urlscan.io logo urlscan.io
SecurityTrails logo

benefitsplus-auth-dev.hsbc.com.hk Open in urlscan Pro
2600:9000:266e:d200:a:9a74:f000:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://benefitsplus-dev.hsbc.com.hk/
Effective URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Submission Tags: falconsandbox
Submission: On July 24 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 6 countries across 14 domains to perform 77 HTTP transactions. The main IP is 2600:9000:266e:d200:a:9a74:f000:93a1, located in United States and belongs to AMAZON-02, US. The main domain is benefitsplus-auth-dev.hsbc.com.hk.
TLS certificate: Issued by DigiCert EV RSA CA G2 on August 10th 2023. Valid for: a year.
This is the only time benefitsplus-auth-dev.hsbc.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 20 2600:9000:266... 16509 (AMAZON-02)
17 2600:9000:238... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.122.36.5 16625 (AKAMAI-AS)
3 178.249.97.23 11054 (LIVEPERSON)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
6 2a00:1450:400... 15169 (GOOGLE)
2 3.33.220.150 16509 (AMAZON-02)
2 13.113.199.76 16509 (AMAZON-02)
7 203.112.83.226 9221 (HSBC-HK-A...)
2 3.255.41.64 16509 (AMAZON-02)
2 18.176.156.32 16509 (AMAZON-02)
1 34.120.154.120 396982 (GOOGLE-CL...)
2 3.123.251.78 16509 (AMAZON-02)
77 17
20    2600:9000:266e:d200:a:9a74:f000:93a1 (United States)

ASN16509 (AMAZON-02, US)
benefitsplus-dev.hsbc.com.hk
benefitsplus-auth-dev.hsbc.com.hk
17    2600:9000:238d:7000:7:2bfb:7c00:93a1 (United States)

ASN16509 (AMAZON-02, US)
tags.tiqcdn.com
1    2a00:1450:4001:811::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    2a00:1450:4001:81c::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
1    104.122.36.5 (Düsseldorf, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-122-36-5.deploy.static.akamaitechnologies.com
akamai.tiqcdn.com
3    178.249.97.23 (United States)

ASN11054 (LIVEPERSON, US)
lptag.liveperson.net
2    2a03:2880:f084:105:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    2a00:1288:80:807::2 (United Kingdom)

ASN203220 (YAHOO-DEB, GB)
s.yimg.com
6    2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    3.33.220.150 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
match.adsrvr.org
2    13.113.199.76 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-113-199-76.ap-northeast-1.compute.amazonaws.com
collect-ap-northeast-1.tealiumiq.com
7    203.112.83.226 (Hong Kong)

ASN9221 (HSBC-HK-AS HSBC HongKong, HK)
www.issthk-dev.hsbc.com.hk
2    3.255.41.64 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-255-41-64.eu-west-1.compute.amazonaws.com
sp.analytics.yahoo.com
2    18.176.156.32 (Tokyo, Japan)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-176-156-32.ap-northeast-1.compute.amazonaws.com
visitor-service-ap-northeast-1.tealiumiq.com
1    34.120.154.120 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 120.154.120.34.bc.googleusercontent.com
lpcdn.lpsnmedia.net
2    3.123.251.78 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-251-78.eu-central-1.compute.amazonaws.com
datacloud.tealiumiq.com
Apex Domain
Subdomains		 Transfer
27 hsbc.com.hk
benefitsplus-dev.hsbc.com.hk
benefitsplus-auth-dev.hsbc.com.hk
www.hkg1vl0048.p2g.netd2.hsbc.com.hk Failed
www.issthk-dev.hsbc.com.hk
110 KB
18 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1751
akamai.tiqcdn.com — Cisco Umbrella Rank: 27980
276 KB
6 tealiumiq.com
collect-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 200879
visitor-service-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 196734
datacloud.tealiumiq.com — Cisco Umbrella Rank: 11088
41 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
420 KB
3 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 6305
132 KB
2 yahoo.com
sp.analytics.yahoo.com — Cisco Umbrella Rank: 2393
623 B
2 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 505
297 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
86 KB
1 lpsnmedia.net
accdn.lpsnmedia.net Failed
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 6365 Failed
1 yimg.com
s.yimg.com — Cisco Umbrella Rank: 1020
7 KB
1 gstatic.com
fonts.gstatic.com
48 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
2 KB
0 facebook.com Failed
www.facebook.com Failed
0 doubleclick.net Failed
cm.g.doubleclick.net Failed
77 14
Domain Requested by
17 tags.tiqcdn.com benefitsplus-auth-dev.hsbc.com.hk
tags.tiqcdn.com
16 benefitsplus-auth-dev.hsbc.com.hk 3 redirects benefitsplus-auth-dev.hsbc.com.hk
tags.tiqcdn.com
7 www.issthk-dev.hsbc.com.hk tags.tiqcdn.com
6 www.googletagmanager.com tags.tiqcdn.com
www.googletagmanager.com
4 benefitsplus-dev.hsbc.com.hk 4 redirects
3 lptag.liveperson.net tags.tiqcdn.com
2 datacloud.tealiumiq.com tags.tiqcdn.com
2 visitor-service-ap-northeast-1.tealiumiq.com tags.tiqcdn.com
2 sp.analytics.yahoo.com benefitsplus-auth-dev.hsbc.com.hk
2 collect-ap-northeast-1.tealiumiq.com tags.tiqcdn.com
2 match.adsrvr.org benefitsplus-auth-dev.hsbc.com.hk
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
1 lpcdn.lpsnmedia.net lptag.liveperson.net
1 s.yimg.com tags.tiqcdn.com
1 akamai.tiqcdn.com tags.tiqcdn.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com benefitsplus-auth-dev.hsbc.com.hk
0 accdn.lpsnmedia.net Failed lptag.liveperson.net
0 www.facebook.com Failed benefitsplus-auth-dev.hsbc.com.hk
0 cm.g.doubleclick.net Failed benefitsplus-auth-dev.hsbc.com.hk
0 www.hkg1vl0048.p2g.netd2.hsbc.com.hk Failed tags.tiqcdn.com
77 21

This site contains links to these domains. Also see Links.

Domain
benefitsplus-dev.hsbc.com.hk
Subject Issuer Validity Valid
benefitsplus-dev.hsbc.com.hk
DigiCert EV RSA CA G2		 2023-08-10 -
2024-09-09		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh
upload.video.google.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.gstatic.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.tiqcdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-11-16 -
2024-11-16		 a year crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA		 2023-11-28 -
2024-11-27		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-05-03 -
2024-08-01		 3 months crt.sh
*.api.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-07-08 -
2024-08-28		 2 months crt.sh
*.google-analytics.com
WR2		 2024-07-01 -
2024-09-23		 3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020		 2024-04-23 -
2025-05-25		 a year crt.sh
*.tealiumiq.com
Amazon RSA 2048 M02		 2024-06-21 -
2025-07-19		 a year crt.sh
www.issthk-dev.hsbc.com.hk
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-19 -
2024-10-18		 a year crt.sh
real.sp.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA		 2024-03-19 -
2024-09-11		 6 months crt.sh
*.lpsnmedia.net
Sectigo RSA Organization Validation Secure Server CA		 2023-11-15 -
2024-11-14		 a year crt.sh

This page contains 5 frames:

Primary Page: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Frame ID: 7580B30284E5E5F83E88E86507B40B9A
Requests: 76 HTTP requests in this frame

Frame: data://truncated
Frame ID: E13B183A7BB0FFB648F1E8E086B78950
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: EA4F9B13091E19ACDAC93DA493535DE2
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: E8A06062398B0C6B29E4C1FE4E550FBD
Requests: 2 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.29.1-release_1359973818/storage.secure.min.html?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Frame ID: 50E22EA683D13BB9EC13AF69E2D68210
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Welcome to HSBC Life Benefits+

