benefitsplus-auth-dev.hsbc.com.hk Open in urlscan Pro
2600:9000:266e:5000:a:9a74:f000:93a1  Public Scan

Submitted URL: https://benefitsplus-dev.hsbc.com.hk/
Effective URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Submission Tags: @phishunt_io
Submission: On June 06 via api from DE — Scanned from DE

Summary

This website contacted 17 IPs in 7 countries across 14 domains to perform 73 HTTP transactions. The main IP is 2600:9000:266e:5000:a:9a74:f000:93a1, located in United States and belongs to AMAZON-02, US. The main domain is benefitsplus-auth-dev.hsbc.com.hk.
TLS certificate: Issued by DigiCert EV RSA CA G2 on August 10th 2023. Valid for: a year.
This is the only time benefitsplus-auth-dev.hsbc.com.hk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 17 2600:9000:266... 16509 (AMAZON-02)
17 2600:9000:235... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 104.68.88.82 16625 (AKAMAI-AS)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
3 178.249.97.23 11054 (LIVEPERSON)
5 2a00:1450:400... 15169 (GOOGLE)
1 3.33.220.150 16509 (AMAZON-02)
2 3.255.41.64 16509 (AMAZON-02)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 35.72.229.64 16509 (AMAZON-02)
7 203.112.83.226 9221 (HSBC-HK-A...)
2 54.168.215.28 16509 (AMAZON-02)
1 34.120.154.120 396982 (GOOGLE-CL...)
1 18.194.74.133 16509 (AMAZON-02)
73 17
Apex Domain
Subdomains
Transfer
24 hsbc.com.hk
benefitsplus-dev.hsbc.com.hk
benefitsplus-auth-dev.hsbc.com.hk
www.hkg1vl0048.p2g.netd2.hsbc.com.hk Failed
www.issthk-dev.hsbc.com.hk
95 KB
18 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1326
akamai.tiqcdn.com — Cisco Umbrella Rank: 13270
280 KB
5 tealiumiq.com
collect-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 159999
visitor-service-ap-northeast-1.tealiumiq.com — Cisco Umbrella Rank: 161249
datacloud.tealiumiq.com — Cisco Umbrella Rank: 7735
23 KB
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 78
417 KB
3 liveperson.net
lptag.liveperson.net — Cisco Umbrella Rank: 4101
132 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 205
90 KB
2 yahoo.com
sp.analytics.yahoo.com — Cisco Umbrella Rank: 1683
623 B
1 lpsnmedia.net
accdn.lpsnmedia.net Failed
lpcdn.lpsnmedia.net — Cisco Umbrella Rank: 4138 Failed
1 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 409
149 B
1 yimg.com
s.yimg.com — Cisco Umbrella Rank: 693
7 KB
1 gstatic.com
fonts.gstatic.com
48 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 70
2 KB
0 facebook.com Failed
www.facebook.com Failed
0 doubleclick.net Failed
cm.g.doubleclick.net Failed
73 14
Domain Requested by
17 tags.tiqcdn.com benefitsplus-auth-dev.hsbc.com.hk
tags.tiqcdn.com
15 benefitsplus-auth-dev.hsbc.com.hk 2 redirects benefitsplus-auth-dev.hsbc.com.hk
tags.tiqcdn.com
7 www.issthk-dev.hsbc.com.hk tags.tiqcdn.com
5 www.googletagmanager.com tags.tiqcdn.com
www.googletagmanager.com
3 lptag.liveperson.net tags.tiqcdn.com
2 visitor-service-ap-northeast-1.tealiumiq.com tags.tiqcdn.com
2 collect-ap-northeast-1.tealiumiq.com tags.tiqcdn.com
2 connect.facebook.net tags.tiqcdn.com
connect.facebook.net
2 sp.analytics.yahoo.com benefitsplus-auth-dev.hsbc.com.hk
2 benefitsplus-dev.hsbc.com.hk 2 redirects
1 datacloud.tealiumiq.com tags.tiqcdn.com
1 lpcdn.lpsnmedia.net lptag.liveperson.net
1 match.adsrvr.org benefitsplus-auth-dev.hsbc.com.hk
1 s.yimg.com tags.tiqcdn.com
1 akamai.tiqcdn.com tags.tiqcdn.com
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com benefitsplus-auth-dev.hsbc.com.hk
0 accdn.lpsnmedia.net Failed lptag.liveperson.net
0 www.facebook.com Failed benefitsplus-auth-dev.hsbc.com.hk
0 cm.g.doubleclick.net Failed benefitsplus-auth-dev.hsbc.com.hk
0 www.hkg1vl0048.p2g.netd2.hsbc.com.hk Failed tags.tiqcdn.com
73 21

This site contains links to these domains. Also see Links.

Domain
benefitsplus-dev.hsbc.com.hk
Subject Issuer Validity Valid
benefitsplus-dev.hsbc.com.hk
DigiCert EV RSA CA G2
2023-08-10 -
2024-09-09
a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02
2024-03-19 -
2025-04-17
a year crt.sh
upload.video.google.com
WR2
2024-05-21 -
2024-08-13
3 months crt.sh
*.gstatic.com
WR2
2024-05-21 -
2024-08-13
3 months crt.sh
*.tiqcdn.com
DigiCert TLS RSA SHA256 2020 CA1
2023-11-16 -
2024-11-16
a year crt.sh
*.fantasysports.yahoo.com
DigiCert SHA2 High Assurance Server CA
2024-05-30 -
2024-07-17
2 months crt.sh
*.liveperson.net
Sectigo RSA Organization Validation Secure Server CA
2023-11-28 -
2024-11-27
a year crt.sh
*.google-analytics.com
WR2
2024-05-21 -
2024-08-13
3 months crt.sh
*.adsrvr.org
GlobalSign GCC R3 DV TLS CA 2020
2024-04-23 -
2025-05-25
a year crt.sh
real.sp.analytics.yahoo.com
DigiCert SHA2 High Assurance Server CA
2024-03-19 -
2024-09-11
6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-03-15 -
2024-06-13
3 months crt.sh
*.tealiumiq.com
Amazon RSA 2048 M01
2023-07-23 -
2024-08-19
a year crt.sh
www.issthk-dev.hsbc.com.hk
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-19 -
2024-10-18
a year crt.sh
*.lpsnmedia.net
Sectigo RSA Organization Validation Secure Server CA
2023-11-15 -
2024-11-14
a year crt.sh

This page contains 5 frames:

Primary Page: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Frame ID: F95191CB3A00A70EB0448B4AEDEEDB79
Requests: 72 HTTP requests in this frame

Frame: data://truncated
Frame ID: 84B52421056A64D5408ACABF87E7BD7D
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 3BA58FACA1F0E8CB8890BDA27F5584D8
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: 08AD2977B9128919B8047E697BBA95B5
Requests: 2 HTTP requests in this frame

Frame: https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.html?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Frame ID: 72B8712C2268F149856EE67FF74E94E4
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Welcome to HSBC Life Benefits+

Page URL History Show full URLs

  1. https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
    https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_typ... HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/interaction/wFbvq-KfmAPqNBHEyJ9ij?lang=en-HK HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

73
Requests

82 %
HTTPS

44 %
IPv6

14
Domains

21
Subdomains

17
IPs

7
Countries

1078 kB
Transfer

3909 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://benefitsplus-dev.hsbc.com.hk/ HTTP 302
    https://benefitsplus-dev.hsbc.com.hk/login?path=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&protocol=oauth0&connection=hsbc&audience=hsbc&state=%2F HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/interaction/wFbvq-KfmAPqNBHEyJ9ij?lang=en-HK HTTP 302
    https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

73 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
benefitsplus-auth-dev.hsbc.com.hk/
Redirect Chain
  • https://benefitsplus-dev.hsbc.com.hk/
  • https://benefitsplus-dev.hsbc.com.hk/login?path=%2F
  • https://benefitsplus-auth-dev.hsbc.com.hk/authorize?scope=openid%20ALL%20profile%20profile.ecommerce.read&response_type=code&client_id=hsbc-dev&redirect_uri=https://benefitsplus-dev.hsbc.com.hk&pro...
  • https://benefitsplus-auth-dev.hsbc.com.hk/interaction/wFbvq-KfmAPqNBHEyJ9ij?lang=en-HK
  • https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
5 KB
5 KB
Document
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
6966f359a24ee088f0f9429b20b3122d56d6ecc81a96e185a35e8e47064de238
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-encoding
gzip
content-length
1652
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type
text/html; charset=utf-8
date
Thu, 06 Jun 2024 02:41:09 GMT
etag
W/"13a5-wiG/I6NxTLfKouc3AB4zX/xE2QI"
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept-Encoding
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-apigw-id
Y7I28ES2HUYEv8A=
x-amz-cf-id
UdcyHxGdrwaIzSTtQ1OwoJisp6Iqt36EfzCuKWiHoduushC6tVM31A==
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:09 GMT
x-amzn-requestid
53a08f42-c619-4654-9ffa-2453c9f061ce
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-correlation-id
4213ad26129032241fc987dcb4feee24
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-origin
*
cache-control
no-cache, no-store
content-length
138
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
content-type
text/html; charset=utf-8
date
Thu, 06 Jun 2024 02:41:08 GMT
location
/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
pragma
no-cache
server
CloudFront
strict-transport-security
max-age=63072000; includeSubdomains; preload
vary
Accept, Accept-Encoding
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-apigw-id
Y7I2yFzSnUYEmMQ=
x-amz-cf-id
0Oy-GHaNPiC0lP6kWVjpv9_QpgGRRLfwHp5vPT8flZ5a7Vt6LeToeQ==
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-remapped-content-length
138
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:08 GMT
x-amzn-requestid
ebc0f3a7-4672-41ec-8e7c-83052ce068c5
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-correlation-id
122f0e32d4de7002cc413bd416eb9fad
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
utag.sync.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
2 KB
1 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.sync.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
38f6905807c40f38927a21e48be0785eb7213c12e38d67a45eaa46ab10767565

