-c2cs-iad.salesforceliveagent.com
URL: https://c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/deployment.js?_=1696275180633
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.56.112 Fremont, United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl1-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com
Software
/
Resource Hash
6b015cde5244962d69625d4d88aead28b7131a0734e6616f753727ecd3f76441
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1
Settings.jsonp
d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/ 		400 B
692 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?sid=cbb24fe8-ab8b-40c5-ae93-df8785cf6bf9&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=5721M000000XZBZ&org_id=00DG0000000Bvr7&version=44
Requested by
Host: c.la2-c2cs-iad.salesforceliveagent.com
URL: https://c.la2-c2cs-iad.salesforceliveagent.com/content/g/js/44.0/deployment.js?_=1696275180633
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.110.252.28 Arlington, United States, ASN14340 (SALESFORCE, US),
Reverse DNS
dcl1-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com
Software
/
Resource Hash
48c8b1c944011e6ce0059c9bdd4d715d7127fc28ac45a0503fa2122e8ec0376a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://flagstar.onlinebank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

Pragma
no-cache
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
Connection
close
Expires
-1

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated
Domain
truncated
URL
data:truncated

Verdicts & Comments Add Verdict or Comment

233 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture string| __uzdbm_1 string| __uzdbm_2 string| __uzdbm_3 string| __uzdbm_4 object| SSJSConnectorObj object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY function| $ function| jQuery object| ko object| orccMcmManager function| MessageDialog_init function| IDS_Namespace function| DataGridKnockoutViewModel object| MessageBus object| PortalUtils function| IDS_DisableControl function| IDS_ConfirmButton function| IDS_PassValidation function| IDS_DisplaySplash function| IDS_ChangeFormTarget function| IDS_ButtonShouldSubmit function| IDS_LinkButtonClick function| IDS_ButtonClick function| IDS_DisableAllDisableWhenClickedButtons object| IDS object| ssTimeLogs object| BrowserStyle string| j function| ssJSActionTaker function| ssJSConnWriteCookies function| DP_jQuery_1696275180730 object| orccLogManager object| BusyIndicator function| customContinue function| ModalTooltip function| idStringEndsWith function| getLargestOptionLength function| UpgradeSelectBox function| FindDisabledSelectOptions function| GetModalContent function| ApplyModuleResizeModes function| ApplyModuleResizeMode object| jQuery112407562812375172769 object| PersonalizationDataManager object| PersonalizationDOMManager function| setupModuleToolbar