Page URL History Show full URLs

  1. http://benefitsplus-dev.hsbc.com.hk/ HTTP 307
    https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
    https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_typ... HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/interaction/syG6KggpYxFXkSfdSs3n0?lang=en-HK HTTP 307
    http://benefitsplus-dev.hsbc.com.hk/ HTTP 307
    https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
    https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_typ... HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/interaction/yoiH3qzLtSYGfkwzw270j?lang=en-HK HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

77
Requests

82 %
HTTPS

44 %
IPv6

14
Domains

21
Subdomains

17
IPs

6
Countries

1093 kB
Transfer

4112 kB
Size

21
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://benefitsplus-dev.hsbc.com.hk/ HTTP 307
    https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
    https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&protocol=oauth0&connection=hsbc&audience=hsbc&state=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/interaction/syG6KggpYxFXkSfdSs3n0?lang=en-HK HTTP 307
    http://benefitsplus-dev.hsbc.com.hk/ HTTP 307
    https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
    https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&protocol=oauth0&connection=hsbc&audience=hsbc&state=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/interaction/yoiH3qzLtSYGfkwzw270j?lang=en-HK HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

77 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
benefitsplus-auth-dev.hsbc.com.hk/
Redirect Chain
  • http://benefitsplus-dev.hsbc.com.hk/
  • https://benefitsplus-dev.hsbc.com.hk/
  • https://benefitsplus-dev.hsbc.com.hk/login?path=%2F
  • https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&pro...
  • https://benefitsplus-auth-dev.hsbc.com.hk/interaction/syG6KggpYxFXkSfdSs3n0?lang=en-HK
  • http://benefitsplus-dev.hsbc.com.hk/
  • https://benefitsplus-dev.hsbc.com.hk/
  • https://benefitsplus-dev.hsbc.com.hk/login?path=%2F
  • https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&pro...
  • https://benefitsplus-auth-dev.hsbc.com.hk/interaction/yoiH3qzLtSYGfkwzw270j?lang=en-HK
  • https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
5 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
bf82ffa068e5d8f1399de9adcb9975e9eabefa54ad09eb85fa405c036161e9f2
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-methods
GET,HEAD
access-control-allow-origin
domain
access-control-max-age
86
content-encoding
gzip
content-length
1652
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type
text/html; charset=utf-8
date
Wed, 24 Jul 2024 22:37:13 GMT
etag
W/"13a5-aVCYrFPFZlwY5z90dTzx1AXvQrU"
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-apigw-id
bcFECFmZHUYErdQ=
x-amz-cf-id
iXtYE5WjlmCDmQoYioVuJp4MN6nTaGbDxFsL7DYQP259iH88k1FX0w==
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:13 GMT
x-amzn-requestid
d0324bfe-2546-4045-a759-b2ad33a27f66
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-correlation-id
68ad41952dba5ae53de79f82b2e4f71d
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-methods
GET,HEAD
access-control-allow-origin
domain
access-control-max-age
86
cache-control
no-cache, no-store
content-length
138
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type
text/html; charset=utf-8
date
Wed, 24 Jul 2024 22:37:12 GMT
location
/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
pragma
no-cache
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept, Accept-Encoding
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-apigw-id
bcFD3GS2nUYEWKA=
x-amz-cf-id
gB8_JcL3V62GKRj8Uaq-2eZWfWPjxLv7fxizLCT6DQGevj0LgT-6LA==
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-remapped-content-length
138
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:12 GMT
x-amzn-requestid
80bc72c4-ae10-4b33-b299-3eaa7d7ee0d1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-correlation-id
bb656905f5b00ad47a88889d452d0b61
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
utag.sync.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.sync.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4f2517dc0c5c30ab83108c0c5cd487a555bc4ff368bd829ccaf30b0921458264

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
x-amz-version-id
FLecS4mrC_yQWdmYo8L0ll1ENw4hDZBm
content-encoding
br
last-modified
Thu, 18 Jul 2024 13:44:02 GMT
server
AmazonS3
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
etag
W/"924b00b68afd444c85b5d7a126aa4545"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
cRoU3ef96ndK25YE67Sa25UQnEI28C2IrIiYMs-FvO-TI8v0lqIbFw==
css
fonts.googleapis.com/ 		22 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 24 Jul 2024 22:37:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 22:25:39 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 24 Jul 2024 22:37:13 GMT
main.css
benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/ 		13 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c42319ce7aea1c71d227a3f114dc79725b0362444c45901c3715d7c7511bf799
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
26bb13b886cafac9c56743f26095747b
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
2cb921ba-cb9e-4897-a4a8-02d4bca051d7
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEMGtDnUYEMtA=
content-length
3038
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"333f-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:14 GMT
x-amz-cf-id
-eBXxCtI4WAg7Y67Apb5qKYPpe7_tHOTZcnG0qXeq5_6pQG1vBVBHA==
main.js
benefitsplus-auth-dev.hsbc.com.hk/static/assets/js/ 		12 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/js/main.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
12cc0a205bcb0368d92debe912796f3b
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
80dfa3a5-706b-4fed-b069-f6c82fdafb8a
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEMGE9HUYEE_w=
content-length
2912
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"30db-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:14 GMT
x-amz-cf-id
NT4njAvC2OKUqztEk6eHE7pcQZmTGGdZoDzwau-byovYNrNW9J5x0A==
utag_data.js
benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/ 		832 B
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag_data.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
6bdf7ebc9ab82052e74cbbfffe0a22c8afed792fe2cc1d0bd64eead45f9cd565
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:14 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
832
x-correlation-id
1c12f983db987ca30fa1f5e5ad631d75
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
ac2de24d-5ea6-4c58-bf0a-7a0146875641
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEMFDUnUYEYEQ=
content-length
832
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"340-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:14 GMT
x-amz-cf-id
4RnrTpzyPNz8LkNwc5pepRpUmwcJDWhuhSwRYWydQdEQR8DWgiG_VA==
utag.js
benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/ 		774 B
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a88693b1d0e7bf5a2898c9e3d177c7c33ef2e551ef9a8bb948196d788e68e075
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:13 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
774
x-correlation-id
9ea0242688ffe39a57620b99467aea45
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
50345d91-b453-4cae-a481-e7ca0fa6f6ca
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEGHBVHUYEYbw=
content-length
774
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"306-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:13 GMT
x-amz-cf-id
vTMvO76rqm86HDa3P6X1PiqXEtZmVT5kikNXsrvH8vZzq4uD_aK1tg==
HSBC_logo_en.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		3 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/HSBC_logo_en.svg
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
b8ac7432c834caac53459d278b83e5b2
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
d2a8d2d3-a094-497d-b4c5-3f754f10c307
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEMF93HUYEFaQ=
content-length
1203
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"b3d-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:14 GMT
x-amz-cf-id
6tc8KjeClT8WTVbo0KgWiutVr09ZmvlwuVWmjgEczaU1RHkSHTNW8A==
iconnext.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		286 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/iconnext.png
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:14 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
286
x-correlation-id
acdb64cb3495d39961ad8b557338d843
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
6f9831a7-3114-42be-bede-821e15b4c5f4
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEMHzPnUYES4A=
content-length
286
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"11e-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,HEAD
content-type
image/png
access-control-allow-origin
domain
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:14 GMT
x-amz-cf-id
H6PQ7sId6u8cK6NrrQhQhqdLsJvympiZ656dcC-aJBtSUUqTylMr-Q==
en-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		4 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/en-HK.png
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
4505
x-correlation-id
b1c868fab7d7205d78ee6cd021224d89
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
e97fe194-0ae3-4900-b2be-07c4a3376d41
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEWEw7HUYEfZQ=
content-length
4505
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"1199-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,HEAD
content-type
image/png
access-control-allow-origin
domain
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:15 GMT
x-amz-cf-id
MK4kkNJ8IQMAE5ijAiTvQDG4_LKPfc7fzdkDCCD0fAjYk8a2av_B5g==
zh-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		5 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/zh-HK.png
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
4790
x-correlation-id
fa4785e13f9c38cf2d77b011432a4f3b
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
9b9e40e8-5da7-4b0d-9032-9f84936f044a
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEXHwMHUYEN0w=
content-length
4790
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"12b6-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET,HEAD
content-type
image/png
access-control-allow-origin
domain
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:15 GMT
x-amz-cf-id
tTTpA7ZKEhB5R-EdbvI_XExiy1aoECLKqgK5NAyFXikQg6_fcq8hgw==
utag.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		209 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
59c0bea5590edc1463ca82b495d4938e6b283f58cd2b5795f3740c3782741119

