urlscan.io logo urlscan.io
SecurityTrails logo

www.bp.com Open in urlscan Pro
2.17.185.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.bppayback.mx/
Effective URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Submission: On January 13 via manual from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 4 countries across 5 domains to perform 40 HTTP transactions. The main IP is 2.17.185.115, located in Ascension Island and belongs to AKAMAI-AS, US. The main domain is www.bp.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on December 2nd 2020. Valid for: a year.
This is the only time www.bp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 54.72.215.189 16509 (AMAZON-02)
31 2.17.185.115 16625 (AKAMAI-AS)
3 2a00:1450:400... 15169 (GOOGLE)
2 104.109.72.14 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
40 5
1    54.72.215.189 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-72-215-189.eu-west-1.compute.amazonaws.com
www.bppayback.mx
31    2.17.185.115 (Ascension Island)

ASN16625 (AKAMAI-AS, US)
PTR: a2-17-185-115.deploy.static.akamaitechnologies.com
www.bp.com
3    2a00:1450:4001:808::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    104.109.72.14 (Netherlands)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-109-72-14.deploy.static.akamaitechnologies.com
apps.bp.com
3    2a00:1450:4001:817::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
1    2a00:1450:4001:818::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
Domain Requested by
31 www.bp.com www.bp.com
3 www.google.com www.bp.com
www.gstatic.com
3 www.googletagmanager.com www.bp.com
www.googletagmanager.com
2 apps.bp.com www.bp.com
1 www.gstatic.com www.google.com
1 www.bppayback.mx 1 redirects
40 6

This site contains links to these domains. Also see Links.

Domain
www.payback.mx
www.instagram.com
twitter.com
www.facebook.com
Subject Issuer Validity Valid
www.bp.com
Entrust Certification Authority - L1K		 2020-12-02 -
2021-10-25		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
www.google.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
*.gstatic.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh
*.google.com
GTS CA 1O1		 2020-12-15 -
2021-03-09		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Frame ID: A43714232055AD18A51BF4CA0B6079D8
Requests: 37 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdQgbAUAAAAAD2l3BjhFtH1J-2_PC4gCNG-c5Ml&co=aHR0cHM6Ly93d3cuYnAuY29tOjQ0Mw..&hl=es&type=image&v=qc5B-qjP0QEimFYUxcpWJy5B&theme=light&size=normal&cb=x38se3lguj8j
Frame ID: 7DFB68AD52256B7E19319277FFAD7706
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=es&v=qc5B-qjP0QEimFYUxcpWJy5B&k=6LdQgbAUAAAAAD2l3BjhFtH1J-2_PC4gCNG-c5Ml&cb=bu1io0rgd7ll
Frame ID: 624F67F210D18FE518CA83FBAEE5A9FF
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.bppayback.mx/ HTTP 301
    https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

40
Requests

100 %
HTTPS

50 %
IPv6

5
Domains

6
Subdomains

5
IPs

4
Countries

1839 kB
Transfer

4403 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.bppayback.mx/ HTTP 301
    https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request registro.html
www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/
Redirect Chain
  • http://www.bppayback.mx/
  • https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
44 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f35d0a2e16b3c66f63ecc0825be951f52001dc84fa7d5b2077cf47b932a0aa6f
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.bp.com
:scheme
https
:path
/es_mx/mexico/home/products-and-services/bp_payback/registro.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-type
text/html; charset=UTF-8
server
Apache
x-frame-options
SAMEORIGIN
platform
Navitas-Blue
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
no-referrer-when-downgrade
etag
"af4b-5ab0bfb614880"
accept-ranges
bytes
strict-transport-security
max-age=0; includeSubDomains;
vary
Accept-Encoding
content-encoding
gzip
content-length
6357
cache-control
private, max-age=263
expires
Wed, 13 Jan 2021 11:40:07 GMT
date
Wed, 13 Jan 2021 11:35:44 GMT