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
EKx77crPXoXn30wwRlA14NpbT4Lbpuc8
content-encoding
gzip
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:11 GMT
last-modified
Thu, 09 May 2024 15:16:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"6aa15f80bbb39089fd322fff2579ea67"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
KxCdMJDfKiCYojrAmbJ--6OUAQx2SRCg4atvKUneDWIafZHokZ2dIw==
css
fonts.googleapis.com/
22 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 06 Jun 2024 02:41:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 01:15:03 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 06 Jun 2024 02:41:10 GMT
main.css
benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/
13 KB
7 KB
Stylesheet
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
c42319ce7aea1c71d227a3f114dc79725b0362444c45901c3715d7c7511bf799
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
c07c2d77d537576e1822c879598f2398
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
3dbd52ed-be51-4360-beb2-3fe337c176fc
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3GFiKHUYEPFA=
content-length
3038
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"333f-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:10 GMT
x-amz-cf-id
-j2_c5ntOQK1cvKFIHONkWAo1OXzAb8-f8sFvWWvaUCkONUHFX-70Q==
main.js
benefitsplus-auth-dev.hsbc.com.hk/static/assets/js/
12 KB
7 KB
Script
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/js/main.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
1787a052e123e576a4fb751205f80992
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
fe8b0975-59d7-47b0-ba15-82f5afb6575c
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3EGy6HUYEWsw=
content-length
2912
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"30db-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:10 GMT
x-amz-cf-id
_ivha7amZVRkAcbpsZ9Q6wc_ZZ9sTBRP2y_svgCxg8SRItf__YnAQg==
utag_data.js
benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/
832 B
5 KB
Script
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag_data.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
6bdf7ebc9ab82052e74cbbfffe0a22c8afed792fe2cc1d0bd64eead45f9cd565
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:10 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
832
x-correlation-id
b1592d1bc4b9841d2780e3f89591bd40
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
260524cd-97a0-4af8-b442-a5f7e0f0bd46
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3EFZwnUYECLw=
content-length
832
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"340-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:10 GMT
x-amz-cf-id
KoPDoBDHMQU7YDxNuIPb2-MN5WwGJ4dbdzkwEtjC-I79A4T2E19l6A==
utag.js
benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/
774 B
4 KB
Script
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a88693b1d0e7bf5a2898c9e3d177c7c33ef2e551ef9a8bb948196d788e68e075
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:10 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
774
x-correlation-id
d456772980d5edc410c91cb7af4acc4f
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
29718630-9142-4d9d-8ea0-100a711a7611
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3GFuDnUYEo7A=
content-length
774
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"306-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:10 GMT
x-amz-cf-id
I2bgC6PiOV2GmdD4UtZMScxelgPGJFZn1l4vWTA-QtjI1yJ0D3TuCw==
HSBC_logo_en.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
3 KB
5 KB
Image
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/HSBC_logo_en.svg
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:10 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
b7c49944f18d6461266a2d52693e2f25
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
00de08bc-c9e3-4b3e-ab89-88c80dad3c34
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3GFsbHUYEaew=
content-length
1203
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"b3d-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:10 GMT
x-amz-cf-id
H8POgg1F-W39M5qenC5oNnVBzCK2GfiUfQIBy2FtLcdJMznMIaH0eA==
iconnext.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
286 B
4 KB
Image
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/iconnext.png
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:10 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
286
x-correlation-id
7122d832c7137fc71c63fa9f277d5fa3
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
ab59dd93-9807-4950-9f5a-ce69ced48d18
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3GHVOHUYETcQ=
content-length
286
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"11e-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:10 GMT
x-amz-cf-id
ips28EEndbvLlT98OzYHpVTY8TltNyD_UOewKpnfPuK4kCkmTZU00w==
en-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
4 KB
8 KB
Image
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/en-HK.png
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:11 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
4505
x-correlation-id
b40054dbc63bb15693453c5e3ddb6254
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
ed04e4e3-e715-44fd-8462-00d4a1f20d78
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3PGmYnUYEE5A=
content-length
4505
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"1199-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:11 GMT
x-amz-cf-id
cKH6nFH0palLaB_osJdXoDsqVr1vt87Hwf-MjR-EjvGalOdCH-OGVw==
zh-HK.png
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
5 KB
8 KB
Image
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/zh-HK.png
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:11 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
4790
x-correlation-id
8fadd218cec1fdd68ef5d8ca092acec0
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
08938e4b-80ee-4964-af8a-40ee0b3ce774
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3QGpUHUYEBzQ=
content-length
4790
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"12b6-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:11 GMT
x-amz-cf-id
Ssg8IRjaE_QnmlCLGizFf7QSdR7vSKCeNkfwk-FLY4PxYCxe0frzLQ==
bg.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
5 KB
6 KB
Image
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/bg.svg
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
8755e8c1befbf00549f7b386c72dd75f
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
cf3b9f87-60a9-4c45-9bf5-db8f7b832007
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3QGzJnUYEbxA=
content-length
2118
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"15e5-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:11 GMT
x-amz-cf-id
DZwrqLGKKYNoWD91MarHNox9D2Z2QaoOj8Iw0DW5fhv9Ut-wLOWdVg==
utag.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
211 KB
44 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/tealium/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3afef905eaf9caee6d56c2f364c9dfc8321288ef91a2534b223beeeae4bf98da

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
zqhOGIA4mvIgV.5vbiu.Bqw._lfux4ga
content-encoding
gzip
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:40 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"a1440d3b84e9981a6af949f4494a8164"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=300
x-amz-cf-id
qB6slJnUOQh5gWR6p_ErHs46a5DqMlvFPR05wgTgKMBAP6SFpsn2Pw==
eye-inactive.svg
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
1 KB
4 KB
Image
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/eye-inactive.svg
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/css/main.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
f5ea9f6bd9c31344a5580e2f3f954e36
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
ebf10045-dc38-4526-afcf-19ff60b2ff90
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3QGWfHUYELVA=
content-length
663
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"54f-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:11 GMT
x-amz-cf-id
JpnLCNxnndxGowfzFJ6F-bAhCE76sdokKmz0hxEQ_KxNMP6_3vzubQ==
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
48 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://fonts.googleapis.com/
Origin
https://benefitsplus-auth-dev.hsbc.com.hk
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 04 Jun 2024 14:39:21 GMT
x-content-type-options
nosniff
age
129709
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48236
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 04 Jun 2025 14:39:21 GMT
location.js
akamai.tiqcdn.com/location/
18 B
563 B
XHR
General
Full URL
https://akamai.tiqcdn.com/location/location.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.68.88.82 Brussels, Belgium, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-68-88-82.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Thu, 06 Jun 2024 02:41:11 GMT
Last-Modified
Mon, 30 Apr 2018 23:09:19 GMT
Server
AkamaiNetStorage
ETag
"6c98be5fda77913799e8ef24b86a7abd:1525129759"
Content-Type
application/x-javascript
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
X-EdgeScape-Location
Cache-Control
max-age=1296000
X-EdgeScape-Location
country_code=DE,region_code=HE,city=FRANKFURT,areacode=0,zip=0,bandwidth=5000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
18
Expires
Fri, 21 Jun 2024 02:41:11 GMT
utag.v.js
tags.tiqcdn.com/utag/tiqapp/
2 B
431 B
Script
General
Full URL
https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/hk-rbwm-gsp/202405091513&cb=1717641671457
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
2XUX04X5QEw0.xFya64khU._sHTRl_Pz
date
Thu, 06 Jun 2024 02:39:20 GMT
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
age
112
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
2
last-modified
Sat, 11 Mar 2023 06:57:46 GMT
server
AmazonS3
etag
"7bc0ee636b3b83484fc3b9348863bd22"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=300
accept-ranges
bytes
x-amz-cf-id
3LQtKWsKO0XojQqPr1mVOeJeN8cg-Y0oKi1jILw5tgFIquJ4kY9CVQ==
utag.187.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
38 KB
11 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.187.js?utv=ut4.46.202202280912
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
9cb1d53337bfb32f26a211d01cea0bc36cd377c0b8cd7b9c858c50fe8b8f8abc

