Submitted URL: https://ccportal.jpmorgan.com/ccportal/login
Effective URL: https://ccportal.jpmorgan.com/ccportal/ccportal
Submission: On April 12 via manual from US

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 159.53.53.57, located in United States and belongs to AS-7743, US. The main domain is ccportal.jpmorgan.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on December 4th 2020. Valid for: a year.
This is the only time ccportal.jpmorgan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 159.53.53.57 7743 (AS-7743)
1 1 159.53.64.61 7743 (AS-7743)
1 2 159.53.84.126 7743 (AS-7743)
1 52.30.135.179 16509 (AMAZON-02)
9 3
Apex Domain
Subdomains
Transfer
8 jpmorgan.com
ccportal.jpmorgan.com
344 KB
3 chase.com
chaseonline.chase.com
www.chase.com
31 KB
1 demdex.net
dpm.demdex.net
2 KB
9 3
Domain Requested by
8 ccportal.jpmorgan.com 1 redirects ccportal.jpmorgan.com
2 www.chase.com 1 redirects
1 dpm.demdex.net chaseonline.chase.com
1 chaseonline.chase.com 1 redirects
9 4

This site contains links to these domains. Also see Links.

Domain
www.jpmorgan.com
Subject Issuer Validity Valid
www.paymentnet.jpmorgan.com
Entrust Certification Authority - L1M
2020-12-04 -
2021-12-04
a year crt.sh
www.chase.com
Entrust Certification Authority - L1M
2021-02-18 -
2022-02-18
a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1
2020-12-02 -
2022-01-02
a year crt.sh

This page contains 1 frames:

Primary Page: https://ccportal.jpmorgan.com/ccportal/ccportal
Frame ID: FA54E1B34933407C95986333E099321F
Requests: 9 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://ccportal.jpmorgan.com/ccportal/login HTTP 302
    https://ccportal.jpmorgan.com/ccportal/ccportal Page URL

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

2
Countries

375 kB
Transfer

1005 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ccportal.jpmorgan.com/ccportal/login HTTP 302
    https://ccportal.jpmorgan.com/ccportal/ccportal Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://chaseonline.chase.com/js/Reporting.js HTTP 301
  • https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js HTTP 302
  • https://www.chase.com/c/040621/apps/chase/clientlibs/foundation/scripts/Reporting.js

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request ccportal
ccportal.jpmorgan.com/ccportal/
Redirect Chain
  • https://ccportal.jpmorgan.com/ccportal/login
  • https://ccportal.jpmorgan.com/ccportal/ccportal
2 KB
3 KB
Document
General
Full URL
https://ccportal.jpmorgan.com/ccportal/ccportal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
f80679eac84fc06c2dd3f0d20e316f34ad95c043583a801018adb4b2b2994e66
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block

Request headers

Host
ccportal.jpmorgan.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
TS25c312af029=08419a03faab28005e791b390362681a1ce8e3247d8e5b8c7bc30d3e1250cef2c97c44b032093b1e5cd50723aee20840; ppnet_2959=!QxUAoR5Z5dtEf2mFeDdq1TK7F236GPKa+ZLDEnKdKYYxNpaYw0jEWFdmJxLDL6+/nCFNGOSVNWxpTfM=
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN DENY
accept-ranges
bytes
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
last-modified
Sat, 20 Feb 2021 19:28:18 GMT
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers
x-vcap-request-id
533ac40f-5d59-42b3-688a-eb9d727cfbd9
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Keep-Alive
timeout=5, max=98
P3P
CP="{}"
Connection
Keep-Alive
Date
Mon, 12 Apr 2021 12:37:34 GMT
Expires
Mon, 12 Apr 2021 12:37:35 GMT
Age
0
Content-Length
1694