string| Page_ValidationVer boolean| Page_IsValid boolean| Page_BlockSubmit object| Page_InvalidControlToBeFocused object| Page_TextTypes function| ValidatorUpdateDisplay function| ValidatorUpdateIsValid function| AllValidatorsValid function| ValidatorHookupControlID function| ValidatorHookupControl function| ValidatorHookupEvent function| ValidatorGetValue function| ValidatorGetValueRecursive function| Page_ClientValidate function| ValidatorCommonOnSubmit function| ValidatorEnable function| ValidatorOnChange function| ValidatedTextBoxOnKeyPress function| ValidatedControlOnBlur function| ValidatorValidate function| ValidatorSetFocus function| IsInVisibleContainer function| IsValidationGroupMatch function| ValidatorOnLoad function| ValidatorConvert function| ValidatorCompare function| CompareValidatorEvaluateIsValid function| CustomValidatorEvaluateIsValid function| RegularExpressionValidatorEvaluateIsValid function| ValidatorTrim function| RequiredFieldValidatorEvaluateIsValid function| RangeValidatorEvaluateIsValid function| ValidationSummaryOnSubmit function| activeXDetect function| stripIllegalChars function| stripFullPath object| BrowserDetect function| Hashtable function| IE_FingerPrint function| Mozilla_FingerPrint function| Opera_FingerPrint function| detectFields string| SEP string| PAIR string| DEV function| FingerPrint function| urlEncode function| encode_deviceprint function| decode_deviceprint function| post_deviceprint function| post_fingerprints function| add_deviceprint function| form_add_data function| form_add_deviceprint function| asyncpost_deviceprint object| MessageDialog function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events function| registerContainers function| WebForm_FindFirstFocusableChild function| WebForm_AutoFocus function| WebForm_CanFocus function| WebForm_IsFocusableTag function| WebForm_IsInVisibleContainer function| WebForm_OnSubmit object| antiClickjack object| setModuleToolbarObject object| plugin string| t string| io_global_object_name object| IGLOO boolean| gCurrentUserHasRoleAccountHolder boolean| gCurrentUserHasRoleNativeApp boolean| gCurrentUserHasRoleNonBankingUser boolean| gCurrentUserHasRoleDCBSegment string| gArchAppUrl string| gCurrentUserEAgreementNumber string| gCurrentUserDnaPersonNumber string| gCurrentUserDnaUserFieldFDBR boolean| usedcb string| pref function| OpenCheckOrder function| OpenCreditCardLink function| OpenLoanAppLink object| PortalUtilValues object| Page_ValidationSummaries object| IDS_DisableWhenClicked object| Page_Validators object| M_layout_content_PCDZ_MMCA7G7_ctl00_validationSummary object| M_layout_content_PCDZ_MMCA7G7_ctl00_webInputForm_txtLoginName_RFV object| M_layout_content_PCDZ_MMCA7G7_ctl00_webInputForm_txtPassword_RFV boolean| Page_ValidationActive function| ValidatorOnSubmit object| __TsmHiddenField