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
z3QEj4RTx_qWl3xOAPql83y7QH8Ipif7
content-encoding
br
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:38 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"62ae3ebb665ed75aa20c199b68c042e1"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
90L8G1ucUOIBsry9LXsklyfsUJ1IConBnUg1HBNsVnr-ncsE2xkG2g==
utag.249.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
3 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.249.js?utv=ut4.46.202208100919
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
faaeaae82d610fa00afb9236e8334f2c48101a66fc69348c33b185360bbb02e4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
d_v4tHOTkW8iHvxmTixQ9qXd7NALq6e3
content-encoding
br
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:24 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"59abccdf662cc0a0fda1c4f707cf9a2c"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
MGwYHVJ2xrW8oEL0NRG79kG-Smn-CbCbe25oUOsvOrjP5rAhgNrL_g==
utag.760.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
2 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.760.js?utv=ut4.46.202108091531
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1b01f142d67b4ae857003f3facfa3706b903f5c5201556ca69252ec38968529b

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
ZrdEL0Szjwbfs0xMeht0qphlhXawuJGX
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:39 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"adda2d765997fb31f90dcf36103d478f"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
Gy3q40zFr6K-_fie4NvAP024KsaVkKHek0YtACKSpOCdVAyUdT5Lng==
utag.770.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
22 KB
7 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.770.js?utv=ut4.46.202206291356
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7c6e5db0c800c759919265c34d10d441e38a27733cfb867b214777e8fb237371

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
fd0jfWCGTi7.K0vfmCgpZp3wiIYFEkNY
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:39 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"1e41c944fb868e765c782e2c0027cdcf"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
tz28Upopd66wPNGc5-WdI8uiqW7fJ5bOJAFKj4Gl-AP7MndlLUDvog==
utag.811.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
5 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.811.js?utv=ut4.46.202401221012
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c098f9e565ae64ba124c1eb720723de8a0f8b0df8e11ea38c81e5d5bb83475ac

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
LA2sEJ7IEaZh4cQ0J_9NGn1Te0kGY6oM
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:21 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"4f70cb9051761529e250fc41d588e511"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
MKlZcyE2hft3yk54PvBTbp0B0FZbJOlQlUJ0UtZTecHNiD1eciVKvQ==
utag.822.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
5 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.822.js?utv=ut4.46.202112171407
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c741ac64fe72475b8ae5c1e3e0d3e8dbe39a2f7241ab96f6976ded46c8c80b7a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
bxIWMpw3VqihD3tcC_1WW6oPTSLJsMpr
content-encoding
br
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:30 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"8e4c4713a7ce2b32cd5499f5ab4f01b1"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
19mIuuqiM9Jy9EIFht93E9H-QqA3JPv6YJ1ncrqmKZ_1YN7vJfrfCg==
utag.877.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
8 KB
3 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2c07f0d2bee093f108d787685ce49777105b359547db73f50cc3f2c198848074

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
eCPPOpoZl0NjB3B7gHnBtg99grabkm_M
content-encoding
br
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"caa16d68c7b353baddc6298442588487"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
iKb1T9O1jWovdJAk2HNYDq4U4yaoCc2DFHvwE6h9j7bzxr32AbAG6Q==
utag.884.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
17 KB
5 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c4cf5cb72e92e4587bfe0d3180a6e182f446decf79d38a295d225e6c5be00d31

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
nkmScipzQ7xMxJF5PPnTzVGjMESmNT88
content-encoding
br
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:23 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"2ad4988ecf29caf2114deb58b185d8b2"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
owCUDRlOFrlQvh4I5o2kLyt1Z1ZiWvnazfGtVBcXYvrMNZqkpSEPCw==
utag.894.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
1001 KB
121 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0226a856e4ed5cb72ff3ebea0548da570a5f56f8afccb81765336a276f628283

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
umwXLu9gZrHtE9lYP3SyR9vVXz2Fd_u7
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:37 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"91da6a652743feb3f603ecfd84d76a23"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
uTRiOKRq4dtDOdzy9hUwagAMhaypbTv8_G1UeQaL0mNL4l1qNTczpQ==
utag.926.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
7 KB
3 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f147f628d488e3a9adb175dec938d90187ee634e79374975ccfd4e35122a188f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
R2lg0skq3M9vePYto49AjjIRKkf3Np9g
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:29 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"74c0a152e8fc9ea61bc6026975b256e5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
bjPqurEw6sAiNwuiKMajIiI9JuCIGoFYynZckVjOSOR4ckwuILVNuA==
utag.927.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
10 KB
4 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.927.js?utv=ut4.46.202205311742
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6121a30f77ac85f73ec5d28aa879b6af4c20ba4b1e0cc567f4a4e22325b82b52

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
wZSMLE9wQ96igEcQox5xUWjV0Ju8dhiu
content-encoding
br
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
date
Thu, 06 Jun 2024 02:41:12 GMT
last-modified
Thu, 09 May 2024 15:16:39 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
etag
W/"3d89aa3ebe4e7d018333130dcb58a5af"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
S5-hbAj_hIqfUXbV7nYONZnODqVHCmB2Pa9kAF8VPmo5yKLB3Wzh-Q==
utag.931.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
47 KB
12 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4ef3e0635dcbcb059c772cd7c60de491073a21b488fbb250b0b868199f2732b2

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
1jH8zpDONTpPrB9pQGGL27qyz6TYfbcR
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:29 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"0007e46c4e0a342a659ca31c79a50c8e"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
Vi-zBj9VuWsBCQ9f_ZQA23hBBQvx2B3uKA5MchQ46ZyTxKCYDVVP-A==
utag.994.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
4 KB
2 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.994.js?utv=ut4.46.202401050524
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5e9cea0f194422bd58a13cb607428149342b2062b27fbe8baac7ed65b49b28da

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
7V1f5LJGQ8FhtK5JzCYI3eH.ny8YLp04
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:28 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"5bfc3b87e323ddf1efd0f856cf475d59"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
CC84H_wDxacQXzob5qOhmipWHA0qWjx42nFPealsqeNa4qwC_n0fhg==
utag.1026.js
tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/
205 KB
58 KB
Script
General
Full URL
https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:235a:8600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f8ceeab514ef6d3a41cfb72416159c14b0150919a4df4a085ad27826cff745ae

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-version-id
FV2PPnqGc_PVE6iUYvR5NE3ecvuyy9eU
content-encoding
br
last-modified
Thu, 09 May 2024 15:16:28 GMT
server
AmazonS3
via
1.1 de048058a16d8205bfbc06a8f2eefb34.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P9
etag
W/"3366e7cc68de9fdd1a5ab64949670512"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript
cache-control
max-age=1296000
x-amz-cf-id
OWEGz1m_T-eujtBtvw1GiEvM9oZ8MSC7M23oWmDSXNkJGeNwfs7qJg==
ytc.js
s.yimg.com/wi/
18 KB
7 KB
Script
General
Full URL
https://s.yimg.com/wi/ytc.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:807::1 , United Kingdom, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

ats-carp-promotion
1, 1
date
Thu, 06 Jun 2024 02:05:20 GMT
x-amz-version-id
xC6OTTJGIjCqkMTkbrZpmtbXHK5oaZhW
content-encoding
gzip
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-amz-request-id
334EN8SWMCVBBAQQ
age
2152
x-amz-server-side-encryption
AES256
content-length
6262
x-amz-id-2
ZlB/FwC0BP3XsJJinidggpxKpCysjenaqOxfclPwj4E2++GMHOvT6bCPvnJT34C/ahHJD8ibXYiD2yZH+kVuwkhncJzekcil
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-amz-expiration
expiry-date="Wed, 31 Jul 2024 00:00:00 GMT", rule-id="oath-standard-lifecycle"
last-modified
Mon, 26 Jun 2023 09:26:35 GMT
server
ATS
etag
"5c6ed25dce803fd84288922b8928409e-df"
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
vary
Origin, Accept-Encoding
content-type
application/javascript
cache-control
public,max-age=3600
accept-ranges
bytes
tag.js
lptag.liveperson.net/tag/
26 KB
10 KB
Script
General
Full URL
https://lptag.liveperson.net/tag/tag.js?site=19211303
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
f9a5649d70f74cde04ab0c3f8a8f41810772e9970befa7fee8e339bcf4dd3b08
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains
last-modified
Tue, 31 Oct 2023 18:56:18 GMT
server
ws
etag
"65414dd2-24b8"
access-control-allow-methods
GET, POST, PATCH
content-type
application/javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
content-length
9400
session.json
www.hkg1vl0048.p2g.netd2.hsbc.com.hk/7194/handler9/
0
0

