URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Submission: On September 07 via api from IE — Scanned from DE

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 49 HTTP transactions. The main IP is 70.37.166.146, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.hsabank.com. The Cisco Umbrella rank of the primary domain is 318243.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 6th 2023. Valid for: a year.
This is the only time www.hsabank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains
Transfer
24 hsabank.com
www.hsabank.com — Cisco Umbrella Rank: 318243
414 KB
5 gstatic.com
fonts.gstatic.com
79 KB
3 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 2541
www.google.com — Cisco Umbrella Rank: 2
716 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 186
87 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 5643
515 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 96
396 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 49
21 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
169 KB
2 levelaccess.net
cdn.levelaccess.net — Cisco Umbrella Rank: 17085
api.levelaccess.net — Cisco Umbrella Rank: 17758
62 KB
2 igodigital.com
7298557.collect.igodigital.com — Cisco Umbrella Rank: 421750
nova.collect.igodigital.com — Cisco Umbrella Rank: 6639
3 KB
2 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1134
netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3923
11 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 58
2 KB
49 12
Domain Requested by
24 www.hsabank.com www.hsabank.com
5 fonts.gstatic.com fonts.googleapis.com
2 connect.facebook.net www.hsabank.com
connect.facebook.net
2 www.google.de www.hsabank.com
2 stats.g.doubleclick.net www.googletagmanager.com
www.google-analytics.com
2 region1.analytics.google.com www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 www.googletagmanager.com www.hsabank.com
www.googletagmanager.com
1 api.levelaccess.net cdn.levelaccess.net
1 nova.collect.igodigital.com www.hsabank.com
1 netdna.bootstrapcdn.com www.hsabank.com
1 www.google.com www.hsabank.com
1 cdn.levelaccess.net www.hsabank.com
1 7298557.collect.igodigital.com www.hsabank.com
1 maxcdn.bootstrapcdn.com www.hsabank.com
1 fonts.googleapis.com www.hsabank.com
49 16
Subject Issuer Validity Valid
www.hsabank.com
Entrust Certification Authority - L1K
2023-03-06 -
2024-03-17
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2022-12-30 -
2023-12-30
a year crt.sh
*.collect.igodigital.com
Amazon RSA 2048 M02
2023-02-21 -
2024-01-13
a year crt.sh
cdn.levelaccess.net
Amazon RSA 2048 M02
2023-03-01 -
2024-01-28
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-08-07 -
2023-10-30
3 months crt.sh
www.google.de
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
www.google.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-06-16 -
2023-09-14
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-08-14 -
2023-11-06
3 months crt.sh
api.levelaccess.net
Amazon RSA 2048 M02
2023-03-01 -
2024-01-29
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.hsabank.com/hsabank/About-Us/Privacy
Frame ID: 87AD83015E1F2D065CEC1DB40C4D9D83
Requests: 49 HTTP requests in this frame

