urlscan.io logo urlscan.io
SecurityTrails logo

sbb-portal.boncard.ch Open in urlscan Pro
51.107.58.160  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://sbb-portal.boncard.ch/
Effective URL: https://sbb-portal.boncard.ch/Login.aspx
Submission: On July 03 via api from US — Scanned from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 58 HTTP transactions. The main IP is 51.107.58.160, located in Zurich, Switzerland and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is sbb-portal.boncard.ch.
TLS certificate: Issued by GeoTrust Global TLS RSA4096 SHA256 20... on June 12th 2024. Valid for: 6 months.
This is the only time sbb-portal.boncard.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 53 51.107.58.160 8075 (MICROSOFT...)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
58 3
Apex Domain
Subdomains		 Transfer
53 boncard.ch
sbb-portal.boncard.ch
939 KB
6 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 83
ajax.googleapis.com — Cisco Umbrella Rank: 469
62 KB
58 2
Domain Requested by
53 sbb-portal.boncard.ch 1 redirects sbb-portal.boncard.ch
5 fonts.googleapis.com sbb-portal.boncard.ch
1 ajax.googleapis.com sbb-portal.boncard.ch
58 3

This site contains links to these domains. Also see Links.

Domain
www.swissmadesoftware.org
Subject Issuer Validity Valid
sbb-portal.boncard.ch
GeoTrust Global TLS RSA4096 SHA256 2022 CA1		 2024-06-12 -
2024-12-12		 6 months crt.sh
upload.video.google.com
WR2		 2024-06-13 -
2024-09-05		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://sbb-portal.boncard.ch/Login.aspx
Frame ID: B53819EA204122405B4C5F4A0B5A9E8D
Requests: 58 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

SBB Prepaid-Karten

Page URL History Show full URLs

  1. https://sbb-portal.boncard.ch/ HTTP 302
    https://sbb-portal.boncard.ch/Login.aspx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • ([\d.]+)/jquery-ui(?:\.min)?\.js
  • jquery-ui.*\.js

Page Statistics

58
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

3
IPs

2
Countries

1000 kB
Transfer

1893 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sbb-portal.boncard.ch/ HTTP 302
    https://sbb-portal.boncard.ch/Login.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