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
qdMT2qT0MY6YGVBCzBwnDMHsjISdLKnA
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:15 GMT
last-modified
Thu, 18 Jul 2024 13:44:01 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"400cb03c610952762cf454ad77299657"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
Gy3tPpRT2GVSJEaAGzkcAbwIVvHcVMIuvya6zlNo4LIveOu5n_9ilw==
bg.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/bg.svg
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
a6272db82576c7087657f0809b2059bd
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
e1a7e25e-06b1-4518-a6e6-747b71fbac21
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEXHV8HUYELpA=
content-length
2118
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"15e5-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:15 GMT
x-amz-cf-id
yMlrburIc4w2SgSfpC6HVovq9alnN0Z040f37MDBrxp0zX-X5UmBVw==
eye-inactive.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		1 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/eye-inactive.svg
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
9f3d8d9616bba2f2d6fdd6a3c1eee8a4
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
61165245-bc7c-4b3e-874a-91a44d63ca3d
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFEXE18HUYETHg=
content-length
663
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"54f-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:15 GMT
x-amz-cf-id
z-gFnVXoesLIpto76ozyrC7xiPZoGQUpfxffHbIxE77tio7mmV_wcQ==
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/ 		47 KB
48 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://benefitsplus-auth-dev.hsbc.com.hk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 23 Jul 2024 12:26:16 GMT
x-content-type-options
nosniff
age
123058
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 23 Jul 2025 12:26:16 GMT
location.js
akamai.tiqcdn.com/location/ 		18 B
562 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://akamai.tiqcdn.com/location/location.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.122.36.5 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-122-36-5.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Wed, 24 Jul 2024 22:37:15 GMT
Last-Modified
Mon, 30 Apr 2018 23:09:19 GMT
Server
AkamaiNetStorage
ETag
"6c98be5fda77913799e8ef24b86a7abd:1525129759"
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-EdgeScape-Location
Cache-Control
max-age=1296000
X-EdgeScape-Location
country_code=DE,region_code=BY,city=NURNBERG,areacode=0,zip=0,bandwidth=5000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18
Expires
Thu, 08 Aug 2024 22:37:15 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/ 		2 B
430 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/hk-rbwm-gsp/202407181341&cb=1721860635060
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Wed, 24 Jul 2024 22:28:56 GMT
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-P1
age
500
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
C1LoSeA-wIejIdwCn_nSOME8leI_OldtAwHDH3qSTaauMiR_jh0jzw==
utag.187.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		38 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.187.js?utv=ut4.46.202202280912
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e0cf017a80e45561464ab25be01c93a03095da6d374df35649fa2c69b0f9e970

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
Lp1zJqMZoZNjYcPHUhROwQNUPcy3ZFRo
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:53 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"5d1283f9931546b174741bc086b56a08"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
MZwy7tInmqvjHWSfiaWtwFw_0-j2nKRALS2icWi8S1zNsi5UzG2jTg==
utag.249.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.249.js?utv=ut4.46.202208100919
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1a609127ff98cddbb904018545c0bdc76535d64533cea1b14c7e6fc0a7fc12cd

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
poq4B7QFXht04U9UHlNB9P7r9PE1N8u2
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:44:00 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"6c4f53083f79368529b36c627e4c5f90"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
_TKfc5m4P-ISAIa3fqBo5EYnlJtbHHKyyPMS12_j9gL_y2vlpkjbXA==
utag.760.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.760.js?utv=ut4.46.202108091531
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a1f92cff3c1e0fd617e93e919d2065e9313fd7bdcf846b39db5b1cf2a72bc23c

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
HklCp0LsXiD8DEMZCIuEqVVrQZViAy9N
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:43 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"959ea77615dba885f00d3cf7f4b2d781"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
0cnnkL3B6XIQZvLp8Tt3KcJa_h0CvNmqYe0kJajCOcibt5KPttoY6Q==
utag.770.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		22 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.770.js?utv=ut4.46.202206291356
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d531164c8f044d4a158925a04abcfd230bc3304a8efc4f622c79cfe7904f217b

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
31NpdeBJvIJLfqdFrdfdiE1ZpQHms5Gq
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:58 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"e04f1a085ddf6cf6f86febc0b1a3cca7"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
fwdwu3dizAwpM9Kk0vgS1CSewAtiQsLf8Z-p4hacMJY_wkMXyeusdw==
utag.811.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.811.js?utv=ut4.46.202401221012
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d9dff991950c025e1c061c9fc45d44a179aeb7289342a72b92ee3d6a070999ad

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
kDZPtqZyiSDeQwEYpwkcgRxBkIPRSwTC
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:51 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"f29facc72694450280639b4b47d0a8a1"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
cmc1xZv7ffp-0Ok5c0IXt2vGj78OlcsOqZshC_9pHF2pz9Yqi57Sxg==
utag.822.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.822.js?utv=ut4.46.202112171407
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
30996332bb31b7416a7d4fc893bcf129a40e27ca6a2794f2385cbdabec04c9e1

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
4XZEeuheWSyy6dj0KZ5ldGoIawvhIpFI
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:56 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"80095625669d34da99e4986826c6f889"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
shC7sJB3nnTBdoLlXfOTrQGc434K8kZ73HcfOLBwlGzLtJDaF7GNFw==
utag.877.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d26fb5251cc339d5cba5b947d84220785abfca9f153dcfb82efd0be696755287

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
6u.ntxyBkCat6Y7J1PU3o3N2_TXCwY5a
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:45 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"c722174d5dae9619bda79643b492fb43"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
NIcVKevDXfrzlUr54OjbReTj_VpN-6SAGXSiJPmisZ2_bO-uksYOKg==
utag.884.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3436cd2678a5d770068ad97b439bc2d8572739cd7a635545c03aa78ebb596b61

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
WHXx0ymTHKsKc_n7xd2DlcFpCwz1MNFZ
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:44:00 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"dcc18943f4fc58738b8704ef81e59949"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
5hRxbXrDa1Mi2mCTZQ25x2PiaCMzs7S01ppqIjGi1EmCz8A_8sDWpg==
utag.894.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		1001 KB
121 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
06dc3be469afabaf8ee631250f2dc3109de938696e13335b3f112fa288b8d09a

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
PibUnTr2DgehYQR.zdAh47fyV.Bec50U
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:47 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"2a026e6ea59cae50848885c2fe004138"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
nCta90IqDmKAmucYqicEGpVflci_0z1CsK8YZZ-TgW4bUQrFvHa9Og==
utag.926.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8b37d9b0510f0586fb0902f6621d58e25e93701689638c65b7105367fe294832

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
xQc4oXvfubyRFn8e4JgpI_9nzPtC9z.h
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:56 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"b5e1ae33e1b7ca59d896317811adb37b"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
rzkA8gK3iVZiby3uKHoNUn4Ic65gcRXKGRjjCStkoPEbyNEi662JmQ==
utag.927.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.927.js?utv=ut4.46.202205311742
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6845bfdd8dda05a35674017d86546ec5c697520c7902268ed46702fb75ff9c0e