string| portalUserName string| googleClientID function| gtag object| dataLayer function| initChatContent function| needHelpInit function| handleBtnKeyPress function| toggleNeedHelpClass boolean| screenCheck object| template string| templateHtml string| resultsHtml string| livePersonChatLibJs string| livePersonChatUrl string| livePersonChatParam1 string| livePersonChatParam2 string| livePersonChatOnlineImage object| _laq object| script object| Typekit object| theme4Model undefined| userActionConfig function| setBusyIndicator function| AppLoadCheck function| isIos7 function| getFastBalancesOffset function| saveModuleUserAction function| triggerMouseEvent number| offset object| $ele object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| GLANCE object| gaplugins object| gaGlobal object| gaData boolean| liveAgentDeployment object| liveagent

24 Cookies

Domain/Path Name / Value
flagstar.onlinebank.com/ Name: __uzma
Value: 13b166d9-6416-4cf2-814c-1e9861285d56
flagstar.onlinebank.com/ Name: __uzmb
Value: 1696275178
flagstar.onlinebank.com/ Name: __uzme
Value: 6333
flagstar.onlinebank.com/ Name: ASP.NET_SessionId
Value: dk5b352q1qwywiz5xiom0tqf
flagstar.onlinebank.com/ Name: TSFVars
Value: TSFa-jwppaobwp102^TSFb-Sign In^TSFc-0^TSFd-2272^TSFe-Flagstar Bank^
.flagstar.com/ Name: _cfuvid
Value: GgbMiRRSYkY5QGD.bs8jooErrRcsUrhQ_DRsr0Z9DuI-1696275179415-0-604800000
.flagstar.com/ Name: __cf_bm
Value: w2fA6H58F0UFelG5lEncHjl2yP.95g8YMtSK1d58pDU-1696275179-0-Adq1UX7PrXgGkHkAjKslqF0CjLkueSCZZ2eXWNJybqjMgkKN5oO/T+OhCjjw2bdCtXn+/tgLGtN5mV/GRWIpg9s=
.onlinebank.com/ Name: __ssds
Value: 2
.onlinebank.com/ Name: __ssuzjsr2
Value: a9be0cd8e
.onlinebank.com/ Name: __uzmaj2
Value: 1be8ce74-292b-40ee-bbe2-4c5f9ba8dd70
.onlinebank.com/ Name: __uzmbj2
Value: 1696275180
.onlinebank.com/ Name: __uzmcj2
Value: 874501026942
.onlinebank.com/ Name: __uzmdj2
Value: 1696275180
mpsnare.iesnare.com/ Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef
Value: kxicOhMi0Ul/U61GHJpUTlo/zk9ZJ4yMTQBb4SVMhkM=
.onlinebank.com/ Name: _ga
Value: GA1.2.1805704450.1696275182
.onlinebank.com/ Name: _gid
Value: GA1.2.1597043088.1696275182
.onlinebank.com/ Name: _gat_gtag_UA_34304025_1
Value: 1
flagstar.onlinebank.com/ Name: liveagent_oref
Value:
flagstar.onlinebank.com/ Name: __uzmc
Value: 941052586635
flagstar.onlinebank.com/ Name: __uzmd
Value: 1696275182
flagstar.onlinebank.com/ Name: __uzmf
Value: 7f60007312d170-7759-4b26-a498-d0a5b19a6f2116962751782404588-345e09ec6a57bd9b25
flagstar.onlinebank.com/ Name: liveagent_sid
Value: cbb24fe8-ab8b-40c5-ae93-df8785cf6bf9
flagstar.onlinebank.com/ Name: liveagent_vc
Value: 2
flagstar.onlinebank.com/ Name: liveagent_ptid
Value: cbb24fe8-ab8b-40c5-ae93-df8785cf6bf9

11 Console Messages

Source Level URL
Text
