Submitted URL: http://bba2-beta.bloomberg.com/
Effective URL: https://bba2-beta.bloomberg.com/
Submission: On April 15 via manual from US — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 69.187.32.19, located in United States and belongs to BLOOMBERG-NET, US. The main domain is bba2-beta.bloomberg.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on July 25th 2023. Valid for: a year.
This is the only time bba2-beta.bloomberg.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 69.187.32.19 10361 (BLOOMBERG...)
3 151.101.1.73 54113 (FASTLY)
10 3
Apex Domain
Subdomains
Transfer
7 bloomberg.com
bba2-beta.bloomberg.com
919 KB
3 bwbx.io
assets.bwbx.io — Cisco Umbrella Rank: 22589
154 KB
10 2
Domain Requested by
7 bba2-beta.bloomberg.com bba2-beta.bloomberg.com
3 assets.bwbx.io bba2-beta.bloomberg.com
10 2

This site contains links to these domains. Also see Links.

Domain
www.bloomberg.com
apps.apple.com
play.google.com
Subject Issuer Validity Valid
bba2-beta.bloomberg.com
DigiCert TLS RSA SHA256 2020 CA1
2023-07-25 -
2024-08-23
a year crt.sh
www.bloomberg.com
DigiCert TLS RSA SHA256 2020 CA1
2024-03-18 -
2025-04-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://bba2-beta.bloomberg.com/
Frame ID: 83304FBA01A8A21B8F43EDA34F89D84A
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Bloomberg Anywhere

Page URL History Show full URLs

  1. http://bba2-beta.bloomberg.com/ HTTP 307
    https://bba2-beta.bloomberg.com/ Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

1073 kB
Transfer

1074 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bba2-beta.bloomberg.com/ HTTP 307
    https://bba2-beta.bloomberg.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
bba2-beta.bloomberg.com/
Redirect Chain
  • http://bba2-beta.bloomberg.com/
  • https://bba2-beta.bloomberg.com/
3 KB
4 KB
Document
General
Full URL
https://bba2-beta.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
e5ed00bad6592a2ed713502d60c2d7633609778945aebee27a69fa4e145e75c8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Length
3082
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Content-Type
text/html; charset=utf-8
Date
Mon, 15 Apr 2024 12:40:46 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Cookie
X-Content-Type-Options
: nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://bba2-beta.bloomberg.com/
Non-Authoritative-Reason
HttpsUpgrades
main.917f447a.chunk.css
bba2-beta.bloomberg.com/static/css/
23 KB
24 KB
Stylesheet
General
Full URL
https://bba2-beta.bloomberg.com/static/css/main.917f447a.chunk.css
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
69576efff431ae99eca6dbbd360361ceb4e7f2ccf2b600af8f9f5d6dd644877d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 12:40:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
: nosniff
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Last-Modified
Wed, 02 Jan 1980 00:00:00 GMT
Server
nginx
ETag
"315619200.0-23907-1916672176"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=main.917f447a.chunk.css
Connection
keep-alive
Content-Length
23907
X-XSS-Protection
1; mode=block
2.c50092b7.chunk.js
bba2-beta.bloomberg.com/static/js/
757 KB
758 KB
Script
General
Full URL
https://bba2-beta.bloomberg.com/static/js/2.c50092b7.chunk.js
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
3ed372479d847d89c1810ba9bc4a5b52df68b494f128c6410e1a2cb297f592ad
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 12:40:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
: nosniff
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Last-Modified
Wed, 02 Jan 1980 00:00:00 GMT
Server
nginx
ETag
"315619200.0-775375-4010415706"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=2.c50092b7.chunk.js
Connection
keep-alive
Content-Length
775375
X-XSS-Protection
1; mode=block
main.28d4eb96.chunk.js
bba2-beta.bloomberg.com/static/js/
64 KB
64 KB
Script
General
Full URL
https://bba2-beta.bloomberg.com/static/js/main.28d4eb96.chunk.js
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
f5cf3f4e907a276c57da1036ba64d0cda0ede57512302aab404664393db44749
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 12:40:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
: nosniff
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Last-Modified
Wed, 02 Jan 1980 00:00:00 GMT
Server
nginx
ETag
"315619200.0-65285-1106909193"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=main.28d4eb96.chunk.js
Connection
keep-alive
Content-Length
65285
X-XSS-Protection
1; mode=block
background-tile.bcdfc3ff.svg
bba2-beta.bloomberg.com/static/media/
1 KB
2 KB
Image
General
Full URL
https://bba2-beta.bloomberg.com/static/media/background-tile.bcdfc3ff.svg
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/static/css/main.917f447a.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
9103288ea7f8981424065091d7785d7cea6ea008f9d98c5d7e2ba615c3b26f78
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/static/css/main.917f447a.chunk.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 12:40:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
: nosniff
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Last-Modified
Wed, 02 Jan 1980 00:00:00 GMT
Server
nginx
ETag
"315619200.0-1182-1153703015"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml; charset=utf-8
Cache-Control
no-cache
Content-Disposition
inline; filename=background-tile.bcdfc3ff.svg
Connection
keep-alive
Content-Length
1182
X-XSS-Protection
1; mode=block
devices.f6bc6527.png
bba2-beta.bloomberg.com/static/media/
56 KB
57 KB
Image
General
Full URL
https://bba2-beta.bloomberg.com/static/media/devices.f6bc6527.png
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/static/css/main.917f447a.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
5bd9fea055465e1526924119cf3ed73236dd5bef14f1d282b5811d92f5bfca9a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/static/css/main.917f447a.chunk.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 12:40:48 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
: nosniff
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Last-Modified
Wed, 02 Jan 1980 00:00:00 GMT
Server
nginx
ETag
"315619200.0-57163-1676220552"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
no-cache
Content-Disposition
inline; filename=devices.f6bc6527.png
Connection
keep-alive
Content-Length
57163
X-XSS-Protection
1; mode=block
truncated
/
4 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63296cb3f051a926437e00b66d42791ebf3a3ef38e044d4e1f0fa20eb9d54d26