JavascriptInsert.js
www.hkg1vl0048.p2g.netd2.hsbc.com.hk/
0
0

js
www.googletagmanager.com/gtag/
202 KB
74 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-1000000
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.877.js?utv=ut4.46.202304041402
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d80c961f22f86662c40e30c5a17ed043fdcd770aeb33619ddb6eba05821d2acc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:11 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75093
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 06 Jun 2024 02:41:11 GMT
walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/
0
0
Script
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-content-type-options
nosniff
x-amzn-remapped-content-length
187
x-correlation-id
ef6263672542b33a699015fdfec4a744
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
56e44a88-f297-4f0f-b515-d7831e6f676a
x-dns-prefetch-control
off
x-cache
Error from cloudfront
x-amz-apigw-id
Y7I3ZGFRnUYEZmA=
content-length
187
x-xss-protection
1; mode=block
server
CloudFront
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:12 GMT
x-amz-cf-id
oKpjhPxQP3V9dKk7a3i-ce_1fbB4Oa7FSZ9ie96DwJN42jRXWZkj2A==
generic
match.adsrvr.org/track/cmf/
70 B
149 B
Image
General
Full URL
https://match.adsrvr.org/track/cmf/generic?ttd_pid=tealium&ttd_tpi=1&gdpr=0
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.33.220.150 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a12b7a488abeaa9e4.awsglobalaccelerator.com
Software
Kestrel /
Resource Hash
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
server
Kestrel
content-length
70
content-type
image/gif
pixel
cm.g.doubleclick.net/
0
0

sp.pl
sp.analytics.yahoo.com/
43 B
500 B
Image
General
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000&d=Thu%2C%2006%20Jun%202024%2002%3A41%3A11%20GMT&n=-2d&b=Welcome%20to%20HSBC%20Life%20Benefits%2B&.yp=423090&f=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin%3Fuid%3DwFbvq-KfmAPqNBHEyJ9ij%26lang%3Den-HK&enc=UTF-8&yv=1.15.1&et=custom&tagmgr=tealium
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.255.41.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-255-41-64.eu-west-1.compute.amazonaws.com
Software
ATS/9.1.10.112 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 06 Jun 2024 02:41:12 GMT
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.112)
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS/9.1.10.112
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
43
expires
Thu, 06 Jun 2024 02:41:12 GMT
fbevents.js
connect.facebook.net/en_US/
219 KB
59 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.770.js?utv=ut4.46.202206291356
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 06 Jun 2024 02:41:12 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57975
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=12, mss=1297, tbw=2787, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
96fXs63izH7UOz3LJJEjAp7qcL45AosuPO10ndfZ8PyDxPL0yy/q5HaRFuSHVYCQz3J63zkMybvGK3WqgCNY1g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
i.gif
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/
43 B
780 B
XHR
General
Full URL
https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/i.gif
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.72.229.64 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-72-229-64.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryKtwxTDFAmip48M4B

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
x-serverid
uconnect_i-0feba87b432a7560e
x-tid
018feb6bf2e4003c8385dc5f84de0506f005406700b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-hk:2:datacloud
x-region
ap-northeast-1
content-length
43
pragma
no-cache
x-did
018feb6bf2e4003c8385dc5f84de0506f005406700b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://benefitsplus-auth-dev.hsbc.com.hk
x-ulver
c96738eb23f13a0bc90b20c8f326b2afa31d7e2b-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
93c0687a-fe97-4348-8763-446e634efaa5
expires
Thu, 06 Jun 2024 02:41:12 GMT
js
www.googletagmanager.com/gtag/
248 KB
87 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-956500078&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
471d5b37ccd0273511933092771d7f48ba7d12805824aa19a40204fdb6c35aa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88650
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 06 Jun 2024 02:41:12 GMT
js
www.googletagmanager.com/gtag/
271 KB
92 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
2aa839ba93d81efb0c5726ab7f48de7c8f3b4809e1df89ce4f5d6e54f847ed78
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
94117
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 06 Jun 2024 02:41:12 GMT
js
www.googletagmanager.com/gtag/
235 KB
84 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10951076746&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c51432e05661601ae447651e2cef0470c1480301120b49e3f2c09c80367ec47c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
85788
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 06 Jun 2024 02:41:12 GMT
js
www.googletagmanager.com/gtag/
223 KB
81 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-793957276&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-1000000
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9a83a5cf752b406527c38f0f4bae61a8b35af560e30d263d0a64af662abf7f9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:12 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
82772
x-xss-protection
0
last-modified
Thu, 06 Jun 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 06 Jun 2024 02:41:12 GMT
291998267968113
connect.facebook.net/signals/config/
183 KB
31 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/291998267968113?v=2.9.157&r=stable&domain=benefitsplus-auth-dev.hsbc.com.hk&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3b0e3f10977d338b2b2dc5fa35f9a25115c0ecbf211289fa06ff2fb64240ddab
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 06 Jun 2024 02:41:12 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=26, rtx=0, c=64, mss=1297, tbw=63498, tp=-1, tpl=-1, uplat=138, ullat=0
pragma
public
x-fb-debug
EWQgjxhdqdJQ+Vzt/iHCRKB1P/RrdfzRCUs8hOFDJx+XEiCY9vyZ6WVS6tBh8WTJzEN+GcXj5SDX4LqF5i1vXg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
session.json
www.issthk-dev.hsbc.com.hk/2767/js/events/v10/
6 KB
7 KB
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/js/events/v10/session.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
a35d2f1462b71eb6afaea5da9aa46b61aef6872b102ce500cee9a6a6500e3a50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:13 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=100
Content-Length
6460
/
www.facebook.com/tr/
0
0

/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
0
0

5b7f6f99-bd26-4551-b194-4e0fb44ed67e
https://benefitsplus-auth-dev.hsbc.com.hk/
176 KB
0
Other
General
Full URL
blob:https://benefitsplus-auth-dev.hsbc.com.hk/5b7f6f99-bd26-4551-b194-4e0fb44ed67e
Requested by
Host: benefitsplus-auth-dev.hsbc.com.hk
URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
51ddb2a0b09f8c8b32c18a23096b4b28a0a6d6f876aaff3cf3fc3da63215b6ea

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
180285
Content-Type
018feb6bf2e4003c8385dc5f84de0506f005406700b08
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/
36 B
255 B
Script
General
Full URL
https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/018feb6bf2e4003c8385dc5f84de0506f005406700b08?callback=utag.ut%5B%22writevawpb-stream-hk%22%5D&rnd=1717641673116
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.168.215.28 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-168-215-28.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
1e2a7a0beeba1d53f781aae969f089f3d22903d7b6f9441eb15a455ec92fa62c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-version
397c0f904439581475cb8a8e6863ea5a2749d952-SNAPSHOT
date
Thu, 06 Jun 2024 02:41:13 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
ap-northeast-1
content-length
36
x-nodeid
i-05a9e57157a06e54b
content-type
application/javascript; charset=utf-8
truncated
/ Frame 84B5
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 84B5
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 3BA5
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 3BA5
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 08AD
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ Frame 08AD
5 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
jsEvent.json
www.issthk-dev.hsbc.com.hk/2767/9007199255995498/js/events/v10/
106 B
820 B
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/9007199255995498/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
1893e2fa325c57cb153d595c064d1626f9f9660dd246ed3e22c02b209557a3c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:13 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=99
Content-Length
106
i.gif
collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/
43 B
779 B
XHR
General
Full URL
https://collect-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/2/i.gif
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.931.js?utv=ut4.46.202311061543
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.72.229.64 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-72-229-64.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryGvNZegF8oANPEwdc

Response headers

date
Thu, 06 Jun 2024 02:41:14 GMT
x-serverid
uconnect_i-024ba419bdbed1876
x-tid
018feb6bf2e4003c8385dc5f84de0506f005406700b08
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
hsbc:wpb-stream-hk:2:datacloud
x-region
ap-northeast-1
content-length
43
pragma
no-cache
x-did
018feb6bf2e4003c8385dc5f84de0506f005406700b08
vary
Origin
content-type
image/gif
access-control-allow-origin
https://benefitsplus-auth-dev.hsbc.com.hk
x-ulver
c96738eb23f13a0bc90b20c8f326b2afa31d7e2b-SNAPSHOT
access-control-expose-headers
X-Region
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
access-control-allow-credentials
true
x-uuid
00bb7c7b-6bc8-490c-9741-da03d883b50c
expires
Thu, 06 Jun 2024 02:41:14 GMT
sp.pl
sp.analytics.yahoo.com/
43 B
123 B
Image
General
Full URL
https://sp.analytics.yahoo.com/sp.pl?a=1000&b=Welcome%20to%20HSBC%20Life%20Benefits%2B&.yp=423090&f=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin%3Fuid%3DwFbvq-KfmAPqNBHEyJ9ij%26lang%3Den-HK&enc=UTF-8&yv=1.15.1&et=custom&tagmgr=tealium%2Cgtm
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.255.41.64 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-255-41-64.eu-west-1.compute.amazonaws.com
Software
ATS/9.1.10.112 /
Resource Hash
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
Security Headers
Name Value
Content-Security-Policy sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 06 Jun 2024 02:41:14 GMT
via
http/1.1 traffic_server (ApacheTrafficServer/9.1.10.112)
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
server
ATS/9.1.10.112
content-security-policy
sandbox; default-src 'self'; script-src 'none'; object-src 'none'; report-uri http://csp.yahoo.com/beacon/csp?src=generic
age
0
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-frame-options
DENY
content-type
image/gif
cache-control
no-cache, private, must-revalidate
accept-ranges
bytes
content-length
43
expires
Thu, 06 Jun 2024 02:41:14 GMT
/
www.facebook.com/tr/
0
0