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
pOtWaX4hzX.gKb6iBZstoTxdPJ3pbxbT
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:44 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"e344a0a247d4db31ff47e0ca48709f6c"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
h1sZdlgAp56e6H_51EeyE_ttm37pvkpQ8H7dbnl2JLNP7hcgmoGjoQ==
utag.931.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		47 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fa836387b84a060ee9bdba61e71ef295286ec27759ccc9af6ee2181e3918500b

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
o.nOuiVkMZMeUKVC2n8RlxQKqeJ4z8jG
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:49 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"1cb4b00a58d76cc93117f688d6f0a4ac"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
sIIPXamXK32VK9E36tP8c88ooiZV3f6B1-QsNueJ0oMWPf9vYv4c6Q==
utag.994.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.994.js?utv=ut4.46.202401050524
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
be21a52ac9b6ee44fb4bb58f99348ac03bb56f174a2f5bf0aba44a519ff18fda

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
jxDaqn67eV15bsf.QVydoCBsGgUuCOMR
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:43:45 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"8a4c1081b43cdbc657d47d034f21bb8d"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
zf3sdKMZQC6UToUB_zEX5f8USiYsYPoGvGCYNbAUYDjLt8KUV0AUtA==
utag.1026.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/ 		205 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:238d:7000:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9336788e3bea8fff902414d81477ded09acfbf12dcd6002ad8ea845b4f69f954

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id
37wOrPBRGYNcOU_6qGJx7Q0xjz7KPYav
content-encoding
br
via
1.1 447163709b16a97083db09f6ac040b38.cloudfront.net (CloudFront)
date
Wed, 24 Jul 2024 22:37:16 GMT
last-modified
Thu, 18 Jul 2024 13:44:00 GMT
server
AmazonS3
x-amz-cf-pop
AMS1-P1
x-amz-server-side-encryption
AES256
etag
W/"3f441bff57d6d57ce3e8c8dcde108e57"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
JBWCn92WfOROFWqDCoj0jZTZtQ2ke3BHHN7jPB87N-_arwHa6ECPSw==
session.json
www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9600/handler9/ 		0
0
JavascriptInsert.js
www.hkg1vl0048.p2g.netd2.hsbc.com.hk/ 		0
0
tag.js
lptag.liveperson.net/tag/ 		27 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/tag/tag.js?site=19211303
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
2823fbfa7b9256867e21af1ecbfbb98583c8ef0e0b495f6f01d862ef58e3d93d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Thu, 30 May 2024 01:00:50 GMT
server
ws
etag
"6657cfc2-253d"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
9533
fbevents.js
connect.facebook.net/en_US/ 		224 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.770.js?utv=ut4.46.202206291356
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 24 Jul 2024 22:37:15 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58677
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1297, tbw=2790, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
up3HK9nNaiub7y4R5W2sRd0pQZq1p60l3AtgDnI0oXAtI8awbhbLTEb0f+vu5X7HAUNwapGGa6VWW6GzDdQ6uQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
ytc.js
s.yimg.com/wi/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::2 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
6784f9ac4ae19ed8651c632b214f40cac44abd344870ddd30ff1b93b08ba3103
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

ats-carp-promotion
1
date
Wed, 24 Jul 2024 22:31:49 GMT
x-amz-version-id
VxrPrcbofk65n9ysSCXrclM5xFIYS2A5
content-encoding
gzip
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-amz-request-id
4TV704PERXZSDADS
age
327
x-amz-server-side-encryption
AES256
content-length
6672
x-amz-id-2
tTuk/b4L5YUEKfMd1oFBR+lDU0Yug1KjRrXfpH/YHk5cAwW8DOKmYSa92bz5DowAfF3nCicfKMM=
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Fri, 15 Aug 2025 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Wed, 10 Jul 2024 13:59:59 GMT
server
ATS
etag
"b4dc8f0803272db7e9c028b882573ba1-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=3600
accept-ranges
bytes
walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:16 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
187
x-correlation-id
49e0ea894bc70561ad5f84d34c1f2188
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
4fb97c51-1f14-4cc7-a118-534e87eb259e
x-dns-prefetch-control
off
x-cache
Error from cloudfront
x-amz-apigw-id
bcFEeFlXHUYEv7Q=
content-length
187
x-xss-protection
1; mode=block
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
access-control-max-age
86
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:16 GMT
x-amz-cf-id
p-E5KffajLVbAsrHFWshhov41BYdcUraVjkcSvdmAtmzpOAlqPcIOg==
js
www.googletagmanager.com/gtag/ 		204 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-1000000
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
122bae5b4089e5aed22606a6ad064bd5091185a9823fcdcce522f1dd916f7d9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75765
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 21:17:36 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Jul 2024 22:37:15 GMT
44dc9ccf-1326-45e1-ac8e-2e4ff4926d7c
https://benefitsplus-auth-dev.hsbc.com.hk/ 		176 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://benefitsplus-auth-dev.hsbc.com.hk/44dc9ccf-1326-45e1-ac8e-2e4ff4926d7c
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
51ddb2a0b09f8c8b32c18a23096b4b28a0a6d6f876aaff3cf3fc3da63215b6ea

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length
180285
Content-Type
pixel
cm.g.doubleclick.net/ 		0
0
generic
match.adsrvr.org/track/cmf/ 		70 B
149 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tealium&ttd_tpi=1&gdpr=0
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
server
Kestrel
content-length
70
content-type
image/gif
i.gif
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/ 		43 B
781 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/i.gif
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.113.199.76 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-113-199-76.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryf9IQmabeFVS2bZ9S