Redirect headers

Date
Wed, 13 Jan 2021 11:35:43 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Platform
Navitas-Wandel
Content-Security-Policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Feature-Policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer-when-downgrade
Location
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Content-Length
291
Keep-Alive
timeout=301
Connection
Keep-Alive
Content-Type
text/html; charset=iso-8859-1
assets.css
www.bp.com/etc/designs/refresh/bp/ 		224 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc/designs/refresh/bp/assets.css
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
755d657df1b96d751b0b3edc48d1a5aa26d1942d0eacd5fd6ff2f953db582059
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-length
35337
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:44 GMT
strict-transport-security
max-age=0; includeSubDomains;
content-type
text/css
cache-control
private, max-age=103
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"381a3-5b6a1b39db3c0"
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:37:27 GMT
bp-logo.svg
www.bp.com/etc/designs/refresh/bp/images/navigation/ 		10 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/etc/designs/refresh/bp/images/navigation/bp-logo.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
68532cd7e3546faddb5ce30af3e3285006ff4772ee38c21089883d74998c7789
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-length
2845
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:44 GMT
strict-transport-security
max-age=0; includeSubDomains;
content-type
image/svg+xml
cache-control
private, max-age=158
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"2784-59bad94a45b40"
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:38:22 GMT
invoice.png
www.bp.com/content/dam/bp/master-site/en/global/home/images/icons/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/master-site/en/global/home/images/icons/invoice.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
65fda229877182e946759b6023e53beab0287423a801ba9995517f3e9fb248c2
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
etag
"be11-583e4f84aff40"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, max-age=300
date
Wed, 13 Jan 2021 11:35:45 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
platform
Navitas-Blue
content-length
48657
x-xss-protection
1; mode=block
expires
Wed, 13 Jan 2021 11:40:45 GMT
bp-icon-pump-station-bp-green-720.png
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/ 		29 KB
29 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/bp-icon-pump-station-bp-green-720.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
910bebd4680a48fe04f099a9f993831aaecfbe97ad508f2da5082ddff4c2c001
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
etag
"72c9-58e796a96ad80"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, max-age=271
date
Wed, 13 Jan 2021 11:35:45 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
platform
Navitas-Blue
content-length
29385
x-xss-protection
1; mode=block
expires
Wed, 13 Jan 2021 11:40:16 GMT
icono.png
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/payback/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/payback/icono.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a62f61f8a5b8fc3021aa6f84e9ffcec50129683ee9de745e49d20e6bebc6aad5
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
etag
"6051-591da49496c80"
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
private, max-age=290
date
Wed, 13 Jan 2021 11:35:45 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
platform
Navitas-Blue
content-length
24657
x-xss-protection
1; mode=block
expires
Wed, 13 Jan 2021 11:40:35 GMT
homepaybackjulio20.jpg.img.50.medium.jpg
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/homepaybackjulio20.jpg.img.50.medium.jpg
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
678be4d50c23d3c6742d1416490bee21cda388201f285c23da861c93593cf210
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options
nosniff
date
Wed, 13 Jan 2021 11:35:45 GMT
content-length
1136
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
etag
"470-5ab0bf28efb80"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
image/jpeg
cache-control
private, max-age=300
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:40:45 GMT
instagram.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/instagram.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
50d453933f680e2684bd5cc11545f6e0a2ae3a5f3fcae957aa6b6c91be40d6bc
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-length
908
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:44 GMT
strict-transport-security
max-age=0; includeSubDomains;