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6eeacc442e230ee515af0b157638936c31bf6990f31180574982a03abf1027d4

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
AvenirNextP2ForBBG-Medium-dc5d08072d.woff2
assets.bwbx.io/s3/fontservice/fonts/
51 KB
52 KB
Font
General
Full URL
https://assets.bwbx.io/s3/fontservice/fonts/AvenirNextP2ForBBG-Medium-dc5d08072d.woff2
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.73 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
366a7d26d35d5e6472011c563fa2af0063070f30a82a6d6cd044ee2ee39ba6b5
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Origin
https://bba2-beta.bloomberg.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
R99frNehaDYq8VzkIqiuWWbs279pC7Dr
date
Mon, 15 Apr 2024 12:40:48 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
HE57AHKKYFJHW7PY
age
3468435
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-replication-status
COMPLETED
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
52624
x-amz-id-2
50YkA2AqWriRenQoaSx1C9Ws7tAnDgdVLmc4bnU42+gjDsTj46sdk6x2xIM2xPLqUiKdCMFLBTU=
x-served-by
cache-bfi-krnt7300065-BFI, cache-fra-eddf8230150-FRA
last-modified
Wed, 19 Apr 2023 20:39:51 GMT
server
AmazonS3
x-timer
S1713184848.168838,VS0,VE0
etag
"dc5d08072d37bf5bc456cd0d0aa290f5"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
23000, 6
AvenirNextP2ForBBG-Light-5175406f53.woff2
assets.bwbx.io/s3/fontservice/fonts/
51 KB
52 KB
Font
General
Full URL
https://assets.bwbx.io/s3/fontservice/fonts/AvenirNextP2ForBBG-Light-5175406f53.woff2
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.73 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
367dc0229c4a76cf9f5ccd94fb21134bf08162eb3eef647fa2e6b0cfe3919aac
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Origin
https://bba2-beta.bloomberg.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
dskdVU81VD6SuFzOvOmCCokxviY6PBOa
date
Mon, 15 Apr 2024 12:40:48 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
MY51SGX33Z4MWWD1
age
2315965
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-replication-status
COMPLETED
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
52680
x-amz-id-2
SrOgZ/HVt8ymvIEfamYVVXZbim6WXFGwvungLjYTUrCJz+ZblrQMjYYMi6S6qRbbHJdv3uLsXN4=
x-served-by
cache-bfi-kbfi7400070-BFI, cache-fra-eddf8230150-FRA
last-modified
Wed, 19 Apr 2023 20:39:51 GMT
server
AmazonS3
x-timer
S1713184848.169772,VS0,VE1
etag
"5175406f5339bc06317be8f39baa17eb"
access-control-allow-methods
GET, HEAD
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
3, 0
AvenirNextP2ForBBG-Regular-517a851989.woff2
assets.bwbx.io/s3/fontservice/fonts/
50 KB
51 KB
Font
General
Full URL
https://assets.bwbx.io/s3/fontservice/fonts/AvenirNextP2ForBBG-Regular-517a851989.woff2
Requested by
Host: bba2-beta.bloomberg.com
URL: https://bba2-beta.bloomberg.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.73 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b33c906ea5bd05c25cfbe949ced4072fde58948a28f2143f4705aaec31ca335d
Security Headers
Name Value
Strict-Transport-Security max-age=31557600