58 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Login.aspx
sbb-portal.boncard.ch/
Redirect Chain
  • https://sbb-portal.boncard.ch/
  • https://sbb-portal.boncard.ch/Login.aspx
47 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
687b2dd0a60b3d1360c4e9dcea47e9db3d2d368b9da09fc9a48b4d268bb43ace
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-CH,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
private
Content-Encoding
gzip
Content-Length
19411
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Type
text/html; charset=utf-8
Date
Wed, 03 Jul 2024 19:33:36 GMT
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Referrer-Policy
no-referrer
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=2592000; includeSubDomains
Vary
Accept-Encoding
X-AspNet-Version
4.0.30319
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private
Content-Length
128
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Type
text/html; charset=utf-8
Date
Wed, 03 Jul 2024 19:33:36 GMT
Location
/Login.aspx
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Referrer-Policy
no-referrer
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-AspNet-Version
4.0.30319
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
style.css
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		67 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.css?ver=10.218
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
99078b8e416d58524493db9b1af1de0ec564f2ff6b3bb3a4372ba01aba7e4e4c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
14042
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
ETag
"86ff9eabacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
style.responsive.css
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		11 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.responsive.css?ver=10.218
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c3cf4212c71e2214362c7194f33e60804c1ee824c3df329d5e207c2d05f523d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
2682
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
ETag
"86ff9eabacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
css
fonts.googleapis.com/ 		616 B
441 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons+Outlined
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3f93939a32d53667337d1f980bb4fcac832e561c97882de60da2b9e49426d95a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 03 Jul 2024 19:33:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 03 Jul 2024 19:33:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Jul 2024 19:33:36 GMT
css
fonts.googleapis.com/ 		569 B
778 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 03 Jul 2024 19:33:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 03 Jul 2024 19:33:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Jul 2024 19:33:36 GMT
css
fonts.googleapis.com/ 		673 B
470 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons+Two+Tone
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
2a5e912bfa1c843535ff48d3a72503ffc98342d69295718b09a488b39addd105
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 03 Jul 2024 19:33:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 03 Jul 2024 19:33:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Jul 2024 19:33:36 GMT
css
fonts.googleapis.com/ 		600 B
435 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons+Round
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
ed286dde4ef5eb7ae7bffbfbae0670a903e48817a82faf2877a083bae23fab08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 03 Jul 2024 19:33:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 03 Jul 2024 19:33:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Jul 2024 19:33:36 GMT
css
fonts.googleapis.com/ 		600 B
434 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Material+Icons+Sharp
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
4999eede56af5233889aa38d6c26d966dc2734b67b2db14f00d7c0bcb12ae37d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Wed, 03 Jul 2024 19:33:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 03 Jul 2024 19:33:36 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 03 Jul 2024 19:33:36 GMT
CommonStyles.css
sbb-portal.boncard.ch/ 		20 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/CommonStyles.css?ver=10.218
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0ff589913259eeb6bbafd3f3c89f86db50474a9b9b2e1a2d96a8552df20ad67e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
5834
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:25 GMT
Server
Microsoft-IIS/10.0
ETag
"f5ec72a6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
CommonStylesAzureDialog.css
sbb-portal.boncard.ch/ 		736 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/CommonStylesAzureDialog.css?ver=10.218
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b02e55b3acdb8272cff9464c9a1718bfc3a18d6008318fc8437b5699393a2a5e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
466
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:25 GMT
Server
Microsoft-IIS/10.0
ETag
"367673a6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
jquery.js
sbb-portal.boncard.ch/ 		90 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/jquery.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
41458
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
ETag
"1533fda6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
boncardPay.js
sbb-portal.boncard.ch/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/boncardPay.js?ver=10.218
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fcfd9bebfbe5742f3e00c5aa772f90e5163e04e7f98a4096269d8242cc6e7b56
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
1500
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:25 GMT
Server
Microsoft-IIS/10.0
ETag
"9bc467a6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
script.js
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		54 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/script.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
8cd9a1e646ff299fa205fe757ee44ac2d9d7bc13f78d7a491290d95cb689dac0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
15614
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
ETag
"86ff9eabacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
script.responsive.js