Screenshot

Page Title

Privacy - HSA Bank

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Page Statistics

49
Requests

100 %
HTTPS

86 %
IPv6

12
Domains

16
Subdomains

14
IPs

3
Countries

849 kB
Transfer

2306 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Privacy
www.hsabank.com/hsabank/About-Us/
68 KB
15 KB
Document
General
Full URL
https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2a845aa2b45c30aee6a7ee893dbd8d2ada501911a470279a306267833a5bd017
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Content-Encoding
gzip
Content-Length
13698
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
text/html; charset=utf-8
Date
Thu, 07 Sep 2023 12:00:49 GMT
Expires
-1
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
bootstrapmin.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/
118 KB
29 KB
Stylesheet
General
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="bootstrapmin.css"
Content-Length
27680
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 21 Apr 2020 17:48:44 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
css2
fonts.googleapis.com/
24 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ecf9b91bc7dcf04ab8641def6e787125e51c930b171fc59b7454c20f6df641dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 07 Sep 2023 12:00:50 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 07 Sep 2023 12:00:50 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 07 Sep 2023 12:00:50 GMT
font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/
30 KB
7 KB
Stylesheet
General
Full URL
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 12:00:50 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617
age
19448316
cdn-cachedat
2021-06-08 14:35:32
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:55 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
cdn-cache
HIT
access-control-allow-origin
*
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
55fb4fa8e5dd0a7f71d503394bffb28b
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
802ecb2e880d929f-FRA
cdn-requestpullsuccess
True
style.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/
87 KB
25 KB
Stylesheet
General
Full URL
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="style.css"
Content-Length
23954
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 07 Mar 2023 18:27:29 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
lock-yellow.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/
487 B
2 KB
Image
General
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/lock-yellow.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:18 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="lock-yellow.png"
Accept-Ranges
bytes
Content-Length
487
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
members.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/
6 KB
8 KB
Image
General
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/members.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="members.jpg"
Accept-Ranges
bytes
Content-Length
6597
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
logo-hsabank.ashx
www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/
11 KB
13 KB
Image
General
Full URL
https://www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/logo-hsabank.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 23 Feb 2023 15:06:33 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="logo-hsabank.png"
Accept-Ranges
bytes
Content-Length
11026
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchboxmobile.min.css
www.hsabank.com/Styles/
311 B
2 KB
Stylesheet
General
Full URL
https://www.hsabank.com/Styles/searchboxmobile.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
273
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 09 Jun 2023 18:53:50 GMT
Server
Microsoft-IIS/10.0
ETag
"a74eafba39bd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
open-hsa-navbanner.jpg
www.hsabank.com/hsabank/About-Us/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/
38 KB
40 KB
Image
General
Full URL
https://www.hsabank.com/hsabank/About-Us/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/open-hsa-navbanner.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:20:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="open-hsa-navbanner.jpg"
Accept-Ranges
bytes
Content-Length
38779
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
2023-report-nav
www.hsabank.com/~/media/Images/learning-center/health-and-wealth-index/
60 KB
62 KB
Image
General
Full URL
https://www.hsabank.com/~/media/Images/learning-center/health-and-wealth-index/2023-report-nav
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c42156cd05dba885d41cdb82f2f587281860dac9895c6897326aa5a09c64b15c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 01 Jun 2023 21:10:58 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="2023-report-nav.jpg"
Accept-Ranges
bytes
Content-Length
61635
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
learning-center.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/
10 KB
12 KB
Image
General
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/learning-center.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:22 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="learning-center.jpg"
Accept-Ranges
bytes
Content-Length
10245
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
about.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/
11 KB
13 KB
Image
General
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/about.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:23 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="about.jpg"
Accept-Ranges
bytes
Content-Length
11131
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchbox.min.css
www.hsabank.com/Styles/
920 B
2 KB
Stylesheet
General
Full URL
https://www.hsabank.com/Styles/searchbox.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
594
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 09 Jun 2023 18:53:50 GMT
Server
Microsoft-IIS/10.0
ETag
"a74eafba39bd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
searchglass.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/
439 B
2 KB
Image
General
Full URL
https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/searchglass.ashx?la=en
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="searchglass.png"
Accept-Ranges
bytes
Content-Length
439
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
searchbox.min.js
www.hsabank.com/Scripts/
85 B
2 KB
Script
General
Full URL
https://www.hsabank.com/Scripts/searchbox.min.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
191
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 09 Jun 2023 18:53:50 GMT
Server
Microsoft-IIS/10.0
ETag
"689d9eba39bd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
breadcrumb.min.css
www.hsabank.com/Styles/Site/
563 B
2 KB
Stylesheet
General
Full URL
https://www.hsabank.com/Styles/Site/breadcrumb.min.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length
407
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Fri, 09 Jun 2023 18:53:50 GMT
Server
Microsoft-IIS/10.0
ETag
"465bedba39bd91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
collect.js
7298557.collect.igodigital.com/
8 KB
2 KB
Script
General
Full URL
https://7298557.collect.igodigital.com/collect.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.36.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-36-247.compute-1.amazonaws.com
Software
/
Resource Hash
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 12:00:51 GMT
content-encoding
gzip
last-modified
Tue, 05 Sep 2023 14:46:37 GMT
vary
Accept-Encoding
content-type
application/javascript
access.js
cdn.levelaccess.net/accessjs/YW1wMTEwNDI/
462 KB
62 KB
Script
General
Full URL
https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:21f3:ae00:1:fb61:2b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a12eb2a6e59466c082974c40b97729e552f34ce11641e22697a92fc20f99d009