Response headers

date
Wed, 24 Jul 2024 22:37:16 GMT
x-serverid
uconnect_i-0f3c68de1aefb4eba
x-tid
0190e6e4399b0022538e85bd5d0c05065005405d00b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-hk:2:datacloud
x-region
ap-northeast-1
content-length
43
pragma
no-cache
x-did
0190e6e4399b0022538e85bd5d0c05065005405d00b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://benefitsplus-auth-dev.hsbc.com.hk
x-ulver
3eceb7783fbb24d2be508d8dcf9d88586cb3cf30-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
7714a3f6-9701-489d-87d4-52c5e835e857
expires
Wed, 24 Jul 2024 22:37:16 GMT
session.json
www.issthk-dev.hsbc.com.hk/2690/js/events/v10/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/js/events/v10/session.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
35fa911646b32f90d0884af3b9d5ad7837496d85db58a565e186fbbbc3f4abc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:18 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=100
Content-Length
6745
sp.pl
sp.analytics.yahoo.com/ 		43 B
500 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000&d=Wed%2C%2024%20Jul%202024%2022%3A37%3A15%20GMT&n=-2d&b=Welcome%20to%20HSBC%20Life%20Benefits%2B&.yp=423090&f=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin%3Fuid%3DyoiH3qzLtSYGfkwzw270j%26lang%3Den-HK&enc=UTF-8&yv=1.16.0&et=custom&tagmgr=tealium
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.255.41.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-255-41-64.eu-west-1.compute.amazonaws.com
Software
ATS/9.1.10.121 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 22:37:15 GMT
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.121)
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS/9.1.10.121
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 22:37:15 GMT
291998267968113
connect.facebook.net/signals/config/ 		146 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/291998267968113?v=2.9.162&r=stable&domain=benefitsplus-auth-dev.hsbc.com.hk&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
133111f0c0bfff76389bb6c8c0a338652a016c883e5d52a3ab30928d23311452
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 24 Jul 2024 22:37:15 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=45, rtx=0, c=65, mss=1297, tbw=64221, tp=-1, tpl=-1, uplat=239, ullat=0
pragma
public
x-fb-debug
r1mSkjA2Wfr9WnIEvTdaw1vq6K5Xx2pjlutbMkh2FlJiIxrWI52tEMjoXMH8tkrttjFAF5uR9mD3A02tf5hm7A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		250 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-956500078&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
26801936497f60c252a9cc1d3d4e9ff245be798b4d15c3b996197b249b777d1d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89406
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 21:17:36 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Jul 2024 22:37:15 GMT
js
www.googletagmanager.com/gtag/ 		273 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2a2735a13b756b44a0492c5fa7ee72d05e3d2df85584dcbb0a49acb92bd0b52c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94577
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 21:17:36 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Jul 2024 22:37:15 GMT
js
www.googletagmanager.com/gtag/ 		237 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10951076746&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0c842d112a59a79f8f1d72872f0b356dd5f047523a7504d5ce5f4b82c2dd1b86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
86261
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 21:17:36 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Jul 2024 22:37:15 GMT
js
www.googletagmanager.com/gtag/ 		226 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-793957276&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
88322514486e9adf11fc38b75adbcd2bc0b5eddb4d67b774bbf4c37b5eb6e92a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83210
x-xss-protection
0
last-modified
Wed, 24 Jul 2024 21:17:36 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 24 Jul 2024 22:37:15 GMT
/
www.facebook.com/tr/ 		0
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		0
0
truncated
/ Frame E13B 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E13B 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame EA4F 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame EA4F 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E8A0 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame E8A0 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
0190e6e4399b0022538e85bd5d0c05065005405d00b08
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/ 		19 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/0190e6e4399b0022538e85bd5d0c05065005405d00b08?callback=utag.ut%5B%22writevawpb-stream-hk%22%5D&rnd=1721860636800
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.176.156.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-176-156-32.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
f4e32c9c7383cf5643e6aeef875905b3e3a518fb92baaf1faac1fe76dd7005a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-version
dae9644db1054a022b4a820c208e271256b90b0b-SNAPSHOT
date
Wed, 24 Jul 2024 22:37:17 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
ap-northeast-1
content-length
19195
x-nodeid
i-0074fe9c62436774d
content-type
application/javascript; charset=utf-8
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		106 B
820 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
79c99e3b8ed60172aa3a5ce9b4f653125b6b8ed57f586c363cf23bca6996631e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:18 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=99
Content-Length
106
js
www.googletagmanager.com/gtag/ 		204 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-1000000
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
122bae5b4089e5aed22606a6ad064bd5091185a9823fcdcce522f1dd916f7d9e
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:15 GMT
content-encoding
br
last-modified
Wed, 24 Jul 2024 21:17:36 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
75765
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 24 Jul 2024 22:37:15 GMT
i.gif
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/ 		43 B
780 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/i.gif
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.113.199.76 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-113-199-76.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryY7lRjC7ArvABQhxd

Response headers

date
Wed, 24 Jul 2024 22:37:19 GMT
x-serverid
uconnect_i-048cd580b8e230e04
x-tid
0190e6e4399b0022538e85bd5d0c05065005405d00b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-hk:2:datacloud
x-region
ap-northeast-1
content-length
43
pragma
no-cache
x-did
0190e6e4399b0022538e85bd5d0c05065005405d00b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://benefitsplus-auth-dev.hsbc.com.hk
x-ulver
3eceb7783fbb24d2be508d8dcf9d88586cb3cf30-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
e47bb6ed-277f-4f04-8c1d-3c9ea07f1361
expires
Wed, 24 Jul 2024 22:37:19 GMT
sp.pl
sp.analytics.yahoo.com/ 		43 B
123 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000&b=Welcome%20to%20HSBC%20Life%20Benefits%2B&.yp=423090&f=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin%3Fuid%3DyoiH3qzLtSYGfkwzw270j%26lang%3Den-HK&enc=UTF-8&yv=1.16.0&et=custom&tagmgr=tealium%2Cgtm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.255.41.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-255-41-64.eu-west-1.compute.amazonaws.com
Software
ATS/9.1.10.121 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 22:37:18 GMT
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.121)
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS/9.1.10.121
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
43
expires
Wed, 24 Jul 2024 22:37:18 GMT
/
www.facebook.com/tr/ 		0
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		0
0
generic
match.adsrvr.org/track/cmf/ 		70 B
148 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tealium&ttd_tpi=1&gdpr=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:18 GMT
server
Kestrel
content-length
70
content-type
image/gif
.jsonp
lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/ 		336 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
495a334855a6d7ad4ba1f4dd1a4008fce7f35c2fd9278dd2df97fc5076c3b05a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:18 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript;charset=UTF-8
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
hsbc-favicon.ico
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/ 		1 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/hsbc-favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:d200:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ea0664a949fba1e56da947f65ca0833ce4296e116c6f2f6d3d518f54e2bb7391
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
e6c35792845e6c20c550e3ba15de7ba9
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
f9b68de7-4fff-4376-8e7a-5b26ab1a1bf5
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
bcFE9HxUHUYEN0w=
content-length
216
x-xss-protection
1; mode=block
last-modified
Fri, 14 Jun 2024 09:38:46 GMT
server
CloudFront
etag
W/"47e-190161d2070"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/x-icon
access-control-allow-origin
domain
access-control-allow-methods
GET,HEAD
cache-control
public, max-age=0
access-control-max-age
86
accept-ranges
bytes
x-amzn-remapped-date
Wed, 24 Jul 2024 22:37:19 GMT
x-amz-cf-id
59247Oq97IXr5F77VJEtzCBY1IspXcH7RWppaxpTk-qGMfCixzZ2Uw==
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		107 B
821 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
cc738e9463e0f81e0517caf8218b987e2ffb1cabf2670535707735dda7b09b21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:18 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=98
Content-Length
107
/
accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/ 		0
0
ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.38.0-release_1323031802/ 		0
0
surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.38.0-release_1323031802/ 		0
0
zones
accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/ 		0
0
0190e6e4399b0022538e85bd5d0c05065005405d00b08
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/ 		19 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/0190e6e4399b0022538e85bd5d0c05065005405d00b08?callback=utag.ut%5B%22writevawpb-stream-hk%22%5D&rnd=1721860639198
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.176.156.32 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-176-156-32.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
f4e32c9c7383cf5643e6aeef875905b3e3a518fb92baaf1faac1fe76dd7005a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-version
dae9644db1054a022b4a820c208e271256b90b0b-SNAPSHOT
date
Wed, 24 Jul 2024 22:37:19 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
ap-northeast-1
content-length
19195
x-nodeid
i-0074fe9c62436774d
content-type
application/javascript; charset=utf-8
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		107 B
821 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
80f1d361316314b43af86e3f50f54b7f47be88942a66dbbdd5f4881589319057
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:19 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=97
Content-Length
107
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		107 B
821 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
51ddcd08ccd43b9d939ab9362488a0708409799d6b009a5c612970cd02ef17a4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:19 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=96
Content-Length
107
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.29.1-release_1359973818/ 		0
0
storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.29.1-release_1359973818/ Frame 50E2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.29.1-release_1359973818/storage.secure.min.html?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
age
3037
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
15804
content-type
text/html
date
Wed, 24 Jul 2024 21:46:43 GMT
last-modified
Thu, 04 Jul 2024 02:01:10 GMT
server
UploadServer
strict-transport-security
max-age=31536000; includeSubDomains
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-goog-generation
1720058470269800
x-goog-hash
crc32c=9CqGyA== md5=d3MvhTMm4JFgHuCipZ3KEg==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
48277
x-guploader-uploadid
AHxI1nP0rfuQQzNFxnZQpvomsb-BzouTI8mL2n4p1zrwJqQv4EYj8L2hu8m1OZr5W4llc21ebaA
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		108 B
822 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
bffb9b79885b6738820ef78b11fee9f55fa1fbc73709df1ed5928a8e6512a4cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:20 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=95
Content-Length
108
i.js
datacloud.tealiumiq.com/tealium_ttd/main/16/ 		39 B
662 B 		Script
General
Check archive.org
Download Go to
Full URL
https://datacloud.tealiumiq.com/tealium_ttd/main/16/i.js?jsonp=utag.ut.tealium_pass_ttdid
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.251.78 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-251-78.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 22:37:20 GMT
x-serverid
uconnect_i-0cdf718dcc9a5ab94
x-tid
0cff0b659cd14262921cb74686c601a0
vary
Origin
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
tealium_ttd:main:16:datacloud
x-ulver
d61c30858d412411ad6c31b36ef9f7d1fe096b08-SNAPSHOT
content-type
application/javascript
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
x-region
eu-central-1
content-length
39
x-uuid
0cff0b65-9cd1-4262-921c-b74686c601a0
expires
Wed, 24 Jul 2024 22:37:20 GMT
.jsonp
lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/ 		15 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&ct=lpSecureStorage%2Clp_sdes%2Ccobrowse%2Cscraper%2ClpActivityMonitor%2CrendererStub%2Clp_version_detector%2Clp_monitoringSDK%2ClpTransporter%2ClpUnifiedWindow%2CSMT%2Chooks%2Clp_SMT%2Cauthenticator%2CcleanCCPatterns%2Clp_global_utils%2CunAuthMessaging%2CjsLoader&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
2561c2c2ce321e308e2c3a84ff4e8b1c7a59e961f794408161a303a023912e05
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Wed, 24 Jul 2024 22:37:21 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript;charset=UTF-8
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		50 B
629 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Wed, 24 Jul 2024 22:37:22 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=94
Content-Length
50
i.js
datacloud.tealiumiq.com/tealium_ttd/main/16/ 		39 B
663 B 		Script
General
Check archive.org
Download Go to
Full URL
https://datacloud.tealiumiq.com/tealium_ttd/main/16/i.js?jsonp=utag.ut.tealium_pass_ttdid
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.123.251.78 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-123-251-78.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9