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		21 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/script.responsive.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
be7823de0035d66e8362de257bfea25ba1d043bc14f67cbe46b460053ba39e62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
5474
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
ETag
"86ff9eabacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
MasterPageAddon.js
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/MasterPageAddon.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
text/html
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Content-Length
103
X-XSS-Protection
1; mode=block
script.js
sbb-portal.boncard.ch/ 		53 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/script.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ffe72098dcc4840b01b476fef2d64642e73823f88f41b57e2eb8dd0a46e1d442
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
15262
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"9ef34fadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
izitoast.min.css
sbb-portal.boncard.ch/izimodal/css/ 		41 KB
16 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/izimodal/css/izitoast.min.css
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7fa7d6e3b4039b59b4d4721ea7e523a42a4dc0b56405829df9f8696f8550fa01
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
15476
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
ETag
"e1a3faa6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
izimodal.min.css
sbb-portal.boncard.ch/izimodal/css/ 		84 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/izimodal/css/izimodal.min.css
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7911dcd9d0a07824b3b77fd7e69e5a3712048f739393c29d1b146c93da028e13
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
23526
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
ETag
"e1a3faa6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
dragtable.css
sbb-portal.boncard.ch/scripts/GridViewConfigurator/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/scripts/GridViewConfigurator/dragtable.css
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
27775c671902e962265042e7df2363cccbcbaf7f3538d1c99f5cd9d3bbdd4cb0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
549
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"9ef34fadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
izitoast.js
sbb-portal.boncard.ch/izimodal/js/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/izimodal/js/izitoast.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9e0eba62679628b62235b3f37c37708ae385d1ee6f5a052d18e831a3ba7e3571
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
10043
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
ETag
"e1a3faa6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
izimodal.min.js
sbb-portal.boncard.ch/izimodal/js/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/izimodal/js/izimodal.min.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7d9cb15c912bb80237603bdce7a565d9673294fa299190960f860537547b0700
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
8588
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
ETag
"e1a3faa6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
comboBox.js
sbb-portal.boncard.ch/ 		259 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/comboBox.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
985a64a912615a5010adb9fa41cb2461ccc6a88b0c57a718c83628050c791f95
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
237
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:25 GMT
Server
Microsoft-IIS/10.0
ETag
"b6d867a6acccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
RequestHandler.js
sbb-portal.boncard.ch/Scripts/ 		464 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/Scripts/RequestHandler.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7aa4385c4a5d277a06e8c76cff9a42bf71650e12d0badfd057aa37a38c8eaf79
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
291
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"208f5dadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
jquery-ui.min.js
ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/ 		223 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ajax.googleapis.com/ajax/libs/jqueryui/1.10.2/jquery-ui.min.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 27 Jun 2024 04:08:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
573900
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
60637
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="hosted-libraries-pushers"
vary
Accept-Encoding
report-to
{"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 27 Jun 2025 04:08:36 GMT
jquery.dragtable.js
sbb-portal.boncard.ch/scripts/GridViewConfigurator/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/scripts/GridViewConfigurator/jquery.dragtable.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
954250ff91ebbcc502988eb01a6a7b90c903f6618cf8584d82aa298172fdce84
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
6387
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"9ef34fadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
GridViewConfigurator.js
sbb-portal.boncard.ch/scripts/GridViewConfigurator/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/scripts/GridViewConfigurator/GridViewConfigurator.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3978b9b2e30ea33e2170fea542f7d1048afc7517e2784468b02a0c325cb50bb8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
1025
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"9ef34fadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
WebResource.axd
sbb-portal.boncard.ch/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZLsD-kbKV36GdelLH03dqyaP6jioAKt3c6FYlAeJnBOyXp7GpZweywcMXq6p_OX47Q2&t=638459133597698506
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
6007
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Wed, 13 Mar 2024 06:55:59 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:59 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		26 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=nv7asgRUU0tRmHNR2D6t1HQff3V88_UgueCOgj7RcxZRiSgQrZjJebuHCu5lsZ5xAJ0gCByiTso1Luga8eEfsZLZ1Otlwpx1SWzYCsMO0zR2RCEJk6OjXoD9cXeInk43J6w9xeBth6Q6lAqX2KnFLQ2&t=626ac140
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
5479