Redirect headers

Date
Mon, 12 Apr 2021 12:37:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Frame-Options
SAMEORIGIN
Location
https://ccportal.jpmorgan.com/ccportal/ccportal
Cache-Control
max-age=0
Expires
Mon, 12 Apr 2021 12:37:34 GMT
Content-Length
231
Content-Type
text/html; charset=iso-8859-1
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
P3P
CP="{}"
Set-Cookie
TS25c312af029=08419a03faab28005e791b390362681a1ce8e3247d8e5b8c7bc30d3e1250cef2c97c44b032093b1e5cd50723aee20840; Max-Age=30;Path=/ ppnet_2959=!QxUAoR5Z5dtEf2mFeDdq1TK7F236GPKa+ZLDEnKdKYYxNpaYw0jEWFdmJxLDL6+/nCFNGOSVNWxpTfM=; path=/; Httponly; Secure
Vary
Accept-Encoding
main.e95c458ac6a2100fe21f.bundle.css
ccportal.jpmorgan.com/ccportal/ccportal/
177 KB
38 KB
Stylesheet
General
Full URL
https://ccportal.jpmorgan.com/ccportal/ccportal/main.e95c458ac6a2100fe21f.bundle.css
Requested by
Host: ccportal.jpmorgan.com
URL: https://ccportal.jpmorgan.com/ccportal/ccportal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
e1f75ece2010804f51ad78869ffe5f3111acc41b55634434140344513c854fb3
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ccportal.jpmorgan.com/ccportal/ccportal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Age
0
P3P
CP="{}"
Connection
Keep-Alive
Content-Length
37683
X-XSS-Protection
1; mode=block
last-modified
Sat, 20 Feb 2021 19:28:18 GMT
X-Frame-Options
SAMEORIGIN, DENY
Date
Mon, 12 Apr 2021 12:37:35 GMT
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
content-type
text/css
x-vcap-request-id
ad4ec90c-2854-4b8e-7cb3-b13021227ae4
cache-control
no-cache, must-revalidate
Content-Security-Policy
child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
accept-ranges
bytes
Keep-Alive
timeout=5, max=93
Expires
Mon, 12 Apr 2021 12:37:35 GMT
main.e4c3065244bbd5d37323.bundle.js
ccportal.jpmorgan.com/ccportal/ccportal/
669 KB
212 KB
Script
General
Full URL
https://ccportal.jpmorgan.com/ccportal/ccportal/main.e4c3065244bbd5d37323.bundle.js
Requested by
Host: ccportal.jpmorgan.com
URL: https://ccportal.jpmorgan.com/ccportal/ccportal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
ad93f0211e438a9c4a431c97e7a1ba5e00ec6aaa8bd64a0d834d2488d3928f33
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ccportal.jpmorgan.com/ccportal/ccportal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Age
0
P3P
CP="{}"
Connection
Keep-Alive
Content-Length
215791
X-XSS-Protection
1; mode=block
last-modified
Sat, 20 Feb 2021 19:28:18 GMT
X-Frame-Options
SAMEORIGIN, DENY
Date
Mon, 12 Apr 2021 12:37:35 GMT
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
content-type
application/javascript
x-vcap-request-id
4bdd527c-5f32-4aa4-5c19-243bed46ec79
cache-control
no-cache, must-revalidate
Content-Security-Policy
child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
accept-ranges
bytes
Keep-Alive
timeout=5, max=92
Expires
Mon, 12 Apr 2021 12:37:35 GMT
86c94b8779fee7d1c336d3f9f7cd74a9.png
ccportal.jpmorgan.com/ccportal/ccportal/
83 KB
85 KB
Image
General
Full URL
https://ccportal.jpmorgan.com/ccportal/ccportal/86c94b8779fee7d1c336d3f9f7cd74a9.png
Requested by
Host: ccportal.jpmorgan.com
URL: https://ccportal.jpmorgan.com/ccportal/ccportal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
3f2f02db3616949324eb87f9290dc78c535e1211e05bb8876a8eabf1de6258f8
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ccportal.jpmorgan.com/ccportal/ccportal
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Age
0
Connection
Keep-Alive
Content-Length
85850
X-XSS-Protection
1; mode=block
last-modified
Sat, 20 Feb 2021 19:28:18 GMT
X-Frame-Options
SAMEORIGIN, DENY
Date
Mon, 12 Apr 2021 12:37:36 GMT
Vary
Accept-Encoding
content-type
image/png
x-vcap-request-id
bb9c591d-4212-4bc9-714e-3ea5126bee42
cache-control
no-cache, must-revalidate
Content-Security-Policy
child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
accept-ranges
bytes
Keep-Alive
timeout=5, max=100
Expires
Mon, 12 Apr 2021 12:37:37 GMT
6c88056be86b4908a4bef8c6175d86fb.png
ccportal.jpmorgan.com/ccportal/ccportal/
4 KB
5 KB
Image
General
Full URL
https://ccportal.jpmorgan.com/ccportal/ccportal/6c88056be86b4908a4bef8c6175d86fb.png
Requested by
Host: ccportal.jpmorgan.com
URL: https://ccportal.jpmorgan.com/ccportal/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
dc5225d800250050e3e3b2d1b054baafdee43c7ada37e758a4b76a35c486263a
Security Headers
Name Value
Content-Security-Policy child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ccportal.jpmorgan.com/ccportal/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Permitted-Cross-Domain-Policies
none
Age
0
Connection
Keep-Alive
Content-Length
4405
X-XSS-Protection
1; mode=block
last-modified
Sat, 20 Feb 2021 19:28:18 GMT
X-Frame-Options
SAMEORIGIN, DENY
Date
Mon, 12 Apr 2021 12:37:36 GMT
Vary
Accept-Encoding
content-type
image/png
x-vcap-request-id
9dc61975-066b-467e-6ca6-159e922f3a85
cache-control
no-cache, must-revalidate
Content-Security-Policy
child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
accept-ranges
bytes
Keep-Alive
timeout=5, max=98
Expires
Mon, 12 Apr 2021 12:37:37 GMT
year
ccportal.jpmorgan.com/gaiaccportal/pnet/ccportal-app/
22 B
717 B
XHR
General
Full URL
https://ccportal.jpmorgan.com/gaiaccportal/pnet/ccportal-app/year
Requested by
Host: ccportal.jpmorgan.com
URL: https://ccportal.jpmorgan.com/ccportal/ccportal/main.e4c3065244bbd5d37323.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
6481dc9f73e746382b17d54c2722c3d11df135d15662273c5dbdf70f89b8e523
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Pragma
no-cache
Cache-Control
no-cache
Referer
https://ccportal.jpmorgan.com/ccportal/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Expires
-1