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AAGGUAA0AAAAAsggAAGFDAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADYHiIRo2G9Y0HIIeBmAAiDwRCAE2AiQDhlQEBgWVfgcgGx6xBezYNG4H2RJLwZKjkVEj9qgLjkJysoQs+z/huCFDZAfdrGr1AYkKNjHsLKNQjg4mCp7Rq2PpOHGMGmKCiH4ofvV9Jx6sJMbpWNld2PNZqFBVBQvpTDTT2DnwknzTU7HzyJ2kqUTVg9+92/Fl+Ymai/kvcgUJiY2ahV4OOgPbRv4kJ+8P/LV6HwOohjVxAn21ZtcGeAJXyGvwqvXF8/+/3/Oba537vjrqnWTaxDURmmdC1lAZRBIpUcW3//y9u6Bv7XPfn6CNRVKAEUQyAWPL/3+c2v9QbI311n3vQz5hATkpBriUdIqBJnGgBAFLuvtKcogbwALSEPDxrNM5tWmn8aaEP0mBVgCYKsP57RjOoq.../0NaFycyXBIGKBoIPce5d4ujBn+8felRapTyzq1gny2MH1YOvlwz8U8F/R86tL35RWh8u93d1PgvfOhgKHq46TD8/cQZffVN5q2mCji29yIoaLeDWJvri2+70nJQQKRtsf0asJDVm6RcaRElksTsUHKNEgkHgXFjaxdcU0koVMYVLMMSl2+K7JU6bpNrCF5LEKin5FUQITEde18fLhp0lXRjqsoRihJc3iRGSN8kZyRR4Br6wxJoTWMh+9DQ7PSC2efDSDjAQoE3OODAGqJmEBdIg5MBExnU6gMdvLYyqN7cGVBZNcccfciGkLIELe+4zU50PszSpfo/BKE3onWfZZDXp7RxsD4CZjPaElCQ0sMondXZg/sU22HKJjIopCjbxguC5S6fBG6SvoopntyHY8miHEW6RxeYxSx9MAlaOkKuYhJXO5iSbzJDUhJ+3VghlFVoZh0mZCtZvesDDhTuSqbazt3JyYTAFQ3+QSS80aRW94u/9xkgf5D392Pw4=' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AABr8AAsAAAAAKnQAABqvAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADbM0Gh4GYACGJhEIATYCJAOBUAQGBZV+ByAbrSkF3Bi6QXfgjLuiCif7/5JAxxAL2xNUvxZnmoValLAn52ZvyyEz+5IVMhSL5E8+8z0128bwtk9PoVI+v4mVCXZqp75LQ6UFiYVKhdDwzm14eH/jrMkaIcnsT7jpvwAJqV31qpNQm1OxLzNVoHU6caSHjU5U6dSsu/Cv+/OxmvV1gpD67NNI5VkG6N+A1WWChIh4AZlpSDMXUg8xelZeBNmdRxBcDhhq4rcAqAvF8/CHv3Pve381bU7EsAALNCrFRCdxKkyX9GwDGvgSFMqi0TiNfFYg/TvH1gxxEhJ1WqLleUQOeLtDNO4vnb1VMls0TukLVx8QTHwGWRbiCshwtmS9AHNVpKv/jEDA0308TytcpJkUhGrznp...gxiMFIRt7yIfTGYYctJXamX/0JJA1hZ8O8MN9Y3l+OFJmSpUlV6k4wzDXqS6gj+VbLKZR0dCvqGXY5WXrkUKDTUThEJo4LeIHyadEeTLLapA2BBhu52kHexEBBp/ICKJAF7Z0T9JFCY0hyKCtB9dNICuYjpckmJqsbz9hdn5Y8RZpCWGVBs+qcbB85E1iHOKedV8h+4mZGAY4sWSklHccTkbW63yquwKOzyKxhnDT0gRRVnGlbUUsnrwHKWBTNVH6eaSBA2UrKIwuQCjPrEN2w41kEa1h5HfwLm7tLbnLDHaBxqxUgQl79CNRbsHEDsxgXV0K1JPQk2X2JYtBjiIoFEJAjowtsksCCJZD4nQA1DJbQ5hCdYC4B6uQlwzlRQne9a3mRLlpzOnIczzkiJNpI7s1DWhwjAQpHQVSAASW6TEUrMya1CHEXsdiRHCvLMalsg9h5/YqFc3QGgQKcZ/NknTg3oQJ5c2FilCzX6Lme/vFxUl+HFqPJNzIAAAA=' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AAGUsAA0AAAAAuNAAAGTaAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADYHnIBo2G95qHIIwBmAAiDwRCAE2AiQDhlwEBgWVewcgG+q3NbIpFhb1120I8Eoza7rdMorAeUhTcOePjEI6sUnlk/3/35OTMQr0H5iruiwIMoJajYYRI5SjnVNHuHPdxam7CynxjzVnPYIh/YL9rr0WOZcor1FQ2CzKQMcz6C+6YPaMByJNaeabuGY3PYheocWfDKFyNVSoSlFREuzCKSRDjc+pLhgaHO6FIyg55KWuoh5ofk2sGJ1EEJIVsuIsKkpCqwR55qVzm97Ro3kNt4fSy7cMDXP8j/23Z2DbyJ/k5PX/+5/6NeSk1mSt/PnX6u4hgibKNOUBBtCA0r23qs4+p+qCgCxZZhko4IQfQwOy3iz9PV72frJJs2AXcLVSeVbbk7AHCcXcFAIYZ7flSrrKD2...p7kMrJSLjBFSKMcrPaFJY9p/tjx7kGaCINumIOHjva3yw9cfSPVpjzkKmLH8QH0/5oOPyiFybDsEW2xoxC9LJyYftB+b3Es6wwhiYloqiIFgibeRrYdMdByYByRZ0mE2mUFdTImAxipGZ1yj6SAg1a4m/IRQ7sVDCNxEo6M7mjCWOXPzR5SjSzHXQQPVZR1jMKEuiAWG/lFaLfzi6MgvYWsuZK0lOcgKxWXguuyCNihTXGpNCBODR1rcMBqSWTNzNQHJ10JzdHAlEJHpWjlpo0iA6IdnyAxmwvj6nY3IOrcCq5zx1zDcvmQIB8x5Ok3oFir1zYSXLvaUIfJCs+qUHvb3Q2AC4y2pC0JEkDy0yiUxb6T2ydLIfomIiiUCUvGdYjlC4flL6SLpo5GdnEQ3kHUC2SXh6t1PE0QOUoqop5SElvFyseJNVtju3VgicKrDTFpPMd1e71eoUJMyRTdWOgz+bEZGoB9U0hsdQsLXrq5cHH6Ue71odUGe8BAA==' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AABsUAAsAAAAAKnQAABrHAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADbM4Gh4GYACGJhEIATYCJAOBUAQGBZV7ByAbrimzA7HbASqFfy8h+z8dcENE0AXt3q9GlIigOBZmfOfsat6fzq4PHgrOvYqnkwKjRec2Tv/FoQi2QhnFIFH0RzMam+J7ZCIYxz4cx/CkwKjpjJBk9iec819KAiVpDz38jyLmxXRlJgrM8Ctz9c7t0l3/ID4a4zdv7+67YNYzJeCN2EgBD118z5nqJNNyk3tb3beUOlIfvh2Cwx8kx//f6yyrnfkzW29rHyEtoSyCry8koyS/EHGZLimbu4vS/gX5ES2cluhsAXLU5mEsLKGPS02pbqqe064k+0pPbzw+b02rXdbQMdee0777nocIG3iS2CGbq6QvqcoEZaZAJ45DDcTD6H6vA6Ar7vHzd8WiDc3/26+fYG9wrz...efWIFGjT8qyZyYeeYKKqkStOwVtntt3ww3/AEKprwRK3l/YraeLuZG3/TcYEnVNGA2ZuTCa1gBzyejj+jvKmHZtUGIoQKaknG5iqlCNhi1HlBf/RpDJmoUQSpxOa6UZ8qUEyXLKUmWHokAcHG8lJOCxUgq0sQkGjiz2AM+DXkKNCPKGuYlqyil6CGnA+0QlzfxcuFPzchI1W9GWghJw8mEZLVOaskVeMR5ZA2ThKYPJrGpS8w41MLJS4DQlg6yU+kFAhRNpFwNquZCoB2i6bPMAFjCymlvr1g5UDCde7gD1Gey6SBE3vCgqHeBSduOPFciKSWhT5KDqiAGfQTobgCkyFGmCkySlAEjEGkqAP1jMEKTA3RYELVCibzDcHmk0ANuWl6ki8YcjuzHM4YIgSaSdf1oLY6QAIUjLyrAgJI+zwQjkzrVNcSsxGJDcqw0w6R7BsTO9tcrmuiQOApwXtaRcWoxm5i8WdAxSpZl9CzP/vQ4vbWX90XERw0AAAA=' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AAGLoAA0AAAAAs5AAAGKVAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADYHiABo2G9lgHIIeBmAAiDwRCAE2AiQDhlQEBgWVfgcgG6myFdPNnSAobzDGu1LtN8GMQjq1SXWY/f/1OIHDFbU2h3PZVDaRZewkIbJcszvB3tpLWdkLPwgRu8fMJaITzH3oYfvCazB0d12Yp6FrJoEeJYHBy2f0EtfIKFBtJxVIEtLdXbPE5+TIx+IlKulc0/vFr+zjksjfVGp8ShbtM7Bt5E9y8hpAa2v2urnmCriijog8QLTBLMoEK9eowCr0rUKbr8bOIwz4//+1Pve57z6oqsaZCaFqF2BWCI5IR5JMlo/7KmBMnAfsQ0StkT2z9xhA1IkwKEwUoEISGm2EBypPysZYtsd3mSVb/ipPgRCStUbeXHLIUECYpyr9ed2qPf9Fk3auKq8ovWi8tKIxDeTDiB...8gNTz7zVClng8qXiU9NpF4VYUzar8r7X86DVHa9H/I4H0TlrdYSRfHi9F0ouILYWTS2IKtDSh54eVSiA8nlt9L7ETFH16dRJCyWI5zW3aEG9l0lEwgY6L/cCRns4AkXlmmQkS0mF1kKwsuND7BLqozWeRjwTjBM2mZCE8cZ+nqD4VeJJw0Qw+RkfJntROeA80X7GilRfk1f7EQ4u0nZI1JKa79AtFq0mqcKtLw0UIafSrTnBd731r8jthio9cnIDsi8SRbKzQCXhgtCidabC6NaL6gOa6gMJmlyTI6O7C1jHAeRR1TdaqlEFh405PATon5goUeKzMzTBLxgbLWJTHE+4XoFIBBmTRCaJKS1qbLigBof2yjoQAh+khkRaviIcGOcKGrnqW8Kl5Uc+zC+nLiukBsjSTOjybFYRIIzzaKimmISXsIosoYp1qbYnZiwbXwpDRSUnQLip30hoURiwWVbaO9N+oULIyA8sbPsSpZosUTDmcfJXbmPEG9BwAA' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AABrcAAsAAAAAKnQAABqQAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADbMyGh4GYACGJhEIATYCJAOBUAQGBZV+ByAbqymzEba7VdGuGBFM9n9I4ESG0PrAdF/AiJgQwVpFJ2kseimL8nHo0dleMSEGnJ/47HUYMPwqt0PbetU88n+K9clQQ/U0mxGSzP48butP2NgNnPmtwstovYgwEmHbG6B4oRfRepnxx30Dqhq2nrm9z/eEENwLhUIZhMnGYQzCQPmoKI8xFMJ+Cj/p9lXt7hQNV7Jmin4DT7CYT0TRyDtTq7vEv89XU+tkp97LOVdrEU779jiAlEFKYkg0tri7qn5BN4tbQJYlS5YpQIO0wKSDd3BudRENqROiD7P0H1cf29TMNGr676T1KX0rfcQgDG7ihLDD3QdA+P//a9/qvF3cqt1zNhQkDolE8kiJs/f+O3bPQ3wYxGVk5S...1Q4tW+lU+BGoIij6aadfRFAkOH3kNHz7Nb0ZnvwED0jlGUO3kUH54dHB+ZfCOMUtiJBoi1ohTBa9idHt8kH5lHLHQYhSSiYRFulcXeeNCOZ0zOEmSxDScfTBXQCgp3rVAYLRqPBRWxYGoQM+ILWJUGFS4m1pAWImeaFPScT49eEk5H1aTYJRWLVyTaQEfAwy20IvhTMxMKhlaJNlzKZrIQWu1UbakijbjKpHFSwdKPszQNHW0xtnz0rgZbS5KdunadBAR+Zuba1xWxsYvoCGjytvKo7ep1dWzvVTfPaJt71FE37bQOhIDPPCH2CTDp5rlq0AxcTuQT5bw+sSEfIzI6gCA6qU2hS4bowKwp+taB/EMoIZdDcFyQrBIW9EzwcCzT/kvE/BJecuZ84DScsQHIdJHq20c7dpgDYk6YVdRDTPI4k5zMs6kedMyeLbWRSEprSBm3kO2afsWiBWKsQJDyoW6dU5vZovmtho2Js2qDV3v2r0eJvw5dLNyeAAAA' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AAGWUAA0AAAAAuKAAAGVAAAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADYHmaBo2G950HIIwBmAAiDwRCAE2AiQDhlwEBgWVewcgG7y3FdNtniC3g2Fl/8rcRiE5pTGX/X/CcWOIkAe11dv2B6SRndWNrlZyOt3FVfK8jEQZCztXIQX19xyYHfFApJAid2B+4Nx4npe6NFQZJoneSTMv10WzcQdv84KFTVqCWSV4166tRnfXyDbmHth8yNHfHojN25QkVpLNpol5Vkfe8T/+hn9xz6EXgXELHzWnXh+guf27293ylji2ZmPkyBijW8QsjIzZGBhVWIH9BW20sfIXJTWe738/fvvMfd8RlwZVNNFIoskkRBreCN1CZ5HKTwEZ+A+XtJdJNpmU3X539CKRHBqHRCF8ERKPkP5D/HOI3v2sCZQXsljEx7RlFME8D+hqgRqgrn2Tc8mc9in0XM...L6eSeF/ad3itlDEZg3mQqosYPbM9cRJwdSQ+93yCoreuPuoN9/oReJFk0b0qOM4uQuvEsZrTF8TGusVTmQU8TGYAwV0XSpxZrpLvY4aBlQruDekAka4qVnF7nSg7OidoZNUUlm6TGxD7moI7FMWI3JmjgyKY2eLXbNkyHPIk35hj0EjVUQzS7mJeAecetmXh2Td0iM9MYY0laVZDd2BmS53s0lV+QR4Ik12qjQumz3vqlwhNQykzd6oDg86s6q3UggmHwTlWMNNTVAuEc0hy4Y9Nb8RB0WX0MVFkxyH3f0NYasDAbIezwq6uXEttnESyWaqZqwJ5LhOqrBHvexNgDQKbKCqZBkKoBVT8Y2ZfB/sXkMOUTHiigKz+ohw60jlQ7ttL6ULgZzZmQjHrtByBwiucvDtTqaBsyLjaqiH1LiaycGmSYpb3zMtVpwwzwrzjBZ20G1W/zqCivUK66vNrbqbXBiZdYA6pu9xFSzXNFzds98nN5hp76FlN8zAAAA' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load the font 'data:application/x-font-woff2;base64,d09GMk9UVE8AABtAAAsAAAAAKpAAABr0AAEAxQAAAAAAAAAAAAAAAAAAAAAAAAAADbNUGh4GYACGJhEIATYCJAOBUAQGBZV7ByAbyimzEbbbAYSS0puQ/d+KG2NggFl9ITlJKbhDoZ1wSFswycLEpY5mN9TlpbBUtA1DgjuQkCS2kSSwFgdvcKcLFSn3V/6qdMz7IjncGP5e6M5rmL3iQqQlrWRh6hGSzA7ipilQhrXT7GJczLnLzJxBS8Avop7yTHj+a4zfuW93vxsm06kkYqMUhlJUskZCI3RCNN3BObUVpkLIuQszd+B0QIABiR2NJ9QHBQdJFiWphF2zmVXNvlnM2nj3ashycAKM5cLMF3X/P68znZz8tF1vtQPMl0Mwy7Ikg5htGeRXYN4Il4HWDmPwJ/MrIgLAJ2vad0pGi7dc4yU8fgQYCtgBdoOkJ2gwt+02YQAHMj/5uISQrUpt+Md/hg...qxUK0bO5345k3miJWJa4Zmv8LuuDodmVn6PzAw8jqQkm2OtQetbifSM72OXmGtcdd2g1FHuD2tYBZ7Cw/RbTCZakflORFUQNP83K2ILvhSGyEDytW5lmRS0iJIJ+ZS1I5RZpxC2kVOih6xOeAiKpSTgu2IGzKBydL6BnbXR0mePE3fspo5xapzkFNkJTAWcU4Tr47wZu3ISOs1C4YpSdfLyZA1Im04V+DRiUbWsEwKrXmvWOsSKkgtmXwAkGIZrzuV00CAoo24GrRmRcBYRNvlHYlgBXOF81as7M6I5AF3hIZtNhuSQV56j9Sbw7JVR5ojSytN6JFk98qrQQ9ztLEAQnKUmQKbJLRgBCJNDZC2GCygzQE6bImiUCIvGM4JV7rrWuiLdNGak5GjeNY1QqyN5F0eEuoEGqBy5FQFGFCixVq0skBSoyF2pRa7JsvKEEza5FDt/HZX1JSQKApwns0b68StSSdB3zxIjJrlGT3P658/To9s/2MNvxoAAA==' because it violates the following Content Security Policy directive: "font-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.