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Origin
https://bba2-beta.bloomberg.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
xkFrcAC.TA3gSvKL5YmDWKV34d_ivJ9n
date
Mon, 15 Apr 2024 12:40:48 GMT
strict-transport-security
max-age=31557600
x-amz-request-id
74JX4T1H5N01S02F
age
830104
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-amz-replication-status
COMPLETED
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
51600
x-amz-id-2
An2OSyVXirdmvJi4Mxm7zuABxSh+eEuKuX1s/k1xuV7/cYzlZQKMqwQxwCuTPb/jW7mtvYl9574=
x-served-by
cache-bfi-kbfi7400104-BFI, cache-fra-eddf8230150-FRA
last-modified
Wed, 19 Apr 2023 20:39:51 GMT
server
AmazonS3
x-timer
S1713184848.168493,VS0,VE0
etag
"517a851989d653a723fe7c1f9ad2f854"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, immutable
accept-ranges
bytes
x-cache-hits
14843, 9
favicon.ico
bba2-beta.bloomberg.com/
9 KB
10 KB
Other
General
Full URL
https://bba2-beta.bloomberg.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
69.187.32.19 , United States, ASN10361 (BLOOMBERG-NET, US),
Reverse DNS
Software
nginx /
Resource Hash
2c49454a92228baa852c385fccb420fb453ae11ade08d43fca49d2539b313f73
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://bba2-beta.bloomberg.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Mon, 15 Apr 2024 12:40:48 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
: nosniff
Content-Security-Policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Last-Modified
Wed, 02 Jan 1980 00:00:00 GMT
Server
nginx
ETag
"315619200.0-9326-2437943608"
X-Frame-Options
SAMEORIGIN
Content-Type
image/vnd.microsoft.icon
Cache-Control
no-cache
Content-Disposition
inline; filename=favicon.ico
Connection
keep-alive
Content-Length
9326
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| regions object| applications object| SETTINGS object| webpackJsonpfrontend function| clearImmediate function| setImmediate object| regeneratorRuntime string| __BBUI_VERSION__

2 Cookies

Domain/Path Name / Value
bba2-beta.bloomberg.com/ Name: PSTID
Value: ef6d83194c894d55846087e9f419591f
bba2-beta.bloomberg.com/ Name: session
Value: eyJyaWQiOiIwMDMzMTE4OWM1N2E0N2M2ODJjNzcxMTkxMDlhZWY0NyJ9.Zh0gTg.K06ecwMxaQ4mSpIGSFDYnZ4mdQQ

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' 'self'; font-src 'self' https://assets.bwbx.io data:; img-src 'self' data:; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options : nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block