/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
0
0

.jsonp
lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/
334 KB
118 KB
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
eed182ea98c84bb481578575f3d07b84bd701b41b197b6f81dae64300a13a2d7
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:14 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token
hsbc-favicon.ico
benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/
1 KB
4 KB
Other
General
Full URL
https://benefitsplus-auth-dev.hsbc.com.hk/static/assets/images/hsbc-favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:5000:a:9a74:f000:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
ea0664a949fba1e56da947f65ca0833ce4296e116c6f2f6d3d518f54e2bb7391
Security Headers
Name Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubdomains; preload
x-correlation-id
05558488cba40c6d34159e76ac109b22
content-security-policy
font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
via
1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P8
x-amzn-remapped-connection
keep-alive
x-amzn-requestid
58fdf7d3-8787-47d0-b3f8-7df956699d1a
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
x-amz-apigw-id
Y7I3wFktnUYENVg=
content-length
216
x-xss-protection
1; mode=block
last-modified
Tue, 28 May 2024 11:45:21 GMT
server
CloudFront
etag
W/"47e-18fbf04e868"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/x-icon
access-control-allow-origin
*
cache-control
public, max-age=0
accept-ranges
bytes
x-amzn-remapped-date
Thu, 06 Jun 2024 02:41:14 GMT
x-amz-cf-id
jCkzPAbVc5_wuQOGuTYaxPB4e-BR-IcMg7GIo3lcE4Eh5hv2M2Zc0Q==
jsEvent.json
www.issthk-dev.hsbc.com.hk/2767/9007199255995498/js/events/v10/
107 B
821 B
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/9007199255995498/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
3e73afde23be54f89aa04c656d2c345090df22f47bd24ecda179b2990ff0a03e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:14 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=98
Content-Length
107
/
accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/
0
0

ui-framework.js
lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/
0
0

surveylogicinstance.min.js
lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/
0
0

zones
accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/
0
0

018feb6bf2e4003c8385dc5f84de0506f005406700b08
visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/
20 KB
20 KB
Script
General
Full URL
https://visitor-service-ap-northeast-1.tealiumiq.com/hsbc/wpb-stream-hk/018feb6bf2e4003c8385dc5f84de0506f005406700b08?callback=utag.ut%5B%22writevawpb-stream-hk%22%5D&rnd=1717641674650
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.168.215.28 Tokyo, Japan, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-168-215-28.ap-northeast-1.compute.amazonaws.com
Software
/
Resource Hash
99834470f3c0c431b3229ac9fdb01a8e9bd59ba13a919016c2c659cfe8033663
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-version
397c0f904439581475cb8a8e6863ea5a2749d952-SNAPSHOT
date
Thu, 06 Jun 2024 02:41:14 GMT
strict-transport-security
max-age=31536000; includeSubdomains
x-region
ap-northeast-1
content-length
20451
x-nodeid
i-0a3d6b509086488dc
content-type
application/javascript; charset=utf-8
jsEvent.json
www.issthk-dev.hsbc.com.hk/2767/9007199255995498/js/events/v10/
107 B
821 B
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/9007199255995498/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
00f77e3d9f911910a51c4df011d465ec155089ceb098fd58e5ea873830f8bb56
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:15 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=97
Content-Length
107
storage.secure.min.js
lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/
0
0

storage.secure.min.html
lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/ Frame 72B8
0
0
Document
General
Full URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.html?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&ist=sessionStorage&env=prod&accdn=accdn.lpsnmedia.net
Requested by
Host: lptag.liveperson.net
URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.154.120 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
120.154.120.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
none
access-control-allow-origin
*
access-control-expose-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-state-rev
age
1112930
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public,max-age=31536000
content-encoding
br
content-length
16270
content-type
text/html
date
Fri, 24 May 2024 05:32:25 GMT
etag
W/"08e1e10c1128f5e33067543842258486"
last-modified
Fri, 24 May 2024 04:58:31 GMT
server
UploadServer
timing-allow-origin
https://z1.le.liveperson.net, https://va.le.liveperson.net, https://z2.le.liveperson.net, https://lo.le.liveperson.net, https://am.le.liveperson.net, https://z3.le.liveperson.net, https://sy.le.liveperson.net, https://me.le.liveperson.net, https://vz-care-dev.liveengage.verizon.com, https://vz-care-qa.liveengage.verizon.com, https://vz-care.liveengage.verizon.com
vary
Accept-Encoding
x-goog-generation
1716526711896314
x-goog-hash
crc32c=Z19eGg== md5=COHhDBEo9eMwZ1Q4QiWEhg==
x-goog-metageneration
1
x-goog-storage-class
MULTI_REGIONAL
x-goog-stored-content-encoding
identity
x-goog-stored-content-length
48296
x-guploader-uploadid
ABPtcPr2Wi51CFJPEs96TRoB-TACmYbUoxAjF0tqu98dvv7-VC-NzPp0T7QmqYVcDiJHlOdhww
jsEvent.json
www.issthk-dev.hsbc.com.hk/2767/9007199255995498/js/events/v10/
107 B
821 B
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/9007199255995498/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
662ec6ed5376711dfd6da20a82472d234afb76b26c78b54f41dfc4be99f8a09e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:15 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=96
Content-Length
107
jsEvent.json
www.issthk-dev.hsbc.com.hk/2767/9007199255995498/js/events/v10/
108 B
688 B
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/9007199255995498/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
425de0a4d7b9e4b1ce0b6e8b1384bad0d8e0fa1615a3032279cdbb26edaae47f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:16 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=95
Content-Length
108
i.js
datacloud.tealiumiq.com/tealium_ttd/main/16/
39 B
662 B
Script
General
Full URL
https://datacloud.tealiumiq.com/tealium_ttd/main/16/i.js?jsonp=utag.ut.tealium_pass_ttdid
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.926.js?utv=ut4.46.202205311742
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.194.74.133 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-194-74-133.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 06 Jun 2024 02:41:16 GMT
x-serverid
uconnect_i-00155f0813c94d9b3
x-tid
aa835be0205d40c7896743138ed1ca70
vary
Origin
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
x-acc
tealium_ttd:main:16:datacloud
x-ulver
c96738eb23f13a0bc90b20c8f326b2afa31d7e2b-SNAPSHOT
content-type
application/javascript
cache-control
no-transform,private,no-cache,no-store,max-age=0,s-maxage=0
x-region
eu-central-1
content-length
39
x-uuid
aa835be0-205d-40c7-8967-43138ed1ca70
expires
Thu, 06 Jun 2024 02:41:16 GMT
jsEvent.json
www.issthk-dev.hsbc.com.hk/2767/9007199255995498/js/events/v10/
50 B
629 B
XHR
General
Full URL
https://www.issthk-dev.hsbc.com.hk:31000/2767/9007199255995498/js/events/v10/jsEvent.json
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.1026.js?utv=ut4.46.202401221029
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
203.112.83.226 , Hong Kong, ASN9221 (HSBC-HK-AS HSBC HongKong, HK),
Reverse DNS
Software
Apache /
Resource Hash
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Thu, 06 Jun 2024 02:41:17 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://benefitsplus-auth-dev.hsbc.com.hk
P3P
CP="NON ADMo DEVo PSAo PSDo IVAo IVDo OUR IND UNI COM NAV INT CNT LOC STA PUR PHY ONL"
Cache-Control
no-store, no-cache, must-revalidate
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
S
DWSMCMRP01HK
Keep-Alive
timeout=5, max=94
Content-Length
50
.jsonp
lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/
14 KB
4 KB
Script
General
Full URL
https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&ct=lpSecureStorage%2Clp_sdes%2Ccobrowse%2Cscraper%2ClpActivityMonitor%2CrendererStub%2Clp_version_detector%2Clp_monitoringSDK%2ClpTransporter%2ClpUnifiedWindow%2CSMT%2Chooks%2Clp_SMT%2Cauthenticator%2CcleanCCPatterns%2Clp_global_utils%2CunAuthMessaging%2CjsLoader&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1
Requested by
Host: tags.tiqcdn.com
URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.884.js?utv=ut4.46.202311280718
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
178.249.97.23 , United States, ASN11054 (LIVEPERSON, US),
Reverse DNS
Software
ws /
Resource Hash
dc595f92dce42580c670b6304b91ccdbc02f4dd2859eb7a865a82b176ab257f6
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://benefitsplus-auth-dev.hsbc.com.hk/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 06 Jun 2024 02:41:18 GMT
strict-transport-security
max-age=63072000; includeSubDomains
x-content-type-options
nosniff
content-encoding
gzip
server
ws
x-cache-status
MISS
access-control-allow-methods
GET, POST, PATCH
content-type
application/x-javascript
access-control-expose-headers
X-Requested-With, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token, x-lp-host, Lp-Req-Time, date, x-application-context, strict-transport-security, x-content-type-options, x-download-options, x-xss-protection, x-cache-status, x-amz-id-2, x-amz-request-id, expires, last-modified, set-cookie, content-security-policy, x-frame-options
cache-control
public, max-age=630
access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Authorization, X-HTTP-Method-Override, LP-DOMAIN-REFERER, LP-URL, ETag, ac-revision, X-LP-Last-Modified, If-Match, Authentication-Method, Credit-Card-Ref, Automation-Secret, Email-Token