content-type
image/svg+xml
cache-control
private, max-age=225
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"879-586cfa1a74700"
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:39:29 GMT
twitter.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ 		716 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/twitter.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
3ab96a611f61e59ec0fca48d0ac30156429129ad88c550fbe9b377f6e50c28ff
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-length
442
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:45 GMT
strict-transport-security
max-age=0; includeSubDomains;
content-type
image/svg+xml
cache-control
private, max-age=196
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"2cc-56f7144929d00"
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:39:01 GMT
fb.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ 		562 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/fb.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6e1964914997a707c66637e088bcc85eedf432ebf3ce0a92be9b1192ec515b8e
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-length
335
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:44 GMT
strict-transport-security
max-age=0; includeSubDomains;
content-type
image/svg+xml
cache-control
private, max-age=7
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"232-56f7144929d00"
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:35:51 GMT
assets.js
www.bp.com/etc/designs/refresh/bp/ 		879 KB
224 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc/designs/refresh/bp/assets.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
0cb49d60d48ac517d1b57f7ceca1ce9fb5b8c2854de16d40fa5477ec1c7911d7
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
x-content-type-options
nosniff
vary
Accept-Encoding
content-length
228397
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:44 GMT
strict-transport-security
max-age=0; includeSubDomains;
content-type
text/javascript
cache-control
private, max-age=154
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"dba29-5b6a1b3acf600"
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:38:18 GMT
csrf.js
www.bp.com/etc.clientlibs/clientlibs/granite/jquery/granite/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options
nosniff
date
Wed, 13 Jan 2021 11:35:45 GMT
content-length
13680
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
etag
"3570-5aed105210040"
strict-transport-security
max-age=0; includeSubDomains;
content-type
text/html; charset=UTF-8
cache-control
private, max-age=300
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:40:45 GMT
gtm.js
www.googletagmanager.com/ 		493 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WJFXK46
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
95253db3e4213b29f1cfa1a83f3e71bba3ac40d0994da4e7b40e1f6e6d63d0e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:44 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
94952
x-xss-protection
0
last-modified
Wed, 13 Jan 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 13 Jan 2021 11:35:44 GMT
header_bp_paybackok.jpg
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/payback/ 		379 KB
381 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/payback/header_bp_paybackok.jpg
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f3cd2c1e2bdbd588083491b4da2e3acf642dcb5f7f5557441a633325afbfe1fd
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
etag
"5edec-59158c329cf40"
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
private, max-age=258
date
Wed, 13 Jan 2021 11:35:45 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
platform
Navitas-Blue
content-length
388588
x-xss-protection
1; mode=block
expires
Wed, 13 Jan 2021 11:40:03 GMT
arrow-up.svg
www.bp.com/etc/designs/refresh/bp/images/navigation/ 		248 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/etc/designs/refresh/bp/images/navigation/arrow-up.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5f8b38bbe25343e6a001ec3914920d7a4deb9012d419a8eb8005bc7c7a2de644
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
etag
"f8-584c02eb8bf00"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
209
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:45 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private, max-age=141
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
platform
Navitas-Blue
x-content-type-options
nosniff
expires
Wed, 13 Jan 2021 11:38:06 GMT
arrow-down.svg
www.bp.com/etc/designs/refresh/bp/images/navigation/ 		249 B
756 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/etc/designs/refresh/bp/images/navigation/arrow-down.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