Response headers

Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Content-Encoding
gzip
Age
220
X-Frame-Options
SAMEORIGIN
Date
Mon, 12 Apr 2021 12:37:36 GMT
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
P3P
CP="{}"
x-vcap-request-id
f622cc92-5273-42a6-7ebf-165425ce45b7
Connection
Keep-Alive
Accept-Ranges
bytes
content-type
application/json;charset=UTF-8
Keep-Alive
timeout=5, max=93
Content-Length
42
X-XSS-Protection
1; mode=block
webAnalytics
ccportal.jpmorgan.com/gaiaccportal/pnet/ccportal-app/
56 B
747 B
XHR
General
Full URL
https://ccportal.jpmorgan.com/gaiaccportal/pnet/ccportal-app/webAnalytics
Requested by
Host: ccportal.jpmorgan.com
URL: https://ccportal.jpmorgan.com/ccportal/ccportal/main.e4c3065244bbd5d37323.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.53.57 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
7ba240b6076eaeae363e8a4a079a8be88917be188d9f7c044ff919cef649f13d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Pragma
no-cache
Cache-Control
no-cache
Referer
https://ccportal.jpmorgan.com/ccportal/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Expires
-1

Response headers

Strict-Transport-Security
max-age=63072000; includeSubdomains; preload
Content-Encoding
gzip
Age
220
X-Frame-Options
SAMEORIGIN
Date
Mon, 12 Apr 2021 12:37:36 GMT
vary
Origin,Access-Control-Request-Method,Access-Control-Request-Headers, Accept-Encoding
P3P
CP="{}"
x-vcap-request-id
a75d6ea0-03a7-4322-5ebd-a02d64c85ff5
Connection
Keep-Alive
Accept-Ranges
bytes
content-type
application/json;charset=UTF-8
Keep-Alive
timeout=5, max=98
Content-Length
72
X-XSS-Protection
1; mode=block
Reporting.js
www.chase.com/c/040621/apps/chase/clientlibs/foundation/scripts/
Redirect Chain
  • https://chaseonline.chase.com/js/Reporting.js
  • https://www.chase.com/apps/chase/clientlibs/foundation/scripts/Reporting.js
  • https://www.chase.com/c/040621/apps/chase/clientlibs/foundation/scripts/Reporting.js
68 KB
30 KB
Script
General
Full URL
https://www.chase.com/c/040621/apps/chase/clientlibs/foundation/scripts/Reporting.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
159.53.84.126 , United States, ASN7743 (AS-7743, US),
Reverse DNS
Software
/
Resource Hash
e8fd9b5977c6b42e79313f88554b7f7c7023aaf79ccc0707ea459ad5727e055c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Security-Policy frame-ancestors 'none'
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ccportal.jpmorgan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Date
Mon, 12 Apr 2021 12:37:28 GMT
Content-Encoding
gzip
Age
10
Connection
Keep-Alive
Content-Length
29999
x-xss-protection
1; mode=block
Last-Modified
Wed, 07 Apr 2021 01:38:30 GMT
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=2592000,s-maxage=2592000
Content-Security-Policy
frame-ancestors 'none'
Accept-Ranges
bytes
X-Content-Security-Policy
frame-ancestors 'none'

