urlscan.io logo urlscan.io
SecurityTrails logo

ebanking.axionbank.ch Open in urlscan Pro
217.26.33.93  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ebanking.axionbank.ch/
Effective URL: https://ebanking.axionbank.ch/auth/login
Submission: On August 03 via automatic, source certstream-suspicious — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 217.26.33.93, located in Switzerland and belongs to BSOURCE-AS, CH. The main domain is ebanking.axionbank.ch.
TLS certificate: Issued by Thawte EV RSA CA G2 on July 30th 2024. Valid for: 3 months.
This is the only time ebanking.axionbank.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 14 217.26.33.93 197312 (BSOURCE-AS)
1 2606:4700::68... 13335 (CLOUDFLAR...)
12 2
Apex Domain
Subdomains		 Transfer
14 axionbank.ch
ebanking.axionbank.ch
300 KB
1 myfonts.net
hello.myfonts.net — Cisco Umbrella Rank: 20581
354 B
12 2
Domain Requested by
14 ebanking.axionbank.ch 3 redirects ebanking.axionbank.ch
1 hello.myfonts.net ebanking.axionbank.ch
12 2

This site contains links to these domains. Also see Links.

Domain
axionbank.ch
www.axionbank.ch
Subject Issuer Validity Valid
ebanking.axionbank.ch
Thawte EV RSA CA G2		 2024-07-30 -
2024-11-12		 3 months crt.sh
*.myfonts.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-29 -
2024-09-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://ebanking.axionbank.ch/auth/login
Frame ID: 4BC767BA6B41219CE2A440020766C0CE
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Online

Page URL History Show full URLs

  1. https://ebanking.axionbank.ch/ HTTP 303
    https://ebanking.axionbank.ch/bscch/wb/ui/ HTTP 303
    https://ebanking.axionbank.ch/auth/check-login?Location=https%3A%2F%2Febanking%2Eaxionbank%2Ech%2Fbscch%2F... HTTP 302
    https://ebanking.axionbank.ch/auth/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