network error URL: https://flagstar.onlinebank.com/iojs/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to execute script from 'https://flagstar.onlinebank.com/iojs/general5/azRxT4-7XyHOYmkJGPhq0-6XHdnuZbWpf3OdFqwKqRU/static_wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=true&fp_dyn=true&flash=false' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://flagstar.onlinebank.com/SignIn.aspx
Message:
Refused to load media from 'data:audio/mpeg;base64,/+NIZAAAAAAAAAAAAAAAAAAAAAAAWGluZwAAAA8AAAAAAAACQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQECAgICAgICAgICAgICAgICAgICAgICAgICAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwP////////////////////////////////8AAAAKTEFNRTMuOThyBCgAAAAAAAAAABQIJAbALQABmgAAAkDGbPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+MYZAAAAAGkAAAAAAAAA0gAAAAATEFNRTMuOTguMlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV/+MYZDMAAAGkAAAAAAAAA0gAAAAAVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV/+MYZGYAAAGkAAAAAAAAA0gAAAAAVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV' because it violates the following Content Security Policy directive: "media-src * 'self'". Note that '*' matches only URLs with network schemes ('http', 'https', 'ws', 'wss'), or URLs whose scheme matches `self`'s scheme. The scheme 'data:' must be added explicitly.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * 'self' 'unsafe-inline' 'unsafe-eval' blob: ; script-src * 'self' data: 'unsafe-inline' 'unsafe-eval' blob: ; style-src * 'self' data: 'unsafe-inline' blob: ; img-src * 'self' blob: data: ; child-src * 'self' blob: ; connect-src * 'self' blob: ; media-src * 'self' ; font-src * 'self' ; object-src * 'self' blob: ; frame-src * fingerprintauth orcc-mobile: notifipushnotificationregistration ; worker-src * 'self' blob: ; frame-ancestors * 'self' ; form-action * 'self' orcc-mobile: ; upgrade-insecure-requests; report-uri https://onlinebank.report-uri.com/r/t/csp/enforce;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; report=https://architect.report-uri.com/r/d/xss/enforce

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

c.la2-c2cs-iad.salesforceliveagent.com
cas.avalon.perfdrive.com
cdn.perfdrive.com
d.la2-c2-iad.salesforceliveagent.com
d.la5-c1-ia5.salesforceliveagent.com
flagstar.onlinebank.com
fonts.gstatic.com
mpsnare.iesnare.com
onlinebank.report-uri.com
stats.g.doubleclick.net
storage.glancecdn.net
truncated
use.typekit.net
www.flagstar.com
www.glancecdn.net
www.google-analytics.com
www.google.com
www.googletagmanager.com
truncated
104.17.183.88
13.110.252.28
13.110.56.112
13.110.56.113
130.211.29.114
142.250.184.200
142.250.185.131
142.250.186.46
142.250.186.68
172.64.146.116
184.24.77.156
34.235.233.25
35.241.15.240
54.228.71.178
65.9.66.120
66.6.25.4
74.125.133.157
06435d00e2ab8b3ecd33fc4d19844c8192b2d924576b28bdee45595677174cda
0d599fedc4092e32effd6d7f8bc4228fc92585203ae898b3c933a968179d33f9
0da5cf16d1a549dc5e4acffcd3f86700a298d6c6702a3b4fe89c5bab314f6c84
10fee76ac026a21ed3b9b942c737328783bff894cc3f08b875691d8bf59b46ad
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
163ec7b6b44ddb03fc49d929366f6ec2b93dcf6750b3ed7d601b302c1d056acf
1688f32f0c9b3f7d208e5d4d33b1143be7c93bcb6dbed2a78a6c41237767a020
16d8c6c10eca296a3addd2a2316aacd62946e9014e994f6c0a61c454c554f07f
203cdd448bcad60326d48f1388f7d02d6c0fde930aa1550ebba325cb4ed49352
283c84201f419afd4b749093bea98993b525892798cb48b34647a74b7a8bcd1b
28dc3e1a41a2df739e0be6a54f7dfc7448d3c6c8c4b99e1da12388e1d5a18fbe
2909ef308e07542a70540ae09317f0fe01673a35790330b2cb19581c04777219
29174c3dc55eea46741571209fce99910e494e7a2a5fdfd325a8d20087ef89ed
2bf6835a2691eabb4c9b42590869dc3e2f8c658fb9bd0aae277519e1699f03f3
2e562036b690beaf9b3edd4daf553da86a3fc67d12d5649e32d7395b75f97e38
2ea7c05ebc9afbf695a66e0d86c1a4ec99c81bd71afd1c7c545165980b696557
367da0b2f03e6a6035c24189543b0cab1980e2e62b38c8ad1efa69cd06097562