Request headers

Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 24 Jul 2024 22:37:23 GMT
x-serverid
uconnect_i-0fb82a9301a64ac7d
x-tid
0cff0b659cd14262921cb74686c601a0
vary
Origin
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
tealium_ttd:main:16:datacloud
x-ulver
3eceb7783fbb24d2be508d8dcf9d88586cb3cf30-SNAPSHOT
content-type
application/javascript
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
x-region
eu-central-1
content-length
39
x-uuid
f44714ab-d8a8-4fb3-b0db-3b3de6e90333
expires
Wed, 24 Jul 2024 22:37:23 GMT
jsEvent.json
www.issthk-dev.hsbc.com.hk/2690/9007199256166629/js/events/v10/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
URL
https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9600/handler9/session.json
Domain
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
URL
https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/JavascriptInsert.js
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=0190e6e4399b0022538e85bd5d0c05065005405d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-hk
Domain
www.facebook.com
URL
https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860636045&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=GET
Domain
www.facebook.com
URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860636045&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=FGET
Domain
www.facebook.com
URL
https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860638580&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=GET
Domain
www.facebook.com
URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860638580&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=FGET
Domain
accdn.lpsnmedia.net
URL
https://accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/?cb=accountSettingsCB
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.38.0-release_1323031802/ui-framework.js?version=10.38.0-release_1323031802
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.38.0-release_1323031802/surveylogicinstance.min.js?version=10.38.0-release_1323031802
Domain
accdn.lpsnmedia.net
URL
https://accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.29.1-release_1359973818/storage.secure.min.js?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&env=prod&accdn=accdn.lpsnmedia.net
Domain
www.issthk-dev.hsbc.com.hk
URL
https://www.issthk-dev.hsbc.com.hk:31000/2690/9007199256166629/js/events/v10/jsEvent.json

Verdicts & Comments Add Verdict or Comment

187 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| TMS function| dcsEncode function| dcsEscape object| HSBC object| DCSext function| dcsGetHSBCCookie function| dcsVar function| dcsMultiTrack function| dcsMapHSBC function| dcsMeta function| dcsFunc function| dcsTag object| Webtrends function| doLogin function| isInvalidEmail function| login function| onFocusIn function| onFocusOut function| showLanguages function| chooseLanguage function| showOrHidePassword function| displayError function| getUrlParameter function| isValidLanguageCode function| getLocale function| getPageLanguage function| getPageName function| getPageUrl function| trackLoginView function| trackLoginAction function| getTarget function| removeTouchRipple object| utag_data object| tms string| userAgent string| platform object| macosPlatforms object| iosPlatforms object| Evnt object| jwt object| params object| elem string| targetElementsSelector object| targetElements object| utag object| utag_cfg_ovrd string| mn object| pixel_lib object| utag_extn object| __MCMMsgs object| MCM function| requestCobrowse function| verifyCobrowse function| enterServiceNumber function| PixelSearchService string| HSBCHKUATPageID string| HSBCHKUATcompatVersion string| HSBCHKUATpacketVersion string| HSBCHKUATuseCorsForInitialRequest string| HSBCHKUATuseJsonFormatForInitialCorsRequest string| HSBCHKUATTCP string| HSBCHKUATSSL function| HSBCHKUATgPr object| HSBCHKUATpendingManualEvents object| HSBCHKUATqueuedYoutubeReferences function| HSBCHKUATevent function| HSBCHKUATclick function| HSBCHKUATtextchange function| HSBCHKUATformsubmit function| HSBCHKUATSendJsonData function| HSBCHKUATtrackYouTubeIframePlayer function| HSBCHKUATinitialExecutionCanProceed function| HSBCHKUATblockExecutionForInsertAlreadyPresent function| HSBCHKUATSL function| HSBCHKUATsendScriptRequests function| HSBCHKUATcookieAllowsScriptToProceed function| HSBCHKUATSC function| HSBCHKUATfindCookieVal function| HSBCHKUATdeleteLegacyCookies function| HSBCHKUATdoDeleteCookie boolean| HSBCHKUATLF function| HSBCHKUATclearStoppedState function| HSBCHKUATstop function| HSBCHKUATgenerateUUID object| HSBCHKUATcookieList function| HSBCHKUATgC function| HSBCHKUATae function| HSBCHKUATclient_event function| HSBCHKUATGP function| HSBCHKUATGPWID function| HSBCHKUATLC string| HSBCHKUATTWID function| HSBCHKUAToptOut function| HSBCHKUAToptIn function| HSBCHKUATanonymous function| HSBCHKUATresetCSA function| HSBCHKUATdoReInit function| HSBCHKUATtmoPoll boolean| HSBCHKUATjsInsertAlreadyLoaded function| HSBCHKUATgetSD string| HSBCHKUATwindowID number| HSBCHKUATTm object| HSBCHKUATsImgArr object| HSBCHKUATRTEHandler boolean| pushIdentities function| tealium_liveperson_lib object| lpTag object| h function| fbq function| _fbq object| dotq object| _walkmeConfig boolean| impressiontrackingrunning object| dataLayer object| cdApi boolean| clkev object| e number| f string| items string| storageData object| CelebrusCopyCookies object| CelebrusDataPrivacy string| HSBCHKDEV9useCors string| HSBCHKDEV9useSecureCookies function| HSBCHKDEV9onContentReady function| HSBCHKDEV9gHW object| HSBCHKDEV9RTEHandler object| HSBCHKDEV9VisibilityManager object| HSBCHKDEV9Logger function| HSBCHKDEV9optIn function| HSBCHKDEV9optOut function| HSBCHKDEV9anonymous function| HSBCHKDEV9doReInit function| HSBCHKDEV9stop function| HSBCHKDEV9clearStoppedState function| HSBCHKDEV9executeJsonResponse function| HSBCHKDEV9executeReInitNow function| HSBCHKDEV9start function| HSBCHKDEV9eQI function| HSBCHKDEV9findCookieVal function| HSBCHKDEV9addCookie function| HSBCHKDEV9contentResponse function| HSBCHKDEV9event function| HSBCHKDEV9click function| HSBCHKDEV9select function| HSBCHKDEV9textchange function| HSBCHKDEV9formsubmit function| HSBCHKDEV9SendJsonData function| HSBCHKDEV9onInitialSessionInformationResponse function| HSBCHKDEV9onInPageSessionInformationResponse function| HSBCHKDEV9trackYouTubeIframePlayer function| HSBCHKDEV9stopTrackingYouTubeIframePlayer function| HSBCHKDEV9getSessionNumber function| HSBCHKDEV9getSessionKey function| HSBCHKDEV9getRealTimeId function| HSBCHKDEV9getLoadBalancerId function| HSBCHKDEV9setHttpRequestHeader function| HSBCHKDEV9queueUserEvent function| HSBCHKDEV9getOptOutStatus object| HSBCHKDEV9CelebrusApi object| HSBCHKDEV9Instance function| HSBCHKDEV9CelebrusVersion function| HSBCHKDEV9SystemUuid function| HSBCHKDEV9Go string| HSBCHKDEV9PageID string| HSBCHKDEV9windowID object| YAHOO object| google_tag_manager object| google_tag_data string| cc string| HSBCHKDEV9wid string| HSBCHKDEV9contentKey string| HSBCHKDEV9sn string| HSBCHKDEV9cfg function| HSBCHKDEV9cOP object| HSBCHKDEV9sACW number| HSBCHKDEV9periodicImageCheckTimeout number| HSBCHKDEV9periodicFormCheckTimeout number| HSBCHKDEV9checkVariableCaptureTimeout function| _typeof function| _extends function| accountSettingsCB object| lpTaglogListeners object| proxyless function| lpZonesStaticCB object| lpMTagConfig