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-amz-version-id
t07hXre7uOIQoPQ7KnhB7TpRnGtAZeAl
Content-Encoding
gzip
Via
1.1 32e3b86ae254a231182567c0124af892.cloudfront.net (CloudFront)
Date
Thu, 07 Sep 2023 11:54:35 GMT
X-Amz-Cf-Pop
FRA2-C2
Age
377
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
Connection
keep-alive
Content-Length
62540
Last-Modified
Sat, 03 Jun 2023 02:14:14 GMT
Server
AmazonS3
ETag
"77074e7790604aad9d16231e09882ddf"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=900
Accept-Ranges
bytes
X-Amz-Cf-Id
5qNNc-V9v0TnZU0r5KLl6PmvzptdXXgwIkSXo8PXdcswgAMZqb6NYw==
SITE.js
www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/
360 KB
149 KB
Script
General
Full URL
https://www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/SITE.js?v=1.07
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/hsabank/About-Us/Privacy
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 07 Sep 2023 12:00:51 GMT
Transfer-Encoding
chunked
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition
inline; filename="SITE.js"
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Thu, 08 Sep 2022 19:00:47 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/x-javascript
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges
bytes
gtm.js
www.googletagmanager.com/
227 KB
74 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b952f8a1f59b6d5e0200c9587a92f39aa613a89442c820dd5b4540ed56022f96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 12:00:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75265
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 07 Sep 2023 12:00:51 GMT
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 07 Sep 2023 11:49:43 GMT
last-modified
Mon, 12 Jun 2023 18:23:07 GMT
server
Golfe2
age
668
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 07 Sep 2023 13:49:43 GMT
js
www.googletagmanager.com/gtag/
290 KB
95 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0bed9dd92afddf437db31238fd4ab17793869353cb8e86c46029daed9268fdc9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 12:00:51 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96993
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 07 Sep 2023 12:00:51 GMT
collect
www.google-analytics.com/j/
4 B
209 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1310592830&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&ul=en-us&de=UTF-8&dt=Privacy%20-%20HSA%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAACAAI~&jid=249773818&gjid=1188179212&cid=1658040193.1694088051&tid=UA-187387-6&_gid=864068263.1694088051&_r=1&_slc=1&gtm=45He38u0h1n81PZV52K3&z=386633591
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/
0
254 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3960h2&_p=1310592830&_gaz=1&cid=1658040193.1694088051&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1694088051&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&dt=Privacy%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
47 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=1658040193.1694088051&gtm=45je3960h2&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:51 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
408 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=1658040193.1694088051&gtm=45je3960h2&aip=1&z=1257843
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
4 B
349 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-187387-6&cid=1658040193.1694088051&jid=249773818&gjid=1188179212&_gid=864068263.1694088051&_u=YEBAAEAAAAAAACAAI~&z=210013833
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 07 Sep 2023 12:00:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/
42 B
408 B
Image
General
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=1658040193.1694088051&jid=249773818&_u=YEBAAEAAAAAAACAAI~&z=1064532458
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/
42 B
107 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=1658040193.1694088051&jid=249773818&_u=YEBAAEAAAAAAACAAI~&z=1064532458
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:51 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
bootstrap-glyphicons.css
netdna.bootstrapcdn.com/bootstrap/3.0.0/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Thu, 07 Sep 2023 12:00:51 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
cdn-edgestorageid
617, 617
age
19448307
cdn-cachedat
2021-06-08 14:07:35
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:03:55 GMT
server
cloudflare
cdn-requestpullcode
200
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
8c32aafd8e451bc69ed29328f77feb97
timing-allow-origin
*
cdn-requestcountrycode
US
cf-ray
802ecb321b39929f-FRA
cdn-requestpullsuccess
True
fbevents.js
connect.facebook.net/en_US/
193 KB
52 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 07 Sep 2023 12:00:51 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
52127
x-xss-protection
0
pragma
public
x-fb-debug
qgZRH11BqW8qxoSPF9KFVhrwOyHJhHrarG0zq1Br4ZdWYvdUTto9dH5s66VUgsd8TIMcUuHSQi9xBygA6pPlKg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
track_page_view
nova.collect.igodigital.com/c2/7298557/
43 B
355 B
Image
General
Full URL
https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22Privacy%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy%22%2C%22referrer%22%3A%22%22%7D
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/About-Us/Privacy
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.36.247 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-36-247.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