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
URL
https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/7194/handler9/session.json
Domain
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
URL
https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/JavascriptInsert.js
Domain
cm.g.doubleclick.net
URL
https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=018feb6bf2e4003c8385dc5f84de0506f005406700b08&tealium_account=hsbc&tealium_profile=wpb-stream-hk
Domain
www.facebook.com
URL
https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641672306&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET
Domain
www.facebook.com
URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641672306&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET
Domain
www.facebook.com
URL
https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641674070&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET
Domain
www.facebook.com
URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641674070&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET
Domain
accdn.lpsnmedia.net
URL
https://accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/?cb=accountSettingsCB
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/ui-framework.js?version=10.37.0-release_1294589553
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/surveylogicinstance.min.js?version=10.37.0-release_1294589553
Domain
accdn.lpsnmedia.net
URL
https://accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB
Domain
lpcdn.lpsnmedia.net
URL
https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.js?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&env=prod&accdn=accdn.lpsnmedia.net

Verdicts & Comments Add Verdict or Comment

200 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| TMS function| dcsEncode function| dcsEscape object| HSBC undefined| WebTrends object| DCSext function| dcsGetHSBCCookie function| dcsVar function| dcsMultiTrack function| dcsMapHSBC function| dcsMeta function| dcsFunc function| dcsTag object| Webtrends function| doLogin function| isInvalidEmail function| login function| onFocusIn function| onFocusOut function| showLanguages function| chooseLanguage function| showOrHidePassword function| displayError function| getUrlParameter function| isValidLanguageCode function| getLocale function| getPageLanguage function| getPageName function| getPageUrl function| trackLoginView function| trackLoginAction function| getTarget function| removeTouchRipple object| utag_data object| tms boolean| utag_condload string| userAgent string| platform object| macosPlatforms object| iosPlatforms object| Evnt object| jwt undefined| JWTInternals object| params object| qp_v_id object| qp_ses_id object| elem boolean| loggedInScript string| targetElementsSelector object| targetElements boolean| isTargetElementPresent undefined| versionNode undefined| version object| utag undefined| isFunction undefined| toObject undefined| track object| utag_cfg_ovrd string| mn object| pixel_lib object| utag_extn object| __MCMMsgs object| MCM function| requestCobrowse function| verifyCobrowse function| enterServiceNumber function| PixelSearchService boolean| clkev object| dotq boolean| pushIdentities function| tealium_liveperson_lib object| lpTag object| h string| HSBCHKUATPageID string| HSBCHKUATcompatVersion string| HSBCHKUATpacketVersion string| HSBCHKUATuseCorsForInitialRequest string| HSBCHKUATuseJsonFormatForInitialCorsRequest string| HSBCHKUATTCP string| HSBCHKUATSSL function| HSBCHKUATgPr object| HSBCHKUATpendingManualEvents object| HSBCHKUATqueuedYoutubeReferences function| HSBCHKUATevent function| HSBCHKUATclick function| HSBCHKUATtextchange function| HSBCHKUATformsubmit function| HSBCHKUATSendJsonData function| HSBCHKUATtrackYouTubeIframePlayer function| HSBCHKUATinitialExecutionCanProceed function| HSBCHKUATblockExecutionForInsertAlreadyPresent function| HSBCHKUATSL function| HSBCHKUATsendScriptRequests function| HSBCHKUATcookieAllowsScriptToProceed function| HSBCHKUATSC function| HSBCHKUATfindCookieVal function| HSBCHKUATdeleteLegacyCookies function| HSBCHKUATdoDeleteCookie boolean| HSBCHKUATLF function| HSBCHKUATclearStoppedState function| HSBCHKUATstop function| HSBCHKUATgenerateUUID object| HSBCHKUATcookieList function| HSBCHKUATgC function| HSBCHKUATae function| HSBCHKUATclient_event function| HSBCHKUATGP function| HSBCHKUATGPWID function| HSBCHKUATLC string| HSBCHKUATTWID function| HSBCHKUAToptOut function| HSBCHKUAToptIn function| HSBCHKUATanonymous function| HSBCHKUATresetCSA function| HSBCHKUATdoReInit function| HSBCHKUATtmoPoll boolean| HSBCHKUATjsInsertAlreadyLoaded function| HSBCHKUATgetSD string| HSBCHKUATwindowID number| HSBCHKUATTm object| HSBCHKUATsImgArr object| HSBCHKUATRTEHandler object| dataLayer boolean| gtag_enable_tcf_support object| _walkmeConfig boolean| impressiontrackingrunning object| YAHOO function| fbq function| _fbq object| e number| f string| items string| storageData object| google_tag_manager object| google_tag_data object| CelebrusCopyCookies object| CelebrusDataPrivacy string| HSBCHKDEV9useCors string| HSBCHKDEV9useSecureCookies function| HSBCHKDEV9onContentReady function| HSBCHKDEV9gHW object| HSBCHKDEV9RTEHandler object| HSBCHKDEV9VisibilityManager object| HSBCHKDEV9Logger function| HSBCHKDEV9optIn function| HSBCHKDEV9optOut function| HSBCHKDEV9anonymous function| HSBCHKDEV9doReInit function| HSBCHKDEV9stop function| HSBCHKDEV9clearStoppedState function| HSBCHKDEV9executeJsonResponse function| HSBCHKDEV9executeReInitNow function| HSBCHKDEV9start function| HSBCHKDEV9eQI function| HSBCHKDEV9findCookieVal function| HSBCHKDEV9addCookie function| HSBCHKDEV9contentResponse function| HSBCHKDEV9event function| HSBCHKDEV9click function| HSBCHKDEV9select function| HSBCHKDEV9textchange function| HSBCHKDEV9formsubmit function| HSBCHKDEV9SendJsonData function| HSBCHKDEV9onInitialSessionInformationResponse function| HSBCHKDEV9onInPageSessionInformationResponse function| HSBCHKDEV9trackYouTubeIframePlayer function| HSBCHKDEV9stopTrackingYouTubeIframePlayer function| HSBCHKDEV9getSessionNumber function| HSBCHKDEV9getSessionKey function| HSBCHKDEV9getRealTimeId function| HSBCHKDEV9getLoadBalancerId function| HSBCHKDEV9setHttpRequestHeader function| HSBCHKDEV9queueUserEvent function| HSBCHKDEV9getOptOutStatus object| HSBCHKDEV9CelebrusApi object| HSBCHKDEV9Instance function| HSBCHKDEV9CelebrusVersion function| HSBCHKDEV9SystemUuid function| HSBCHKDEV9Go string| HSBCHKDEV9PageID string| HSBCHKDEV9windowID string| cc object| cdApi string| HSBCHKDEV9wid string| HSBCHKDEV9contentKey string| HSBCHKDEV9sn string| HSBCHKDEV9cfg function| HSBCHKDEV9cOP object| HSBCHKDEV9sACW number| HSBCHKDEV9periodicImageCheckTimeout number| HSBCHKDEV9periodicFormCheckTimeout number| HSBCHKDEV9checkVariableCaptureTimeout function| _typeof function| _extends function| accountSettingsCB object| lpTaglogListeners object| proxyless function| lpZonesStaticCB object| lpMTagConfig

18 Cookies

Domain/Path Name / Value
.benefitsplus-auth-dev.hsbc.com.hk/interaction/wFbvq-KfmAPqNBHEyJ9ij Name: _interaction
Value: wFbvq-KfmAPqNBHEyJ9ij
.benefitsplus-auth-dev.hsbc.com.hk/interaction/wFbvq-KfmAPqNBHEyJ9ij Name: _interaction.sig
Value: Vj4tsX3nxrlLXlIi2PPVck4nXZM
benefitsplus-auth-dev.hsbc.com.hk/authorize/wFbvq-KfmAPqNBHEyJ9ij Name: _interaction_resume
Value: wFbvq-KfmAPqNBHEyJ9ij
benefitsplus-auth-dev.hsbc.com.hk/authorize/wFbvq-KfmAPqNBHEyJ9ij Name: _interaction_resume.sig
Value: maLRg7TarufjKakXodUGU2puaDw
benefitsplus-dev.hsbc.com.hk/ Name: state
Value: %252F
.hsbc.com.hk/ Name: tms_ref
Value:
.hsbc.com.hk/ Name: usy46gabsosd
Value: HSBCHKUAT_17176416718830.be13a6b23af54dfaf4a0023acf1da240_7194
.hsbc.com.hk/ Name: _gcl_au
Value: 1.1.284185649.1717641672
.hsbc.com.hk/ Name: _fbp
Value: fb.2.1717641672303.570319455386029566
.hsbc.com.hk/ Name: bmuid
Value: 1717641672478-5F9DE567-ACD3-4EE1-9A56-8FD0DBA4F98D
.hsbc.com.hk/ Name: cdSNum
Value: 1717641672905-sjn0000513-039822aa-cba0-4007-ab4d-50733a813eef
www.issthk-dev.hsbc.com.hk/ Name: HSBCHKDEV9cdPersisted
Value: _961f5278998041528c9d04491f2449965dd306354e844da6b885cfeed3f7bbda_86a0d1ca15a644f49f6d200281e28165
.hsbc.com.hk/ Name: HSBCHKDEV9session
Value: 9007199255237280_1717641672236_1717641673461_2767_f7b1f7b9af4247b69c065faa44f81146
.hsbc.com.hk/ Name: HSBCHKDEV9persisted
Value: _961f5278998041528c9d04491f2449965dd306354e844da6b885cfeed3f7bbda_86a0d1ca15a644f49f6d200281e28165_1717641673461_9007199255237280_1717641673461_1
.hsbc.com.hk/ Name: utag_main
Value: v_id:018feb6bf2e4003c8385dc5f84de0506f005406700b08$_sn:1$_se:2$_ss:0$_st:1717643474055$ses_id:1717641671397%3Bexp-session$_pn:1%3Bexp-session$dcsyncran:1%3Bexp-session$dc_group:2$dc_visit:1$dc_event:2%3Bexp-session$dc_region:ap-northeast-1%3Bexp-session$_prevpage:ib%3Ainsurance%3Abenefit%20plus%3Alogin%3Bexp-session
.hsbc.com.hk/ Name: cdContextId
Value: 3
www.issthk-dev.hsbc.com.hk/ Name: HSBCHKDEV9cdSession
Value: 9007199255237280_1717641675354_1717641673461_2767_f7b1f7b9af4247b69c065faa44f81146
.tealiumiq.com/ Name: TAPID
Value: tealium_ttd/main>aa835be0205d40c7896743138ed1ca70|hsbc/wpb-stream-hk>018feb6bf2e4003c8385dc5f84de0506f005406700b08|