62801af240a5c3659f75300983cd3babeafede7c85d21d26120147492be6eef7
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
etag
"f9-584c02eb8bf00"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
206
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:45 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private, max-age=300
accept-ranges
bytes
platform
Navitas-Blue
x-content-type-options
nosniff
expires
Wed, 13 Jan 2021 11:40:45 GMT
link-arrow-green.svg
www.bp.com/etc/designs/refresh/bp/images/ 		202 B
726 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/etc/designs/refresh/bp/images/link-arrow-green.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a613b97dbaaea416d6adffd75ce5c7cb2e0055dff244e02c4f71e8d338ed5775
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-encoding
gzip
etag
"ca-584c02eb8bf00"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
175
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
date
Wed, 13 Jan 2021 11:35:45 GMT
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
private, max-age=153
accept-ranges
bytes
platform
Navitas-Blue
x-content-type-options
nosniff
expires
Wed, 13 Jan 2021 11:38:18 GMT
Univers-55-roman-latin-extended.woff
www.bp.com/etc/designs/refresh/bp/assets/fonts/ 		41 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc/designs/refresh/bp/assets/fonts/Univers-55-roman-latin-extended.woff
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c286aebe2343604f1a22405a76e552bdf4eb8e03b5c9dc4d5cca335766c654a8
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
date
Wed, 13 Jan 2021 11:35:45 GMT
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cache-control
private, max-age=281
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"a462-584c02ec80140"
strict-transport-security
max-age=0; includeSubDomains;
accept-ranges
bytes
platform
Navitas-Blue
content-length
42082
x-content-type-options
nosniff
expires
Wed, 13 Jan 2021 11:40:26 GMT
NRIcons.woff2
www.bp.com/etc/designs/refresh/bp/assets/fonts/ 		5 KB
6 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc/designs/refresh/bp/assets/fonts/NRIcons.woff2
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
78bb3d83afbc59e90bea8647cd57c46075e739ca616070ca00e5c61865d8af02
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
date
Wed, 13 Jan 2021 11:35:45 GMT
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cache-control
private, max-age=155
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"12fc-589ebceb76a80"
strict-transport-security
max-age=0; includeSubDomains;
accept-ranges
bytes
platform
Navitas-Blue
content-length
4860
x-content-type-options
nosniff
expires
Wed, 13 Jan 2021 11:38:20 GMT
Univers-45-light-latin-extended.woff
www.bp.com/etc/designs/refresh/bp/assets/fonts/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc/designs/refresh/bp/assets/fonts/Univers-45-light-latin-extended.woff
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a41d18aeef16b452c31f8cd619e06d7634286450de2e2b802243bec9bba884e6
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
etag
"afd4-584c02ec80140"
x-frame-options
SAMEORIGIN
cache-control
private, max-age=27
date
Wed, 13 Jan 2021 11:35:45 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
accept-ranges
bytes
platform
Navitas-Blue
content-length
45012
x-xss-protection
1; mode=block
expires
Wed, 13 Jan 2021 11:36:12 GMT
Univers-65-bold-latin-extended.woff
www.bp.com/etc/designs/refresh/bp/assets/fonts/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc/designs/refresh/bp/assets/fonts/Univers-65-bold-latin-extended.woff
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
572dfd7de923a53e9c57207354cbfd2633725fb56f575d1801657b54332bf6f3
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/etc/designs/refresh/bp/assets.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
referrer-policy
no-referrer-when-downgrade
server
Apache
date
Wed, 13 Jan 2021 11:35:45 GMT
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
cache-control
private, max-age=37
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
etag
"b1d2-584c02ec80140"
strict-transport-security
max-age=0; includeSubDomains;
accept-ranges
bytes
platform
Navitas-Blue
content-length
45522
x-content-type-options
nosniff
expires
Wed, 13 Jan 2021 11:36:22 GMT
SharePriceFeed
apps.bp.com/ Frame 		0
0 		Other
General
Check archive.org
Download Go to
Full URL
https://apps.bp.com/SharePriceFeed?cb=1610537745123
Protocol
H2
Server
104.109.72.14 , Netherlands, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-109-72-14.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
x-api-key
Origin
https://www.bp.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