3a080f18685baaf2be511a9859d6bbeee808392ac034e12c9da7894aef487920
3e667460fefce5a2fe970fe89057f6c18e7b72e63067df7c3b4168b36d587a08
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4181ba8af6f8e421d85560793c7dda28d3ec22b6e5f35eb1d21dfde6bf6f6eed
45b648ffbe4bda170b2cda93900228a1c57ea28583dcb6a0d2319ef5b6c868b7
48c8b1c944011e6ce0059c9bdd4d715d7127fc28ac45a0503fa2122e8ec0376a
50643218771ecacfbc4589c853574765f447e0c9ff848a58d540eafb8fb2afac
5873e7c2d35cb06973ba528c147fdffbf2f19d0a2c41312c59172d4d823514b3
59f20a4e588490e42376190a6dbed7b8d2429ccfb4c6f2829bdd24dc8c4d9cb6
5c541e2e8634c45cd04c9cebc6f84b3c0a5bfe126b515cecc87ca428af1da52c
5ef32ff73136070a4d457187063dcb443eaa6edc7c9408feffa1ae3f19a66996
6068f86ff5e6d3a3e100e95fd0ab03a5fb9ebfca9386b2c0ee131361a62526c2
60f9b5203842a4fe2d52f7c96f3c57b755bbf8f347535469739bcc6f95a9c4b5
6570c735518d3b261611298f4d3bf3775d607b282b28b1695cb12a593b69b0f8
66d03cfbf55f906f2c0c22f6117448948c07881cdf9e3eb287b5cb26a7601895
6841fe4e9e8bf20c1f2716741c50335132b434e4b2510729b4927888f00409e7
6b015cde5244962d69625d4d88aead28b7131a0734e6616f753727ecd3f76441
71fec1bd82c5066abdd38f689c7078411e9e73a479ff9d0681de0968c3363a7a
7671989da274ffd9497bd1dac6f07c7463f85a34efdbed6c8561220adce7b506
85c5b4224b245a27a2ed39a18a2b2be57bc4ee9a3e676a8cdbec9a3480732dff
8b69e119b4c4a57a14d8f6e3a53b3c5e0a9a4880715cd462214a788e21a90876
900c3453f4434eeed8a825da471927e0e8483768f2f91ca75b300d127c460f9b
9021fc16948021389aabeb08d81e444b27588b76de596041a9b3c2e53d313e9a
90a5e085de08b76787107ea46a188afc417537f1903e36ef89b6c63d5b0581e2
926172c6f78bad8d437e449a3309ea0de03199f2bc0d2101899f3ce99df04f4b
93c99b1a62bdef426c6029d8eeaa796af079bd0b67c7bd67fda444e8afb6f562
94fb85c0bd3e70b7508434ba7625483252ed4e86dbde231b7917c9ef0a7ef781
98786cd3697252c29f2a583f7d17d7e7850c07261c5dfd7109c1a1fd64f6a9ec
9d66f0afc79401d5c11b2baea9c114a76ac07161f364bebb23142b27ceeda4ed
9fb91ff0e8c179aea40dbe6842b36fd201654f5647c21dcec41fd18be535d506
ac3ef8856b0cd2fcd04fa7547397075e975061d6ebb3d4b50be9a5c19b373d47
ac84a1fc24f8507f8583351d4da90bdac4d56d2a3c086ba3c3551642715b8dad
ad2fa2b8a425dcd3425956800a4b78f9306f1487eb6ba5a758ff2b954e3cc200
b7acb047f2d46898d4fe77b16ab0aeb7f66b0124d50bab9fa39ce26fa32bc3e9
b9c775232213b8a4b7a63dfaf839757b2a8d1583a1af7b5766030da6e8c474b4
bc5427c8becdc12dbb8026919b68588038af5c479590819134593e007eadfa67
bfc59a75bccdb0ec1a57be01f8e7e6888b9fdfaccaf1f311bcf105bdbc5f4e2d
c0ff4817b1eb977c5bd7b1991006c69090ffdae73733a7d8829fec8d611f69fc
c7ddf668a7f68684f1c772e99a4d8ce4e4e5ec99d444cbcc2053930d8dea3aba
c9c2484b74bd1885ba68e33680ded5ee482470df6937369a4699c3f5ca9dbba6
cb5643ffff191bf755e4b0812525d2db86931ea3f666bc8f0bf244f2da2042b9
d0048d25ebdfe263792166d8dcac3f09d95a62f62dff38fd52f553faa9e133b5
d21021784cda31eeae5c8295e047a14bda6ed5a9b5963fca9e7ceb398a9c9179
d65a44667683feb04ff9c1a60c5dd16a7451d3252ec2a8152efdc3ffee016e01
d91a13ea8b1257f34b0402fba9e9875131d80dfcf2ed3e335fb594d084216a68
d9452167a737f782b3f3137f7e08f73251b330201fa2930f44eec316b34db481
da2ee22c8a2e3f8713bf425acb1673a4aba3ff8d3a22065f93822fe90b756049
dc4688372f9f18ec8fd4265f947de23ae7df92e0f3214209c6a6686581125d7f
dc62b6009c4b39570ce7e78ff114a134d8e56ba71b75deb0b971d736e3e9aaee
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e154e27a9354991258b09c251acd2d5a0645f53ae49a8faec2c092c7fa5906e4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6cd6b15bc61a34c36427b98c695507c4eab862607cff420652f0c9384baa6cf
eb02a2263dbdf8acde8fbc6b18ccccf901e011b276b592aacfc810c7ceb8f7ec
edc9bb5e63c9fbf99f6d5e7448a9454c7b51a8fc5154e9939c863312b19e6f5a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
f31e15302a59e25862ffaff4e854830ad9759f948bf537ae5c0dba24a12f2406
f4f9f204aaab6f4fc1dfda7bc3bd4aad98d4236c7061b144b496dd991cbf12ae
f64ef4a15bcabc99c1b1d29eee628dade3617a51abdc311c8ca1a6516673d013
f780cfd2187eb88efd1d32da69533ae77d16caed4da07d6da7a7e95ac89a3ac3