21 Cookies

Domain/Path Name / Value
.benefitsplus-auth-dev.hsbc.com.hk/interaction/syG6KggpYxFXkSfdSs3n0 Name: _interaction
Value: syG6KggpYxFXkSfdSs3n0
.benefitsplus-auth-dev.hsbc.com.hk/interaction/syG6KggpYxFXkSfdSs3n0 Name: _interaction.sig
Value: 3EyoET7NEHKftnJ_D06JH2Vf3Nw
.benefitsplus-auth-dev.hsbc.com.hk/interaction/yoiH3qzLtSYGfkwzw270j Name: _interaction
Value: yoiH3qzLtSYGfkwzw270j
.benefitsplus-auth-dev.hsbc.com.hk/interaction/yoiH3qzLtSYGfkwzw270j Name: _interaction.sig
Value: CrBOpkoIQCDC5AIsG143gBnyjCM
benefitsplus-auth-dev.hsbc.com.hk/authorize/syG6KggpYxFXkSfdSs3n0 Name: _interaction_resume
Value: syG6KggpYxFXkSfdSs3n0
benefitsplus-auth-dev.hsbc.com.hk/authorize/syG6KggpYxFXkSfdSs3n0 Name: _interaction_resume.sig
Value: Uz5bjTds_nUC6hfQK9SvzEQxGW0
benefitsplus-auth-dev.hsbc.com.hk/authorize/yoiH3qzLtSYGfkwzw270j Name: _interaction_resume
Value: yoiH3qzLtSYGfkwzw270j
benefitsplus-auth-dev.hsbc.com.hk/authorize/yoiH3qzLtSYGfkwzw270j Name: _interaction_resume.sig
Value: Zze7Waj6brhlIiS31gD02jeOvks
benefitsplus-dev.hsbc.com.hk/ Name: state
Value: %252F
.hsbc.com.hk/ Name: usy46gabsosd
Value: HSBCHKUAT_17218606354970.7820d739839ce651f6fa040e1ce5a05f_9600
.hsbc.com.hk/ Name: bmuid
Value: 1721860635581-C8404F33-3100-4342-8B1B-6E59EF46429F
.hsbc.com.hk/ Name: _gcl_au
Value: 1.1.317847099.1721860636
.hsbc.com.hk/ Name: _fbp
Value: fb.2.1721860636043.452421580323201267
.hsbc.com.hk/ Name: cdSNum
Value: 1721860636024-sjn0000456-7343e283-26fa-46aa-9edd-d49fd429e64f
www.issthk-dev.hsbc.com.hk/ Name: HSBCHKDEV9cdPersisted
Value: _961f5278998041528c9d04491f244996bdedcfc7276f405d8a3bacfd61ca3391_14eb09ce2fa943b09f45bbf0c637b3f2
.hsbc.com.hk/ Name: HSBCHKDEV9session
Value: 9007199255321623_1721860635620_1721860638151_2690_075848bdb7624c84be32ba69919f023b
.hsbc.com.hk/ Name: HSBCHKDEV9persisted
Value: _961f5278998041528c9d04491f244996bdedcfc7276f405d8a3bacfd61ca3391_14eb09ce2fa943b09f45bbf0c637b3f2_1721860638151_9007199255321623_1721860638151_1
.hsbc.com.hk/ Name: utag_main
Value: v_id:0190e6e4399b0022538e85bd5d0c05065005405d00b08$_sn:1$_se:2$_ss:0$_st:1721862438558$ses_id:1721860635036%3Bexp-session$_pn:1%3Bexp-session$dcsyncran:1%3Bexp-session$dc_group:35$dc_visit:1$dc_event:2%3Bexp-session$dc_region:ap-northeast-1%3Bexp-session$_prevpage:ib%3Ainsurance%3Abenefit%20plus%3Alogin%3Bexp-session
.hsbc.com.hk/ Name: cdContextId
Value: 3
www.issthk-dev.hsbc.com.hk/ Name: HSBCHKDEV9cdSession
Value: 9007199255321623_1721860639940_1721860638151_2690_075848bdb7624c84be32ba69919f023b
.tealiumiq.com/ Name: TAPID
Value: tealium_ttd/main>0cff0b659cd14262921cb74686c601a0|hsbc/wpb-stream-hk>0190e6e4399b0022538e85bd5d0c05065005405d00b08|