content-type
application/json
content-length
0
x-amzn-requestid
c44096a0-c8c4-4d31-8868-b73ea8ede815
access-control-allow-origin
*
access-control-allow-headers
Content-Type,X-Amz-Date,Authorization,X-Api-Key,X-Amz-Security-Token
x-amz-apigw-id
ZFcqvEYHjoEFpdw=
access-control-allow-methods
GET,OPTIONS
x-amz-cf-pop
FRA53-C1
x-amz-cf-id
v3aerpklKseca5yk1vVWNDM3ICy-GjtRh0ROTZ8tzVSqTLJhD-FJmg==
expires
Wed, 13 Jan 2021 11:35:45 GMT
cache-control
max-age=0, no-cache, private
pragma
no-cache
date
Wed, 13 Jan 2021 11:35:45 GMT
Register
www.bp.com/navapp/bppayback/action/ 		733 B
890 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/action/Register
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2f280a644eab4b07d765351694215acdf7b2fde36516af1a2132f4937fd71170

Request headers

Accept
*/*
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:45 GMT
content-encoding
gzip
x-aspnetmvc-version
5.2
server
Microsoft-IIS/10.0
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
text/html; charset=utf-8
access-control-allow-origin
*
cache-control
private, no-cache
content-length
380
expires
Wed, 13 Jan 2021 11:35:45 GMT
SharePriceFeed
apps.bp.com/ 		310 B
647 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://apps.bp.com/SharePriceFeed?cb=1610537745123
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.109.72.14 , Netherlands, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-109-72-14.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fbdd80c31e08f1a0656a3820c38e10f0f801005e028a35451168cb2889980563

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
x-api-key
aDOMiHooE68nd3QXUztCi9Al8HnoAyTu4QrAzv0M

Response headers

pragma
no-cache
date
Wed, 13 Jan 2021 11:35:45 GMT
x-amz-cf-pop
FRA53-C1
x-amzn-requestid
e813dded-8ae8-40f6-8d74-f6147fa0954f
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, no-cache, private
x-amzn-trace-id
Root=1-5ffedb11-5c6c770b137c6ec432f35cf7;Sampled=0
x-amz-apigw-id
ZFcqxEQYDoEFaIA=
content-length
310
x-amz-cf-id
pzFBGXr_Ov5SotohwZ5-d6xdcAMR-7TI50IEF5p47vw2fynn3YKZ3w==
expires
Wed, 13 Jan 2021 11:35:45 GMT
gtm.js
www.googletagmanager.com/ 		80 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WXHV2VT&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJFXK46
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7d3e5b57ef6c4d6fd9b502427105d585718e89b586a0e34fcca663e8f644724c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:45 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
31255
x-xss-protection
0
last-modified
Wed, 13 Jan 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 13 Jan 2021 11:35:45 GMT
gtm.js
www.googletagmanager.com/ 		280 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KX7KMTR&l=dataLayer
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WJFXK46
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:808::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
281b6705137e31736e552a235750b411ccf882d00f992524041ad076bf3094aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:45 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
87127
x-xss-protection
0
last-modified
Wed, 13 Jan 2021 09:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 13 Jan 2021 11:35:45 GMT
homepaybackjulio20.jpg.img.1280.medium.jpg
www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/ 		81 KB
82 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/es_mx/mexico/home/homepaybackjulio20.jpg.img.1280.medium.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
178f06a30a3012cce2615aa17171a8ba259249d8fcdf5d6db22a5d38bec3e018
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
x-content-type-options
nosniff
date
Wed, 13 Jan 2021 11:35:45 GMT
content-length
83097
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
server
Apache
x-frame-options
SAMEORIGIN
etag
"14499-5ab0bf28efb80"
strict-transport-security
max-age=0; includeSubDomains;
content-type
image/jpeg
cache-control
private, max-age=268
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
platform
Navitas-Blue
expires
Wed, 13 Jan 2021 11:40:13 GMT
styles.3ff695c00d717f2d2a11.css
www.bp.com/navapp/bppayback/ 		0
190 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/styles.3ff695c00d717f2d2a11.css
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:45 GMT
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
content-type
text/css
access-control-allow-origin
*
cache-control
private, max-age=294
accept-ranges
bytes
content-length
0
expires
Wed, 13 Jan 2021 11:40:39 GMT
runtime.741402d1d47331ce975c.js
www.bp.com/navapp/bppayback/ 		1 KB
942 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/runtime.741402d1d47331ce975c.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:46 GMT
content-encoding
gzip
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private, max-age=300
accept-ranges
bytes
content-length
712
expires
Wed, 13 Jan 2021 11:40:46 GMT
polyfills.11bd17c8849c7dd49af5.js
www.bp.com/navapp/bppayback/ 		147 KB
48 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/polyfills.11bd17c8849c7dd49af5.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/etc/designs/refresh/bp/assets.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
55ab45dace02010bc897135f19a4fb12230ff4b0655106261fc3165957b927dd