x-runtime
0.002332
date
Thu, 07 Sep 2023 12:00:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/gif
cache-control
private
content-transfer-encoding
binary
content-disposition
inline
x-xss-protection
1; mode=block
x-request-id
81544788-f29b-4be9-9d91-361757b39b93
tridown-green.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/
200 B
2 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tridown-green.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:30 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tridown-green.png"
Accept-Ranges
bytes
Content-Length
200
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
divider.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/
1 KB
3 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/divider.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:16:14 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="divider.png"
Accept-Ranges
bytes
Content-Length
1458
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
tertiary-green-line.jpg
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/
12 KB
14 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tertiary-green-line.jpg
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 08 Jun 2021 13:26:47 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/jpeg
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="tertiary-green-line.jpg"
Accept-Ranges
bytes
Content-Length
12233
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
facebook-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/
320 B
2 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/facebook-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:20 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="facebook-grey.png"
Accept-Ranges
bytes
Content-Length
320
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
twitter-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/
2 KB
4 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/twitter-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:16 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="twitter-grey.png"
Accept-Ranges
bytes
Content-Length
1821
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
linkedin-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/
402 B
2 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/linkedin-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:15 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="linkedin-grey.png"
Accept-Ranges
bytes
Content-Length
402
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
youtube-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/
389 B
2 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/youtube-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Sun, 19 Apr 2020 19:18:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="youtube-grey.png"
Accept-Ranges
bytes
Content-Length
389
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
instagram-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/
4 KB
6 KB
Image
General
Full URL
https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/instagram-grey.png
Requested by
Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Date
Thu, 07 Sep 2023 12:00:51 GMT
X-Content-Type-Options
nosniff
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Mon, 06 Mar 2023 21:49:36 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type
image/png
Cache-Control
private, max-age=604800
Permissions-Policy
microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition
inline; filename="instagram-grey.png"
Accept-Ranges
bytes
Content-Length
4458
Request-Context
appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 21:41:36 GMT
x-content-type-options
nosniff
age
397155
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15660
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:42:42 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Sep 2024 21:41:36 GMT
ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v25/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 05:31:51 GMT
x-content-type-options
nosniff
age
455340
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15700
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:51:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Sep 2024 05:31:51 GMT
ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v25/
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Sat, 02 Sep 2023 07:38:35 GMT
x-content-type-options
nosniff
age
447736
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15528
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:53:07 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Sun, 01 Sep 2024 07:38:35 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Wed, 06 Sep 2023 22:08:16 GMT
x-content-type-options
nosniff
age
49955
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15744
x-xss-protection
0
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 05 Sep 2024 22:08:16 GMT
ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
fonts.gstatic.com/s/robotocondensed/v25/
17 KB
17 KB
Font
General
Full URL
https://fonts.gstatic.com/s/robotocondensed/v25/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.hsabank.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

date
Mon, 04 Sep 2023 20:45:09 GMT
x-content-type-options
nosniff
age
227742
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
17376
x-xss-protection
0
last-modified
Tue, 19 Apr 2022 18:55:05 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 03 Sep 2024 20:45:09 GMT
1686908524672324
connect.facebook.net/signals/config/
136 KB
35 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1686908524672324?v=2.9.125&r=stable&domain=www.hsabank.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
543d2a4c8287bed7711871e4ae21965756a19e566ce7e39fa25647d6d20fdc97
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 07 Sep 2023 12:00:51 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
pragma
public
x-fb-debug
g6T1idTTJQw/KIqom8dcZcCyjmFK3zOru4YsLNnEygsDTvcfrC7S1gzbG/8iVee3pAXANfnx4+nc4YUgMV//QA==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
expires
Sat, 01 Jan 2000 00:00:00 GMT
results
api.levelaccess.net/analytics/3.0/
0
321 B
XHR
General
Full URL
https://api.levelaccess.net/analytics/3.0/results
Requested by
Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:4457:4600:7e24:9db9:e452:f837 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.hsabank.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Thu, 07 Sep 2023 12:00:55 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
0
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
collect
region1.analytics.google.com/g/
0
54 B
Ping
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3960h2&_p=1310592830&cid=1658040193.1694088051&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EEA&_s=2&sid=1694088051&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&dt=Privacy%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.hsabank.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.179 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 07 Sep 2023 12:00:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.hsabank.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| onYouTubeIframeAPIReady function| fbq function| _fbq object| _etmc object| _etmc_temp string| func_name object| args string| collect_url object| $jscomp function| $jscomp$lookupPolyfilledValue object| LevelAccess_AccessJS_AccessEngine object| LevelAccess_AccessJS_FixPackage object| LevelAccess_AccessJS_OrgDetails object| LevelAccess_AccessJS string| AccNamePrototypeNameSpace object| LevelAccess_CalcNames string| activeTabName string| currentPageId function| onClick object| breakpointChange function| isBlank function| scrollToElement function| init_nav function| init_carousels function| activateTabAndPane function| init_audience_tabs function| deactivateAudienceTabs object| SiteData function| createCountDownClock function| checkCountDownPageURL function| checkForCountdownCookie function| createCountdownCookie function| closeCookie function| List function| ResCarouselOnInit function| ResCarouselSlide function| ResCarouselResize function| ResCarouselSize function| ResCarousel function| ResCarouselLoad1 function| resCarouselAnimator function| $ function| jQuery function| Cookies object| html5 object| Modernizr object| core object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| is function| ScrollMagic object| picturefillCFG function| picturefill object| AK