297 kB
Transfer

284 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ebanking.axionbank.ch/ HTTP 303
    https://ebanking.axionbank.ch/bscch/wb/ui/ HTTP 303
    https://ebanking.axionbank.ch/auth/check-login?Location=https%3A%2F%2Febanking%2Eaxionbank%2Ech%2Fbscch%2Fwb%2Fui%2F HTTP 302
    https://ebanking.axionbank.ch/auth/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
ebanking.axionbank.ch/auth/
Redirect Chain
  • https://ebanking.axionbank.ch/
  • https://ebanking.axionbank.ch/bscch/wb/ui/
  • https://ebanking.axionbank.ch/auth/check-login?Location=https%3A%2F%2Febanking%2Eaxionbank%2Ech%2Fbscch%2Fwb%2Fui%2F
  • https://ebanking.axionbank.ch/auth/login
7 KB
8 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
6e19a1f93ddf9de68ac942d1da8494bdea63f99f1e8fcd04bbb2017eb3bc72f1
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Cache-Control
private, max-age=0, no-store, no-cache
Connection
Keep-Alive
Content-Language
de
Content-Length
6975
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Content-Type
text/html;charset=UTF-8
Date
Sat, 03 Aug 2024 13:23:08 GMT
Expires
01/01/99 20:00:00 GMT
Keep-Alive
timeout=10, max=497
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private, max-age=0, no-store, no-cache
Connection
Keep-Alive
Content-Length
0
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Content-Type
text/plain;charset=utf-8
Date
Sat, 03 Aug 2024 13:23:07 GMT
Expires
01/01/99 20:00:00 GMT
Keep-Alive
timeout=10, max=498
Location
login
Pragma
no-cache
Server
Apache
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
afpaas-iam.css
ebanking.axionbank.ch/auth/css/ 		56 KB
58 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
fcc43aed93d181ce42457df52133d0e67db501829f5a73fbd473f1c6a72d9366
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"57724-1720207343457"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=UTF-8
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=496
Content-Length
57724
X-XSS-Protection
1; mode=block
jquery-3.5.1.min.js
ebanking.axionbank.ch/auth/js/airlock/ 		87 KB
89 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/js/airlock/jquery-3.5.1.min.js
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Tue, 17 Jan 2023 14:55:01 GMT
Server
Apache
ETag
W/"89476-1673967301000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
89476
X-XSS-Protection
1; mode=block
main.js
ebanking.axionbank.ch/auth/js/airlock/ 		870 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/js/airlock/main.js?r=dd055e33-8ebd-446c-9e81-28f65d4171a7
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
e33008091af980090e595f8749b1dac1bb49dcc7a69d68fed428ba124db3db2a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Tue, 17 Jan 2023 14:55:01 GMT
Server
Apache
ETag
W/"870-1673967301000"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
870
X-XSS-Protection
1; mode=block
userAgent.css
ebanking.axionbank.ch/auth/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/css/userAgent.css
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
6728d77933ebcec07a2dc6d2f49aa14a151f3053b8c90db6e7ab43f2f0a88f57
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"1098-1720207343458"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css;charset=UTF-8
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
1098
X-XSS-Protection
1; mode=block
userAgentCheck.js
ebanking.axionbank.ch/auth/js/ 		3 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/js/userAgentCheck.js
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
d885c782ec903bfe1534e37c09a7f6a7cecb40ec3a50caae01c6f8496526ec42
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"2819-1720207343498"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
2819
X-XSS-Protection
1; mode=block
afpaas.js
ebanking.axionbank.ch/auth/js/ 		393 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/js/afpaas.js
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
7f9cac61d797ed16e0cac5071845dd228ec05932b07c7661e3249c0cc8f1c64d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"393-1720207343498"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=500
Content-Length
393
X-XSS-Protection
1; mode=block
378fcd
hello.myfonts.net/count/ 		0
354 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hello.myfonts.net/count/378fcd
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2606:4700::6812:cfad , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://ebanking.axionbank.ch/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 03 Aug 2024 13:23:08 GMT
server
cloudflare
age
1
expect-ct
null
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
cf-ray
8ad69ed8dd2328aa-AMS
content-length
0
expires
Sun, 03 Aug 2025 13:23:08 GMT
logo-2x.svg
ebanking.axionbank.ch/auth/images/afpaas/logos/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ebanking.axionbank.ch/auth/images/afpaas/logos/logo-2x.svg
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
3711488b1b830686cfe324a5c6e9eabb6f890c20b369bf3daebd2ad04cdab337
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"9187-1720207343497"
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=499
Content-Length
9187
X-XSS-Protection
1; mode=block
fontawesome-webfont.woff2
ebanking.axionbank.ch/auth/fonts/font-awesome/ 		55 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/fonts/font-awesome/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Origin
https://ebanking.axionbank.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"56780-1720207343468"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=495
Content-Length
56780
X-XSS-Protection
1; mode=block
378FCD_0_0.woff2
ebanking.axionbank.ch/auth/fonts/futura-bt-axion/medium/ 		49 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/fonts/futura-bt-axion/medium/378FCD_0_0.woff2
Requested by
Host: ebanking.axionbank.ch
URL: https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
7cc43e8dc47fe47a7270af778beeee2347fcca4d7c2031803159b7f2f4a36319
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/css/afpaas-iam.css
Origin
https://ebanking.axionbank.ch
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"49914-1720207343472"
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=499
Content-Length
49914
X-XSS-Protection
1; mode=block
favicon.ico
ebanking.axionbank.ch/auth/images/afpaas/favicon/ 		15 KB
16 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://ebanking.axionbank.ch/auth/images/afpaas/favicon/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
217.26.33.93 , Switzerland, ASN197312 (BSOURCE-AS, CH),
Reverse DNS
Software
Apache /
Resource Hash
06ef3705db8b61b77fdb3255c26b40c389ff22876b4da63276b834d3849e378c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebanking.axionbank.ch/auth/login
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 03 Aug 2024 13:23:08 GMT
Strict-Transport-Security
max-age=31536000;includeSubDomains;preload
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Last-Modified
Fri, 05 Jul 2024 19:22:23 GMT
Server
Apache
ETag
W/"15086-1720207343496"
X-Frame-Options
SAMEORIGIN
Content-Type
image/x-icon
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=10, max=498
Content-Length
15086
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| event function| $ function| jQuery object| iam function| onInit function| displayExtPopup function| displayLogin function| detectBrowserVersion function| detectMobileVersionAllowed function| toggleLanguageMenu function| togglePasswordChange function| toggleClassOnElement

3 Cookies

Domain/Path Name / Value
ebanking.axionbank.ch/ Name: AL_SESS-S
Value: AY!9Asgo9Y183rKNO9SPtxje9WEn35rchvvr_X6KrsgnklBu_4ts2mFddj5k0ys5ejAb
ebanking.axionbank.ch/ Name: CSRFT759-S
Value: LAeIJ5s2HA46PBxPMxUEig
.myfonts.net/ Name: __cf_bm
Value: 0BVv2pUHNKEKEy.nRR_CDYTaA7NAbkifQKvUewH0hD0-1722691388-1.0.1.1-CCcaFOJQ7nzm7rvziCNVkN76Nb_GP_TekuYZ5MFceODuPS9ANdcJsDxoDmY7gGs4YcxubQjuJIYhBKEice5s2Q

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://ebanking.axionbank.ch/auth/login
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; frame-ancestors 'self' ; frame-src 'self' https://prod1s.solutions.webfg.ch/ https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://ebill-portal-xp.paynet.ch/ https://www.youtube.com/ https://www.axionbank.ch/ https://axionbank.ch/; img-src 'self' https://integra1s.solutions.webfg.ch/ https://www.e-bill.ch/ https://www.ebill.ch/ https://ebill-portal-xp.paynet.ch/ https://one.prep.viseca.ch/ data:; font-src 'self' data:; style-src 'self' 'unsafe-inline' https://hello.myfonts.net/; object-src 'self'; media-src 'self'; script-src 'unsafe-inline' 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com 'unsafe-eval'; connect-src wss: 'self' *.opentok.com *.tokbox.com wss://*.tokbox.com ws:;
Strict-Transport-Security max-age=31536000;includeSubDomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block