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:46 GMT
content-encoding
gzip
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private, max-age=276
accept-ranges
bytes
content-length
49172
expires
Wed, 13 Jan 2021 11:40:22 GMT
scripts.6cf4da7113bcd1218d80.js
www.bp.com/navapp/bppayback/ 		141 KB
44 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/scripts.6cf4da7113bcd1218d80.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
11fe9ba127445e9db4f522f01abc6fabf890d79529f3cb713c442ddda4e26a77

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:46 GMT
content-encoding
gzip
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private, max-age=294
accept-ranges
bytes
content-length
44998
expires
Wed, 13 Jan 2021 11:40:40 GMT
main.d46d934f627ad0df9d1a.js
www.bp.com/navapp/bppayback/ 		805 KB
157 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/main.d46d934f627ad0df9d1a.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6f8047a4b6a313ab115f2c2507ae59f5f72775c441ff2ac74311c3d961e2b149

Request headers

Accept
text/javascript, application/javascript, application/ecmascript, application/x-ecmascript, */*; q=0.01
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:46 GMT
content-encoding
gzip
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private, max-age=263
accept-ranges
bytes
content-length
160002
expires
Wed, 13 Jan 2021 11:40:09 GMT
AppConfig.json
www.bp.com/navapp/bppayback/assets/ 		7 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/assets/AppConfig.json
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
711d07ecc8fd10ee3e93d787ec18b604a992354470d6ef336bc0274e85955643

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:47 GMT
last-modified
Tue, 24 Nov 2020 15:32:32 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0a880677c2d61:0"
content-type
application/json
access-control-allow-origin
*
cache-control
private, max-age=283
accept-ranges
bytes
content-length
7069
expires
Wed, 13 Jan 2021 11:40:30 GMT
api.js
www.google.com/recaptcha/ 		922 B
766 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit&hl=es
Requested by
Host: www.bp.com
URL: https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
d406ca8417d8e3bd65770487ce2d8d729237d6fce4227d950096320072572729
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:46 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
585
x-xss-protection
1; mode=block
expires
Wed, 13 Jan 2021 11:35:46 GMT
Reverso_MonederoPB-01.png
www.bp.com/navapp/bppayback/assets/ 		73 KB
73 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/navapp/bppayback/assets/Reverso_MonederoPB-01.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
618bc21a2cb7f1f067537003d4953025f13ee71b25ff81ec5ea7ad7b07e50799

Request headers

Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:47 GMT
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
content-type
image/png
access-control-allow-origin
*
cache-control
private, max-age=262
accept-ranges
bytes
content-length
74666
expires
Wed, 13 Jan 2021 11:40:09 GMT
UniversforBP-Light.5c1aa6abe7d1f0e41cbf.ttf
www.bp.com/navapp/bppayback/ 		105 KB
106 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/UniversforBP-Light.5c1aa6abe7d1f0e41cbf.ttf
Requested by
Host: www.bp.com
URL: https://www.bp.com/navapp/bppayback/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4ce6df7b76258c31c1d35a7f211bfe0ad6e672e4f7c1a06a40aa1d746ac265fe