5 Cookies

Domain/Path Name / Value
www.hsabank.com/ Name: ASP.NET_SessionId
Value: a011h3iuoy30cyzkubs1xko3
.hsabank.com/ Name: _gid
Value: GA1.2.864068263.1694088051
.hsabank.com/ Name: _gat_gtmtrack
Value: 1
.hsabank.com/ Name: _ga
Value: GA1.1.1658040193.1694088051
.hsabank.com/ Name: _ga_HR1XKMEB6P
Value: GS1.1.1694088051.1.0.1694088051.60.0.0

235 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3960h2&_p=1310592830&_gaz=1&cid=1658040193.1694088051&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1694088051&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&dt=Privacy%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3960h2&_p=1310592830&_gaz=1&cid=1658040193.1694088051&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1694088051&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&dt=Privacy%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=1658040193.1694088051&gtm=45je3960h2&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=1658040193.1694088051&gtm=45je3960h2&aip=1' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.hsabank.com/hsabank/About-Us/Privacy(Line 116)
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=1658040193.1694088051&gtm=45je3960h2&aip=1&z=1257843' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
security error URL: https://www.google-analytics.com/analytics.js(Line 35)
Message:
[Report Only] Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-187387-6&cid=1658040193.1694088051&jid=249773818&gjid=1188179212&_gid=864068263.1694088051&_u=YEBAAEAAAAAAACAAI~&z=210013833' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.hsabank.com/hsabank/About-Us/Privacy(Line 116)
Message:
[Report Only] Refused to load the image 'https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=1658040193.1694088051&jid=249773818&_u=YEBAAEAAAAAAACAAI~&z=1064532458' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
security error URL: https://www.hsabank.com/hsabank/About-Us/Privacy(Line 116)
Message:
[Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=1658040193.1694088051&jid=249773818&_u=YEBAAEAAAAAAACAAI~&z=1064532458' because it violates the following Content Security Policy directive: "img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com".
network error URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22Privacy%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy%22%2C%22referrer%22%3A%22%22%7D
Message:
Failed to load resource: the server responded with a status of 403 ()
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3960h2&_p=1310592830&cid=1658040193.1694088051&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EEA&_s=2&sid=1694088051&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&dt=Privacy%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216)
Message:
[Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je3960h2&_p=1310592830&cid=1658040193.1694088051&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EEA&_s=2&sid=1694088051&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2FAbout-Us%2FPrivacy&dt=Privacy%20-%20HSA%20Bank&en=scroll&epn.percent_scrolled=90&_et=13' because it violates the following Content Security Policy directive: "connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7298557.collect.igodigital.com
api.levelaccess.net
cdn.levelaccess.net
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
nova.collect.igodigital.com
region1.analytics.google.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hsabank.com
184.73.36.247
2001:4860:4802:32::178
2001:4860:4802:34::36
2600:1f18:4457:4600:7e24:9db9:e452:f837
2600:9000:21f3:ae00:1:fb61:2b80:93a1
2606:4700::6812:acf
2a00:1450:4001:802::2008
2a00:1450:4001:80e::2003
2a00:1450:4001:80e::200a
2a00:1450:4001:80f::2004
2a00:1450:4001:82a::2003
2a00:1450:400c:c07::9b
2a03:2880:f083:100:face:b00c:0:3
70.37.166.146
0bed9dd92afddf437db31238fd4ab17793869353cb8e86c46029daed9268fdc9
134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2
2a845aa2b45c30aee6a7ee893dbd8d2ada501911a470279a306267833a5bd017
2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
3ab6d5bddb52a980ebe7658cca937e1ce087c1478cbeb13715876e463b2dd7f3
3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
543d2a4c8287bed7711871e4ae21965756a19e566ce7e39fa25647d6d20fdc97
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
6b4fac99c39b9ee2693d87a2508d0c7d4b4859072966616bd1f6e18c5b2f9d36
747d5a0865fe76129cc17fe70097fd5b1db733ed3bbfa0210a8505d80c14ab5a
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e41e783ec4cfc524c1666d1d5a4c805f8e92be52b030d130acfb31105e1e04c
a12eb2a6e59466c082974c40b97729e552f34ce11641e22697a92fc20f99d009
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
b952f8a1f59b6d5e0200c9587a92f39aa613a89442c820dd5b4540ed56022f96
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
c42156cd05dba885d41cdb82f2f587281860dac9895c6897326aa5a09c64b15c
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e79c1c1a140e6afb861074c70392db54cc65a06050de2a69162ab94eb95b0516
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
ecf9b91bc7dcf04ab8641def6e787125e51c930b171fc59b7454c20f6df641dd
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693