24 Console Messages

Source Level URL
Text
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Refused to load the image 'https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=0190e6e4399b0022538e85bd5d0c05065005405d00b08&tealium_account=hsbc&tealium_profile=wpb-stream-hk' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 142)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be47o0v891155749za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&userId=0190e6e4399b0022538e85bd5d0c05065005405d00b08&npa=1&frm=0&pscdl=noapi&auid=317847099.1721860636&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 142)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be47o0v891155749za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&userId=0190e6e4399b0022538e85bd5d0c05065005405d00b08&npa=1&frm=0&pscdl=noapi&auid=317847099.1721860636&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860636045&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=GET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860636045&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=FGET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://tags.tiqcdn.com/
Message:
Refused to frame 'https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://tags.tiqcdn.com/
Message:
Refused to frame 'https://1.b406929acabac9b095f124c81bdfcf57f.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://tags.tiqcdn.com/
Message:
Refused to frame 'https://1.c81358859121583b7adf2ace89cb39f44.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security warning URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com') does not match the recipient window's origin ('null').
security warning URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.b406929acabac9b095f124c81bdfcf57f.com') does not match the recipient window's origin ('null').
security warning URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.c81358859121583b7adf2ace89cb39f44.com') does not match the recipient window's origin ('null').
network error URL: https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Refused to execute script from 'https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
javascript error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Access to XMLHttpRequest at 'https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9600/handler9/session.json' from origin 'https://benefitsplus-auth-dev.hsbc.com.hk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/9600/handler9/session.json
Message:
Failed to load resource: net::ERR_FAILED
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860638580&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=GET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=yoiH3qzLtSYGfkwzw270j&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1721860638580&sw=1600&sh=1200&ud[external_id]=131da906e0486c7a70f27241665bab42dff4ac599481b3973998c2fbaf519cba&v=2.9.162&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1721860636043.452421580323201267&cs_est=true&pm=1&hrl=489172&ler=empty&cdl=API_unavailable&it=1721860635736&coo=false&eid=883f4dc0541ad31b8b7ff9b52a04053d&tm=1&cs_cc=1&cas=7622605321154699%2C3352707101488138%2C5588178577890481%2C1633273413466937&rqm=FGET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 142)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be47o0v891155749za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&userId=0190e6e4399b0022538e85bd5d0c05065005405d00b08&npa=1&frm=0&pscdl=noapi&auid=317847099.1721860636&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 142)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be47o0v891155749za200&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&userId=0190e6e4399b0022538e85bd5d0c05065005405d00b08&npa=1&frm=0&pscdl=noapi&auid=317847099.1721860636&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1
Message:
Refused to load the script 'https://accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/?cb=accountSettingsCB' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1(Line 5)
Message:
Refused to load the script 'https://lpcdn.lpsnmedia.net/le_unified_window/10.38.0-release_1323031802/ui-framework.js?version=10.38.0-release_1323031802' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1(Line 5)
Message:
Refused to load the script 'https://lpcdn.lpsnmedia.net/le_unified_window/10.38.0-release_1323031802/surveylogicinstance.min.js?version=10.38.0-release_1323031802' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1
Message:
Refused to load the script 'https://accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_yoiH3qzLtSYGfkwzw270j&b=1
Message:
Refused to load the script 'https://lpcdn.lpsnmedia.net/le_secure_storage/3.29.1-release_1359973818/storage.secure.min.js?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&env=prod&accdn=accdn.lpsnmedia.net' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
akamai.tiqcdn.com
benefitsplus-auth-dev.hsbc.com.hk
benefitsplus-dev.hsbc.com.hk
cm.g.doubleclick.net
collect-ap-northeast-1.tealiumiq.com
connect.facebook.net
datacloud.tealiumiq.com
fonts.googleapis.com
fonts.gstatic.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
match.adsrvr.org
s.yimg.com
sp.analytics.yahoo.com
tags.tiqcdn.com
visitor-service-ap-northeast-1.tealiumiq.com
www.facebook.com
www.googletagmanager.com
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
www.issthk-dev.hsbc.com.hk
accdn.lpsnmedia.net
cm.g.doubleclick.net
lpcdn.lpsnmedia.net
www.facebook.com
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
www.issthk-dev.hsbc.com.hk
104.122.36.5
13.113.199.76
178.249.97.23
18.176.156.32
203.112.83.226
2600:9000:238d:7000:7:2bfb:7c00:93a1
2600:9000:266e:d200:a:9a74:f000:93a1
2a00:1288:80:807::2
2a00:1450:4001:811::200a
2a00:1450:4001:81c::2003
2a00:1450:4001:831::2008
2a03:2880:f084:105:face:b00c:0:3
3.123.251.78
3.255.41.64
3.33.220.150
34.120.154.120
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
06dc3be469afabaf8ee631250f2dc3109de938696e13335b3f112fa288b8d09a
08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9
0c842d112a59a79f8f1d72872f0b356dd5f047523a7504d5ce5f4b82c2dd1b86
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
122bae5b4089e5aed22606a6ad064bd5091185a9823fcdcce522f1dd916f7d9e
133111f0c0bfff76389bb6c8c0a338652a016c883e5d52a3ab30928d23311452
1a609127ff98cddbb904018545c0bdc76535d64533cea1b14c7e6fc0a7fc12cd
2561c2c2ce321e308e2c3a84ff4e8b1c7a59e961f794408161a303a023912e05
26801936497f60c252a9cc1d3d4e9ff245be798b4d15c3b996197b249b777d1d
2823fbfa7b9256867e21af1ecbfbb98583c8ef0e0b495f6f01d862ef58e3d93d
2a2735a13b756b44a0492c5fa7ee72d05e3d2df85584dcbb0a49acb92bd0b52c
30996332bb31b7416a7d4fc893bcf129a40e27ca6a2794f2385cbdabec04c9e1
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
3436cd2678a5d770068ad97b439bc2d8572739cd7a635545c03aa78ebb596b61
35fa911646b32f90d0884af3b9d5ad7837496d85db58a565e186fbbbc3f4abc0
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
495a334855a6d7ad4ba1f4dd1a4008fce7f35c2fd9278dd2df97fc5076c3b05a
4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1
4f2517dc0c5c30ab83108c0c5cd487a555bc4ff368bd829ccaf30b0921458264
51ddb2a0b09f8c8b32c18a23096b4b28a0a6d6f876aaff3cf3fc3da63215b6ea
51ddcd08ccd43b9d939ab9362488a0708409799d6b009a5c612970cd02ef17a4
59c0bea5590edc1463ca82b495d4938e6b283f58cd2b5795f3740c3782741119
6784f9ac4ae19ed8651c632b214f40cac44abd344870ddd30ff1b93b08ba3103
6845bfdd8dda05a35674017d86546ec5c697520c7902268ed46702fb75ff9c0e
6bdf7ebc9ab82052e74cbbfffe0a22c8afed792fe2cc1d0bd64eead45f9cd565
79c99e3b8ed60172aa3a5ce9b4f653125b6b8ed57f586c363cf23bca6996631e
80f1d361316314b43af86e3f50f54b7f47be88942a66dbbdd5f4881589319057
88322514486e9adf11fc38b75adbcd2bc0b5eddb4d67b774bbf4c37b5eb6e92a
8b37d9b0510f0586fb0902f6621d58e25e93701689638c65b7105367fe294832
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9336788e3bea8fff902414d81477ded09acfbf12dcd6002ad8ea845b4f69f954
9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1f92cff3c1e0fd617e93e919d2065e9313fd7bdcf846b39db5b1cf2a72bc23c
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553
a88693b1d0e7bf5a2898c9e3d177c7c33ef2e551ef9a8bb948196d788e68e075
be21a52ac9b6ee44fb4bb58f99348ac03bb56f174a2f5bf0aba44a519ff18fda
be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4
bf82ffa068e5d8f1399de9adcb9975e9eabefa54ad09eb85fa405c036161e9f2
bffb9b79885b6738820ef78b11fee9f55fa1fbc73709df1ed5928a8e6512a4cf
c42319ce7aea1c71d227a3f114dc79725b0362444c45901c3715d7c7511bf799
cc738e9463e0f81e0517caf8218b987e2ffb1cabf2670535707735dda7b09b21
d26fb5251cc339d5cba5b947d84220785abfca9f153dcfb82efd0be696755287
d531164c8f044d4a158925a04abcfd230bc3304a8efc4f622c79cfe7904f217b
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
d9dff991950c025e1c061c9fc45d44a179aeb7289342a72b92ee3d6a070999ad
dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9
e0cf017a80e45561464ab25be01c93a03095da6d374df35649fa2c69b0f9e970
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
ea0664a949fba1e56da947f65ca0833ce4296e116c6f2f6d3d518f54e2bb7391
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
f4e32c9c7383cf5643e6aeef875905b3e3a518fb92baaf1faac1fe76dd7005a1
f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9
f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4
fa836387b84a060ee9bdba61e71ef295286ec27759ccc9af6ee2181e3918500b