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/navapp/bppayback/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:47 GMT
last-modified
Tue, 24 Nov 2020 09:22:14 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0e78a4b43c2d61:0"
content-type
application/octet-stream
access-control-allow-origin
*
cache-control
private, max-age=300
accept-ranges
bytes
content-length
107868
expires
Wed, 13 Jan 2021 11:40:47 GMT
fontawesome-webfont.af7ae505a9eed503f8b8.woff2
www.bp.com/navapp/bppayback/ 		75 KB
76 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/navapp/bppayback/fontawesome-webfont.af7ae505a9eed503f8b8.woff2
Requested by
Host: www.bp.com
URL: https://www.bp.com/navapp/bppayback/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/navapp/bppayback/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 13 Jan 2021 11:35:47 GMT
last-modified
Tue, 24 Nov 2020 09:22:12 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"0ba594a43c2d61:0"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
private, max-age=298
accept-ranges
bytes
content-length
77160
expires
Wed, 13 Jan 2021 11:40:45 GMT
recaptcha__es.js
www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/ 		337 KB
132 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__es.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=ngx_captcha_onload_callback&render=explicit&hl=es
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7dbf373609e4797d621dc329c59d2109904e42be975cb17641c29a337f44669b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Origin
https://www.bp.com
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 11 Jan 2021 13:10:45 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
167101
cross-origin-resource-policy
cross-origin
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
134992
x-xss-protection
0
last-modified
Sun, 06 Dec 2020 23:05:51 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 11 Jan 2022 13:10:45 GMT
anchor
www.google.com/recaptcha/api2/ Frame 7DFB 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LdQgbAUAAAAAD2l3BjhFtH1J-2_PC4gCNG-c5Ml&co=aHR0cHM6Ly93d3cuYnAuY29tOjQ0Mw..&hl=es&type=image&v=qc5B-qjP0QEimFYUxcpWJy5B&theme=light&size=normal&cb=x38se3lguj8j
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__es.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-0v6QPVtmywkFzRsPWg5osA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6LdQgbAUAAAAAD2l3BjhFtH1J-2_PC4gCNG-c5Ml&co=aHR0cHM6Ly93d3cuYnAuY29tOjQ0Mw..&hl=es&type=image&v=qc5B-qjP0QEimFYUxcpWJy5B&theme=light&size=normal&cb=x38se3lguj8j
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 13 Jan 2021 11:35:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-0v6QPVtmywkFzRsPWg5osA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
11237
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
bframe
www.google.com/recaptcha/api2/ Frame 624F 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=es&v=qc5B-qjP0QEimFYUxcpWJy5B&k=6LdQgbAUAAAAAD2l3BjhFtH1J-2_PC4gCNG-c5Ml&cb=bu1io0rgd7ll
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/qc5B-qjP0QEimFYUxcpWJy5B/recaptcha__es.js
Protocol
H3-Q050
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:817::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-Eo3cZYLShHuiyA+APz+h8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=es&v=qc5B-qjP0QEimFYUxcpWJy5B&k=6LdQgbAUAAAAAD2l3BjhFtH1J-2_PC4gCNG-c5Ml&cb=bu1io0rgd7ll
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.bp.com/es_mx/mexico/home/products-and-services/bp_payback/registro.html

Response headers

content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Wed, 13 Jan 2021 11:35:47 GMT
content-security-policy
script-src 'report-sample' 'nonce-Eo3cZYLShHuiyA+APz+h8A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
1122
server
GSE
alt-svc
h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Verdicts & Comments Add Verdict or Comment

232 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| dataLayer string| brandName object| google_tag_manager function| postscribe object| PubSub object| Modernizr object| picturefillCFG function| picturefill object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin object| _gsQueue function| TimelineLite function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup function| BezierPlugin object| lazySizesConfig object| lazySizes object| __algolia function| $ number| _zid function| setCookie function| trackHoverIntent object| webpackJsonp object| core object| __core-js_shared__ function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__fetch function| __zone_symbol__legacyPatch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononmessageerrorpatched function| jQuery object| bootstrap object| __zone_symbol__loadfalse object| ng function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers function| ngx_captcha_error_callback function| ngx_captcha_expire_callback function| ngx_captcha_onload_callback object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| __zone_symbol__testfalse object| closure_lm_748378 object| __zone_symbol__messagefalse object| __zone_symbol__scrollfalse object| __zone_symbol__resizefalse function| __zone_symbol__ON_PROPERTYerror object| __zone_symbol__errorfalse function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

2 Cookies

Domain/Path Name / Value
www.bp.com/ Name: AWSELBCORS
Value: 25E5AFEB16F0D18616EC88C773A80C75558E9B582FE6C9F712BC804DCFA32A8E08DA99D83D8BFDBF24EDC2913441EA50EFBDABA2F9D3F27DD36DC7620D185145180A9E2A07
www.bp.com/ Name: AWSELB
Value: 25E5AFEB16F0D18616EC88C773A80C75558E9B582FE6C9F712BC804DCFA32A8E08DA99D83D8BFDBF24EDC2913441EA50EFBDABA2F9D3F27DD36DC7620D185145180A9E2A07