32 Console Messages

Source Level URL
Text
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Refused to load the image 'https://cm.g.doubleclick.net/pixel?tealium_cookie_sync=true&google_nid=tealium_dmp&google_cm&tealium_vid=018feb6bf2e4003c8385dc5f84de0506f005406700b08&tealium_account=hsbc&tealium_profile=wpb-stream-hk' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-956500078&l=dataLayer&cx=c(Line 121)
Message:
Refused to connect to 'https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk%2Flogin&frm=0&rnd=1888293841.1717641672&auid=284185649.1717641672&npa=1&uid=018feb6bf2e4003c8385dc5f84de0506f005406700b08&gtm=45be4630v873280438za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&tft=1717641672142&tfd=7903&apve=1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018feb6bf2e4003c8385dc5f84de0506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=284185649.1717641672&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018feb6bf2e4003c8385dc5f84de0506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=284185649.1717641672&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641672306&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641672306&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=0&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
network error URL: https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Refused to execute script from 'https://benefitsplus-auth-dev.hsbc.com.hk/ed30a4375b7b4f9b8d9d8fd5bda693ad/test/walkme_ed30a4375b7b4f9b8d9d8fd5bda693ad_https.js' because its MIME type ('application/json') is not executable, and strict MIME type checking is enabled.
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://tags.tiqcdn.com/
Message:
Refused to frame 'https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://tags.tiqcdn.com/
Message:
Refused to frame 'https://1.b406929acabac9b095f124c81bdfcf57f.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security error URL: https://tags.tiqcdn.com/
Message:
Refused to frame 'https://1.c81358859121583b7adf2ace89cb39f44.com/' because it violates the following Content Security Policy directive: "frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com".
security warning URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.a79ab95c1589a13f8a4cab612bc71f9f7.com') does not match the recipient window's origin ('null').
security warning URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.b406929acabac9b095f124c81bdfcf57f.com') does not match the recipient window's origin ('null').
security warning URL: https://tags.tiqcdn.com/utag/hsbc/hk-rbwm-gsp/dev/utag.894.js?utv=ut4.46.202208121610(Line 8498)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://1.c81358859121583b7adf2ace89cb39f44.com') does not match the recipient window's origin ('null').
javascript error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Access to XMLHttpRequest at 'https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/7194/handler9/session.json' from origin 'https://benefitsplus-auth-dev.hsbc.com.hk' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network error URL: https://www.hkg1vl0048.p2g.netd2.hsbc.com.hk/7194/handler9/session.json
Message:
Failed to load resource: net::ERR_FAILED
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/tr/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641674070&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=GET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Refused to load the image 'https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=291998267968113&ev=PageView&dl=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&rl=&if=false&ts=1717641674070&sw=1600&sh=1200&ud[external_id]=0718913a70d6787ffce3161bac7a0a2dd6b202078e2fa700f5b7479e95960b0e&v=2.9.157&r=stable&a=tmtealium&ec=1&o=4124&fbp=fb.2.1717641672303.570319455386029566&cs_est=true&pm=1&hrl=fe7bb1&ler=empty&cdl=API_unavailable&it=1717641672117&coo=false&eid=b99d30860089b5ad358e65c879f82c73&tm=1&cs_cc=1&cas=7622605321154699%2C7783714921666663%2C3352707101488138%2C5588178577890481%2C3961247883957138%2C1633273413466937&rqm=FGET' because it violates the following Content Security Policy directive: "img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018feb6bf2e4003c8385dc5f84de0506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=284185649.1717641672&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://www.googletagmanager.com/gtag/js?id=AW-793969516&l=dataLayer&cx=c(Line 139)
Message:
Refused to connect to 'https://google.com/ccm/form-data/793969516?gtm=45be4630v891155749za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&userId=018feb6bf2e4003c8385dc5f84de0506f005406700b08&npa=1&frm=0&pscdl=noapi&auid=284185649.1717641672&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.141%7CChromium%3B125.0.6422.141%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&em=tv.1' because it violates the following Content Security Policy directive: "connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'".
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1
Message:
Refused to load the script 'https://accdn.lpsnmedia.net/api/account/19211303/configuration/setting/accountproperties/?cb=accountSettingsCB' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1(Line 6)
Message:
Refused to load the script 'https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/ui-framework.js?version=10.37.0-release_1294589553' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1(Line 6)
Message:
Refused to load the script 'https://lpcdn.lpsnmedia.net/le_unified_window/10.37.0-release_1294589553/surveylogicinstance.min.js?version=10.37.0-release_1294589553' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1
Message:
Refused to load the script 'https://accdn.lpsnmedia.net/api/account/19211303/configuration/le-campaigns/zones?fields=id&fields=zoneValue&cb=lpZonesStaticCB' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://lptag.liveperson.net/lptag/api/account/19211303/configuration/applications/taglets/.jsonp?v=2.0&df=0&s=gsp_insurance_benefit-plus_login_wFbvq-KfmAPqNBHEyJ9ij&b=1
Message:
Refused to load the script 'https://lpcdn.lpsnmedia.net/le_secure_storage/3.28.0-release_1286430736/storage.secure.min.js?loc=https%3A%2F%2Fbenefitsplus-auth-dev.hsbc.com.hk&site=19211303&env=prod&accdn=accdn.lpsnmedia.net' because it violates the following Content Security Policy directive: "script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://benefitsplus-auth-dev.hsbc.com.hk/login?uid=wFbvq-KfmAPqNBHEyJ9ij&lang=en-HK
