urlscan.io logo urlscan.io
SecurityTrails logo

fedsso-pp.bankofamerica.com Open in urlscan Pro
171.162.61.83  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://acq-uat1.bankofamerica.com/
Effective URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Fa...
Submission Tags: @phishunt_io
Submission: On May 07 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 171.162.61.83, located in United States and belongs to BOFABROKERDEALERSVCS, US. The main domain is fedsso-pp.bankofamerica.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on March 29th 2024. Valid for: a year.
This is the only time fedsso-pp.bankofamerica.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 171.162.60.163 19886 (BOFABROKE...)
11 171.162.61.83 19886 (BOFABROKE...)
11 1
Apex Domain
Subdomains		 Transfer
12 bankofamerica.com
acq-uat1.bankofamerica.com
fedsso-pp.bankofamerica.com
409 KB
11 1
Domain Requested by
11 fedsso-pp.bankofamerica.com fedsso-pp.bankofamerica.com
1 acq-uat1.bankofamerica.com 1 redirects
11 2

This site contains no links.

Subject Issuer Validity Valid
fedsso-pp.bankofamerica.com
Entrust Certification Authority - L1M		 2024-03-29 -
2025-03-29		 a year crt.sh

This page contains 1 frames:

Primary Page: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Frame ID: 30F2A512484982271D17C14D308A62F6
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Error

Page URL History Show full URLs

  1. https://acq-uat1.bankofamerica.com/ HTTP 302
    https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

407 kB
Transfer

389 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://acq-uat1.bankofamerica.com/ HTTP 302
    https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request authorization.oauth2
fedsso-pp.bankofamerica.com/as/
Redirect Chain
  • https://acq-uat1.bankofamerica.com/
  • https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYi...
4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
06362f4b68b8baac80d25b96522fcf9517725b949b24aeff98d190e8d51e6684
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store
Connection
close
Content-Length
4142
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type
text/html;charset=utf-8
Date
Tue, 07 May 2024 17:25:01 GMT
Expect-CT
max-age=3600, enforce max-age=3600, enforce
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache,no-store,max-age=0
Content-Length
0
Date
Tue, 07 May 2024 17:25:00 GMT
Expires
0
Location
https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains;preload
X-Frame-Options
DENY
main.css
fedsso-pp.bankofamerica.com/assets/css/ 		172 KB
174 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/css/main.css
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
dc632b3bb3c125fcbad062aec5f8466707b915ce918d3c7d095c39d7983f624c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
176110
X-XSS-Protection
1; mode=block
override.css
fedsso-pp.bankofamerica.com/assets/css/ 		991 B
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/css/override.css
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
ea70ea5e863a0170c1f25c54cf2f460329d58b8c1ba07ffcbd7bc45f9cb2eb82
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
991
X-XSS-Protection
1; mode=block
branding.css
fedsso-pp.bankofamerica.com/assets/css/ 		6 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/css/branding.css
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
96e3a4c65f45f4d38eb4fabb0d771ea59bbed2add345ab02c83dbe51b961c970
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
text/css
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
6429
X-XSS-Protection
1; mode=block
bofa-logo-new.svg
fedsso-pp.bankofamerica.com/assets/images/ 		7 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fedsso-pp.bankofamerica.com/assets/images/bofa-logo-new.svg
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
29c1a730547d1487b67408ca75066af3bc9c1c2142d2bc9f96f333a0136102e2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Fri, 24 Feb 2023 19:19:12 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
image/svg+xml
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
7662
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
fedsso-pp.bankofamerica.com/assets/jslib/jQuery/3.5.1/ 		89 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/jslib/jQuery/3.5.1/jquery-3.5.1.min.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
9eb38f49c160795d44429502e0ad34a1fa4b4ed5ad3cab4ef04339a2db503909
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
91596
X-XSS-Protection
1; mode=block
popper.min.js
fedsso-pp.bankofamerica.com/assets/jslib/jQuery/3.5.1/ 		20 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/jslib/jQuery/3.5.1/popper.min.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
f8e91ec84893a1ab67b0b5c11cd269d9513c7eea5475ca9e597e779544c29672
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:01 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=20000
Content-Length
20628
X-XSS-Protection
1; mode=block
bootstrap.bundle.min.js
fedsso-pp.bankofamerica.com/assets/jslib/bootstrap/4.6/ 		84 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/jslib/bootstrap/4.6/bootstrap.bundle.min.js
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
e81e7d08d34e0de6c42adfc36e7be982d22213a897b5d82b7629b96b7ce65432
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Tue, 07 May 2024 17:25:02 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains; preload
Referrer-Policy
origin
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Last-Modified
Mon, 25 Mar 2024 12:21:20 GMT
X-Content-Type-Options
nosniff
Expect-CT
max-age=3600, enforce, max-age=3600, enforce
Content-Type
application/javascript
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=5, max=19999
Content-Length
86498
X-XSS-Protection
1; mode=block
ProximaNova-Light.otf
fedsso-pp.bankofamerica.com/assets/fonts/proxima-nova/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/fonts/proxima-nova/ProximaNova-Light.otf
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/assets/css/main.css
Protocol
HTTP/1.0
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Origin
https://fedsso-pp.bankofamerica.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Length
4353
ProximaNova-Regular.otf
fedsso-pp.bankofamerica.com/assets/fonts/proxima-nova/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/assets/fonts/proxima-nova/ProximaNova-Regular.otf
Requested by
Host: fedsso-pp.bankofamerica.com
URL: https://fedsso-pp.bankofamerica.com/assets/css/main.css
Protocol
HTTP/1.0
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Origin
https://fedsso-pp.bankofamerica.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Length
4353
favicon.ico
fedsso-pp.bankofamerica.com/ 		4 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://fedsso-pp.bankofamerica.com/favicon.ico
Protocol
HTTP/1.0
Security
TLS 1.2, RSA, AES_128_GCM
Server
171.162.61.83 , United States, ASN19886 (BOFABROKERDEALERSVCS, US),
Reverse DNS
fedsso-pp-sve1-ext-vip.bankofamerica.com
Software
/
Resource Hash
fa670d4efffc757412e88d41f355475735442c01c73b1deceba8f7b3539c9547