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

apps.bp.com
www.bp.com
www.bppayback.mx
www.google.com
www.googletagmanager.com
www.gstatic.com
104.109.72.14
2.17.185.115
2a00:1450:4001:808::2008
2a00:1450:4001:817::2004
2a00:1450:4001:818::2003
54.72.215.189
0cb49d60d48ac517d1b57f7ceca1ce9fb5b8c2854de16d40fa5477ec1c7911d7
11fe9ba127445e9db4f522f01abc6fabf890d79529f3cb713c442ddda4e26a77
178f06a30a3012cce2615aa17171a8ba259249d8fcdf5d6db22a5d38bec3e018
281b6705137e31736e552a235750b411ccf882d00f992524041ad076bf3094aa
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f280a644eab4b07d765351694215acdf7b2fde36516af1a2132f4937fd71170
3ab96a611f61e59ec0fca48d0ac30156429129ad88c550fbe9b377f6e50c28ff
4ce6df7b76258c31c1d35a7f211bfe0ad6e672e4f7c1a06a40aa1d746ac265fe
50d453933f680e2684bd5cc11545f6e0a2ae3a5f3fcae957aa6b6c91be40d6bc
55ab45dace02010bc897135f19a4fb12230ff4b0655106261fc3165957b927dd
572dfd7de923a53e9c57207354cbfd2633725fb56f575d1801657b54332bf6f3
5f8b38bbe25343e6a001ec3914920d7a4deb9012d419a8eb8005bc7c7a2de644
618bc21a2cb7f1f067537003d4953025f13ee71b25ff81ec5ea7ad7b07e50799
62801af240a5c3659f75300983cd3babeafede7c85d21d26120147492be6eef7
65fda229877182e946759b6023e53beab0287423a801ba9995517f3e9fb248c2
678be4d50c23d3c6742d1416490bee21cda388201f285c23da861c93593cf210
68532cd7e3546faddb5ce30af3e3285006ff4772ee38c21089883d74998c7789
6e1964914997a707c66637e088bcc85eedf432ebf3ce0a92be9b1192ec515b8e
6f8047a4b6a313ab115f2c2507ae59f5f72775c441ff2ac74311c3d961e2b149
711d07ecc8fd10ee3e93d787ec18b604a992354470d6ef336bc0274e85955643
755d657df1b96d751b0b3edc48d1a5aa26d1942d0eacd5fd6ff2f953db582059
78bb3d83afbc59e90bea8647cd57c46075e739ca616070ca00e5c61865d8af02
7d3e5b57ef6c4d6fd9b502427105d585718e89b586a0e34fcca663e8f644724c
7dbf373609e4797d621dc329c59d2109904e42be975cb17641c29a337f44669b
910bebd4680a48fe04f099a9f993831aaecfbe97ad508f2da5082ddff4c2c001
95253db3e4213b29f1cfa1a83f3e71bba3ac40d0994da4e7b40e1f6e6d63d0e6
a41d18aeef16b452c31f8cd619e06d7634286450de2e2b802243bec9bba884e6
a613b97dbaaea416d6adffd75ce5c7cb2e0055dff244e02c4f71e8d338ed5775
a62f61f8a5b8fc3021aa6f84e9ffcec50129683ee9de745e49d20e6bebc6aad5
c286aebe2343604f1a22405a76e552bdf4eb8e03b5c9dc4d5cca335766c654a8
d406ca8417d8e3bd65770487ce2d8d729237d6fce4227d950096320072572729
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf
f35d0a2e16b3c66f63ecc0825be951f52001dc84fa7d5b2077cf47b932a0aa6f
f3cd2c1e2bdbd588083491b4da2e3acf642dcb5f7f5557441a633325afbfe1fd
fbdd80c31e08f1a0656a3820c38e10f0f801005e028a35451168cb2889980563