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy font-src *.hsbc.com.hk fonts.gstatic.com maxcdn.bootstrapcdn.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com data: 'self' 'unsafe-inline'; form-action https: *.hsbc.com.hk secure.authorize.net test.authorize.net geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com pilot-payflowlink.paypal.com www.paypal.com www.sandbox.paypal.com 'self' 'unsafe-inline'; frame-ancestors *.hsbc.com.hk *.stripe.com stripe.com 'self'; frame-src 'self' data: *.hsbc.com.hk *.my-doc.com lpcdn.lpsnmedia.net td.doubleclick.net fast.amc.demdex.net *.adobe.com secure.authorize.net test.authorize.net bid.g.doubleclick.net *.youtube.com *.youtube-nocookie.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.paypal.com www.sandbox.paypal.com pilot-payflowlink.paypal.com player.vimeo.com https://www.google.com/recaptcha/ *.weltpixel.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com 'self' 'unsafe-inline'; img-src blob: *.google.com.hk *.yahoo.com *.hsbc.com.hk *.tealiumiq.com *.adsrvr.org maps.googleapis.com maps.gstatic.com assets.adobedtm.com amcglobal.sc.omtrdc.net dpm.demdex.net cm.everesttech.net *.adobe.com widgets.magentocommerce.com data: www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net www.google.com bid.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com t.paypal.com *.ftcdn.net *.behance.net www.paypal.com fpdbs.paypal.com fpdbs.sandbox.paypal.com *.vimeocdn.com i.ytimg.com *.youtube.com validator.swagger.io flagpedia.net *.gstatic.com data: 'self' 'unsafe-inline'; script-src *.hsbc.com.hk unpkg.com connect.facebook.net s.yimg.com visitor-service-ap-northeast-1.tealiumiq.com lptag.liveperson.net datacloud.tealiumiq.com tags.tiqcdn.com assets.adobedtm.com *.adobe.com secure.authorize.net test.authorize.net www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net analytics.google.com www.googletagmanager.com www.paypalobjects.com js.braintreegateway.com www.paypal.com *.newrelic.com *.nr-data.net geostag.cardinalcommerce.com 1eafstag.cardinalcommerce.com geoapi.cardinalcommerce.com 1eafapi.cardinalcommerce.com songbird.cardinalcommerce.com includestest.ccdc02.com www.sandbox.paypal.com t.paypal.com s.ytimg.com www.googleapis.com vimeo.com www.vimeo.com *.vimeocdn.com *.youtube.com https://www.gstatic.com/recaptcha/ https://www.google.com/recaptcha/ *.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.googletagmanager.com tagmanager.google.com 'self' 'unsafe-inline' 'unsafe-eval'; style-src *.hsbc.com.hk fonts.googleapis.com *.adobe.com maxcdn.bootstrapcdn.com *.gstatic.com tagmanager.google.com 'self' 'unsafe-inline'; object-src *.hsbc.com.hk 'self' 'unsafe-inline'; media-src *.hsbc.com.hk *.adobe.com 'self' 'unsafe-inline'; manifest-src *.hsbc.com.hk 'self' 'unsafe-inline'; connect-src wss: *.hsbc.com.hk www.issthk-dev.hsbc.com.hk:31000 *.tealiumiq.com *.tiqcdn.com pagead2.googlesyndication.com log-happyhktest.us.v2.customers.biocatch.com log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com dpm.demdex.net amcglobal.sc.omtrdc.net www.google-analytics.com www.googleadservices.com analytics.google.com www.googletagmanager.com *.newrelic.com *.nr-data.net vimeo.com geostag.cardinalcommerce.com geo.cardinalcommerce.com 1eafstag.cardinalcommerce.com 1eaf.cardinalcommerce.com centinelapistag.cardinalcommerce.com centinelapi.cardinalcommerce.com www.sandbox.paypal.com www.paypalobjects.com www.paypal.com pilot-payflowlink.paypal.com www.gstatic.com maps.googleapis.com *.stripe.com klarna.com *.klarna.com *.klarnacdn.net *.klarnaevt.com https://www.google-analytics.com 'self' 'unsafe-inline'; child-src http: https: *.hsbc.com.hk blob: 'self' 'unsafe-inline'; default-src *.hsbc.com.hk 'self' 'unsafe-inline' 'unsafe-eval' log-69c80419.customers.biocatch.com wup-69c80419.customers.biocatch.com; base-uri *.hsbc.com.hk 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accdn.lpsnmedia.net
akamai.tiqcdn.com
benefitsplus-auth-dev.hsbc.com.hk
benefitsplus-dev.hsbc.com.hk
cm.g.doubleclick.net
collect-ap-northeast-1.tealiumiq.com
connect.facebook.net
datacloud.tealiumiq.com
fonts.googleapis.com
fonts.gstatic.com
lpcdn.lpsnmedia.net
lptag.liveperson.net
match.adsrvr.org
s.yimg.com
sp.analytics.yahoo.com
tags.tiqcdn.com
visitor-service-ap-northeast-1.tealiumiq.com
www.facebook.com
www.googletagmanager.com
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
www.issthk-dev.hsbc.com.hk
accdn.lpsnmedia.net
cm.g.doubleclick.net
lpcdn.lpsnmedia.net
www.facebook.com
www.hkg1vl0048.p2g.netd2.hsbc.com.hk
104.68.88.82
178.249.97.23
18.194.74.133
203.112.83.226
2600:9000:235a:8600:7:2bfb:7c00:93a1
2600:9000:266e:5000:a:9a74:f000:93a1
2a00:1288:80:807::1
2a00:1450:4001:81d::2008
2a00:1450:4001:828::200a
2a00:1450:4001:82f::2003
2a03:2880:f083:100:face:b00c:0:3
3.255.41.64
3.33.220.150
34.120.154.120
35.72.229.64
54.168.215.28
00f77e3d9f911910a51c4df011d465ec155089ceb098fd58e5ea873830f8bb56
0226a856e4ed5cb72ff3ebea0548da570a5f56f8afccb81765336a276f628283
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
08c3ec753f2c435ae7a84b9ddeb48c91ecc26367b8f8cd75ff828ab6aaba93b9
0e4b1e428a2198ef747010c094101c257b568a97cdcc0f31ed5e9868cc835b39
1893e2fa325c57cb153d595c064d1626f9f9660dd246ed3e22c02b209557a3c1
1b01f142d67b4ae857003f3facfa3706b903f5c5201556ca69252ec38968529b
1e2a7a0beeba1d53f781aae969f089f3d22903d7b6f9441eb15a455ec92fa62c
2aa839ba93d81efb0c5726ab7f48de7c8f3b4809e1df89ce4f5d6e54f847ed78
2c07f0d2bee093f108d787685ce49777105b359547db73f50cc3f2c198848074
31fe46164ce2459191ca1f7727fd742ce01833ee4f705459e88d43f53fcc9f80
38f6905807c40f38927a21e48be0785eb7213c12e38d67a45eaa46ab10767565
3afef905eaf9caee6d56c2f364c9dfc8321288ef91a2534b223beeeae4bf98da
3b0e3f10977d338b2b2dc5fa35f9a25115c0ecbf211289fa06ff2fb64240ddab
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3e73afde23be54f89aa04c656d2c345090df22f47bd24ecda179b2990ff0a03e
425de0a4d7b9e4b1ce0b6e8b1384bad0d8e0fa1615a3032279cdbb26edaae47f
471d5b37ccd0273511933092771d7f48ba7d12805824aa19a40204fdb6c35aa7
480b06b23e574b4bf386fde1a91145a4171f97aeb5ee800e4be1850f29b1ad91
4b98e82da5261a22970e177085ed1c4d0156e74c3d0a0a17a66760c5413d3af1
4ef3e0635dcbcb059c772cd7c60de491073a21b488fbb250b0b868199f2732b2
51ddb2a0b09f8c8b32c18a23096b4b28a0a6d6f876aaff3cf3fc3da63215b6ea
5e9cea0f194422bd58a13cb607428149342b2062b27fbe8baac7ed65b49b28da
6121a30f77ac85f73ec5d28aa879b6af4c20ba4b1e0cc567f4a4e22325b82b52
662ec6ed5376711dfd6da20a82472d234afb76b26c78b54f41dfc4be99f8a09e
6966f359a24ee088f0f9429b20b3122d56d6ecc81a96e185a35e8e47064de238
6bdf7ebc9ab82052e74cbbfffe0a22c8afed792fe2cc1d0bd64eead45f9cd565
7c6e5db0c800c759919265c34d10d441e38a27733cfb867b214777e8fb237371
83ebe8170b3b5dda2d20a80fe205ec14e1f8cb19ed40cfe73d480087b588e56c
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
9467767079a490ee2a938f0dc4e111596f9a300d170df03e21c59ed8e9d042bb
99834470f3c0c431b3229ac9fdb01a8e9bd59ba13a919016c2c659cfe8033663
9a83a5cf752b406527c38f0f4bae61a8b35af560e30d263d0a64af662abf7f9d
9cb1d53337bfb32f26a211d01cea0bc36cd377c0b8cd7b9c858c50fe8b8f8abc
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a35d2f1462b71eb6afaea5da9aa46b61aef6872b102ce500cee9a6a6500e3a50
a6a6c4cad34919cd1652a54a90191f5ac3c73ca00b24929a84e1e913cf605553
a88693b1d0e7bf5a2898c9e3d177c7c33ef2e551ef9a8bb948196d788e68e075
be81363ab71f61fa670727b693a9c17a03690e1ef5e697605d90c78c3b455fa4
c098f9e565ae64ba124c1eb720723de8a0f8b0df8e11ea38c81e5d5bb83475ac
c42319ce7aea1c71d227a3f114dc79725b0362444c45901c3715d7c7511bf799
c4cf5cb72e92e4587bfe0d3180a6e182f446decf79d38a295d225e6c5be00d31
c51432e05661601ae447651e2cef0470c1480301120b49e3f2c09c80367ec47c
c741ac64fe72475b8ae5c1e3e0d3e8dbe39a2f7241ab96f6976ded46c8c80b7a
d753f8ee126736431a1cd8170dbfcf94f553eeb1d24f2baa7c66474a80d0e559
d80c961f22f86662c40e30c5a17ed043fdcd770aeb33619ddb6eba05821d2acc
dc595f92dce42580c670b6304b91ccdbc02f4dd2859eb7a865a82b176ab257f6
dd9b11bb7723d648dee86c40524b1f927054223967194dee794d19ac49fac3a9
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
ea0664a949fba1e56da947f65ca0833ce4296e116c6f2f6d3d518f54e2bb7391
edcb7c9c998fbe2e1eb86a4b15df253cff75dd15691da28aa0c03fb18ef26eed
eed182ea98c84bb481578575f3d07b84bd701b41b197b6f81dae64300a13a2d7
f147f628d488e3a9adb175dec938d90187ee634e79374975ccfd4e35122a188f
f63aa9cbf1ed197a7e8d6e192bedd57a3376bc1defa5fc2bcc84835eed6900c9
f6779bc003be288d6dbd1d7b4183b1ea15b53c70c8ac7b2161e89b4bc137d6d4
f8ceeab514ef6d3a41cfb72416159c14b0150919a4df4a085ad27826cff745ae
f9a5649d70f74cde04ab0c3f8a8f41810772e9970befa7fee8e339bcf4dd3b08
faaeaae82d610fa00afb9236e8334f2c48101a66fc69348c33b185360bbb02e4