Redirect headers

Date
Mon, 12 Apr 2021 12:37:38 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Location
https://www.chase.com/c/040621/apps/chase/clientlibs/foundation/scripts/Reporting.js
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000
Content-Length
268
x-xss-protection
1; mode=block
id
dpm.demdex.net/
2 KB
2 KB
Fetch
General
Full URL
https://dpm.demdex.net/id?d_ver=2&d_orgid=EA673DFC5A2F19060A495C9C@AdobeOrg
Requested by
Host: chaseonline.chase.com
URL: https://chaseonline.chase.com/js/Reporting.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.135.179 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-135-179.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
52b151071178db7b96b36738f741d7d1e1fe53a77380ff04bf8e06e21edee55d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://ccportal.jpmorgan.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v090-01e477a11.edge-irl1.demdex.com 5.80.7.20210304103356 3ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
KDD3ZKYGS1I=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://ccportal.jpmorgan.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
875
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime object| CHASE number| DebugMode object| _ScenarioName object| _StepName object| _ScenarioParams object| _SegmentGroup string| _AdCookie string| _RoutableTestTargetCookie boolean| _SetRoutableLogin string| _Delim boolean| RPT_Enabled undefined| _PageTitle object| _ValidFlashAdUrls function| RPT_Init function| RPT_SetPersonId function| RPT_ErrorPage function| RPT_ScenarioPage function| RPT_RecordEvent function| RPT_RecordTNTEvent function| RPT_RecordPageLoadEvent function| RPT_Impression function| RPT_Click function| RPT_ClickNoRedirect function| RPT_AddVariables function| RPT_AddTNTVariables function| clickthrough function| AdParam object| _AdParams function| _Show function| _Debug function| InitializeFPC boolean| _Initialized number| _InitStageCompleted function| _Init function| _Init2 function| _Clear function| _GetTarget function| _GetTargetName function| _TrackElement function| _OnChange undefined| _thirdParyHost undefined| _thirdPartyPath boolean| _isThirdParty undefined| _clickedAd undefined| _conversionAd undefined| _Environment undefined| _ResolvedDomain function| _ParseThirdPartyUrl function| _IsTaggedOffSite function| _IsImpliedOffSite function| _OnClick function| _SetConversionInfo function| _CheckConversion function| _BindAll function| _OnLoadError function| _OnLoad function| _ParamSearch function| _AdSearchUpdateObj function| _AdSearch function| _GetParmVal function| _Configure function| ApplyWebTrends function| _GetDcsId function| _Replace function| _GetDomain function| _IsNumeric function| _SetCookie function| PT_BuildLinkImpressionList function| updatePersonaCookie function| _runPixelTracker object| VisitorApi function| SetAMCVCookie function| GetCookieDomain_LegacyMode function| GetCookieDomain function| _Bind function| _GetCookie function| chase_getElementsByClassName function| RPT_ScenerioPage object| analyticsLiteConfig object| analyticsLite string| cookiePattern

1 Cookies

Domain/Path Name / Value
ccportal.jpmorgan.com/ Name: ppnet_2959
Value: !MP71obB7sLmWzypDVCUQFHqs7euRanDstdY9Ivp3rhdRE5+8f7YMoe7+Po6yGY6X7prU56hFNIJDxSA=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy child-src 'self' blob: data:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.chase.com https://*.jpmorgan.com blob: data:; img-src 'self' https://*.chase.com https://*.jpmorgan.com blob: data:; style-src data: 'unsafe-inline' *
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block