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://fedsso-pp.bankofamerica.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Connection
Keep-Alive
Content-Length
4353

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| Popper object| bootstrap

5 Cookies

Domain/Path Name / Value
acq-uat1.bankofamerica.com/ Name: nonce.8SUF6w.1715361900
Value: 517377a4-b985-420d-a03d-d663038ca7ec
acq-uat1.bankofamerica.com/ Name: TS01d18a5e
Value: 0108a18b29045edcadf314a4b81d529b845d0e9e2f06d349a2f57ba02fc902c37080363d0fd766050253f66c9f5c26070aa04c391f
fedsso-pp.bankofamerica.com/ Name: bac_persist
Value: 1308765605.20380.0000
.bankofamerica.com/ Name: _bofalid
Value: f+kIeBwLYkKEUDCIJ0++U7jSJt4z8bTLIG4xHpbdA5k=
.fedsso-pp.bankofamerica.com/ Name: TS016bb7e3
Value: 0108a18b29bd4d538b19ebd329f212f5d4e6bf5680f9b0f80a48b935d753586def90884c3bc3da1a9201bbecf7da92250db195b355

4 Console Messages

Source Level URL
Text
network error URL: https://fedsso-pp.bankofamerica.com/as/authorization.oauth2?response_type=code&client_id=A20827BPWEPASS&redirect_uri=https%3A%2F%2Facq-uat1.bankofamerica.com%2Fpa%2Foidc%2Fcb&state=eyJ6aXAiOiJERUYiLCJhbGciOiJkaXIiLCJlbmMiOiJBMTI4Q0JDLUhTMjU2Iiwia2lkIjoiM3ZzOTU2c3pfc1JZbVNEcGRTejg4dmJESFEwIiwic3VmZml4IjoiOFNVRjZ3LjE3MTUzNjE5MDAifQ..TznR0zhX2OQQ1-oGoXzHNg.BHo__3U-LGJF6QNxO4P8djDSYfJnEDJttmzMYYTta3VOzgTPmw4VOtu9sd3POwMCoAaz75H4nVrRLtPenZBW61SXvQgHXiksR-fVQnrBm7M.OCEF4VXX_WsGVkd3OElwig&nonce=6mH25GIONF24O5F18YNppoi2fM2YgFa0W5c6LHtGJh0&acr_values=AAL1%20AAL2%20AAL3&scope=openid%20basic%20extended&vnd_pi_requested_resource=https%3A%2F%2Facq-uat1.bankofamerica.com%2F&vnd_pi_application_name=A20827BPWEPASS
Message:
Failed to load resource: the server responded with a status of 500 (Server Error)
network error URL: https://fedsso-pp.bankofamerica.com/assets/fonts/proxima-nova/ProximaNova-Light.otf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://fedsso-pp.bankofamerica.com/assets/fonts/proxima-nova/ProximaNova-Regular.otf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://fedsso-pp.bankofamerica.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block