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 23:15:19 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 23:15:19 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		100 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=NJmAwtEo3Ipnlaxl6CMhvijfWPhnOGFi9U44AFJIxUoE3a-YBAEZCGlW_4rm0mWl1cdnWQP2fjcw0Xlp2Av1rpllvlL7Nf_2wR26jHAPPHRMxkBGEKOybmnbcWK2xelIclejg2KMqdWMfRsJYC4MqDdX-tNbxZ2bmsxw6PfIMIM1&t=2aed0f1
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
25609
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:50:40 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:50:40 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		39 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=dwY9oWetJoJoVpgL6Zq8OBxTGijZlyZjEm8FP9yMaD8Qd9nZ15GTiNbKfe4dIGhT-yuq7C0P508vCwnj5ScWCtv683MQfqASTUXN1Fa99m8wtVETt8WIi7lGiuMLnvaAdgO7bqE-ccVCLwhGR5L_nha4Facwhjezg3-hUvJPV1c1&t=2aed0f1
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
9984
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 23:15:14 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 23:15:14 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=eE6V8nDbUVn0gtG6hKNX_AuV5p5cWjAFieiNsRj8oWekDKFmNocl_hK-F_jvnGkdhT6dRjQYgs7zEeSV0GTI38v91UsWChdLCcMSpbA5HPgrG_2DZZJjlyRjaAcpkdca0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
351064c4585c86aa016649d1e4fde71419edc20a9b1d5c533679381aa0cde8d5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
3586
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:54 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:54 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		65 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=o_vNSXsTDUZMyseHF-KleXtqKSSI24QMnbEU_f9BdV5Gx4OlmBWP8SfLA7alNahvKtdNvP4WiURGetcHofoKG8bQgrYxg8HLsmxvnMtkd8mUJsL1J_tEvPNYlfMaBvyO8R_2YEe_fOzZpmwYqObehw2&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f0441a5fde4f9853ad456b0f4931024d6308336b5e1abeeed84bfc2402c3e570
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
84
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:54 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:54 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=mcAASOSteirJeuV-3by3UVPRbiqgnwPvUP8cFTuBQOzdyi3iR2KcHpD6L8zmEnt7Otda2PostE_YQKDWWRUBh2UNcVKjQ_ZgLq7WodpOZDw1&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4ff9de1d1e2d4e9c4ffab3ca34f8ad8519615ccee0365951a122bddb955b5f0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
4855
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:50:31 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:50:31 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		877 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=jwf4VSQi7LeShc44FJ-gAeaCtDlcvWdZbyMta5d8-maQsqXzOvKbtlWlnX21b5hvG--sp4A_5f3K5t9atuD9wX0dE-9h9bvxRT_H7hd90FFE0W6B03jt2E4_AC3OT65a0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d4d19f0fb634296b2d6238acd844a6c6365e9ab8a88144b44d4e48b17ba9a0a6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
441
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:05:02 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:05:02 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=nai7mGcYyE2dix_TwveLDSv6lDdmldFpahKoBtvwKcv_HmNIG96ZU9dQQ0aAvQq6ygqIFYRyb1geLTn66iDJLCTlyUigVOQ1RMsy_f35vz9swnj5Na5bELOye2e4dTON0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1b3068f985b0c1d75fc9efbe162d26b35f5191118809a3aa8641c0829b469f54
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
540
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:51 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:51 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		17 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=yDT7ulzE00Yqzs5zd38bJ71RAI_uIeD5ylCVXwNI7zoz4J40SmN2pTqJAH6acWuHPQRFa8zBuFqb-fdNhZyCLa6zP1Fv_7uRpqBvNgoBy-CZnOlN5K5fjOwtzYe0JlMb0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
cd439da677cfeb4ace5db3902e70c419d4d3e1cf9376127cffaf08748f778f0f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
3450
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:57 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:57 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=HEFpVKbnoeQjkjHkFKu3MKzPyA1dclziBXuJMGsUSPXAFESh3lzbXoSSoR0tvftRNNWaGPfvK9SZocpFyWM2bBWBII_j1hPBHag_4F8zWGf1ZyV00X-8YYYDaYkQnRBI0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c29095adeab0840f0495ebb337c8a5d4fc795750f8e8caf8fe59a30cefbb25f3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
2025
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:50 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:50 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=5ib3lCcyinHeLQmkwMF7Ev01vAKAKxD6s-A6b-E4eIdEf-uP9rGMnIlxH3ZKaMaxKrpomcLDPxfk3Ue64dnJkW_rLMXJ_s7dQD10e0G_bcz2NU_5EtkLSmbmxhqlt_Yi0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0a3174020a8ed2f03872df7f5083f5cdbd782763a8022b01a88edcd0205c3857
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
892
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:55 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:55 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=iON9Jxe8QCRam1nkdNLgkQoXtirHRtbXql7_5Xo_CsLK4M_9wIVzyyv5ZTWQxW0uZpjZpSgETODDzlpAiy4vjQyOnutZtiRJ6H35fefXKINsJHEbePieFp4FY1QRU4130&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4414722890ed44d6ef1ad43a9e4740a72ae1549d35be2452df2df0dbb233d06e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
1840
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:05:00 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:05:00 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=xGmPTKfsNy0_1Sr5I58kO4QwA5RSG1mq5tSoYn6cMku7ggGBDoNkAV_onDgIhvYMPbgZlSJ_b4Bv8UjjJACRXfacVlyjTjJRwgtn9E8ucUss5G9jd-2fHU8Oxcn4-WHB0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f3c506031213cef52b137254e8ca19c84e46631ddd18fa38256491743d7958ae
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
1722
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:04:57 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:04:57 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		32 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=LQ1q2RBSthBAZhliMjtG_1UVOMN1ETzY2Twph-8K9v8XYq0bXpnZefk2Bc07z2W3jM2bKU4XJCssJgkbLwfpqzRXhdj2pFk0Y8OYXGrqjA5-G321kWp65dkUTLBSsIu_0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6cdd41c07788c24ec2eea773b1467dfe65ce90a620106d29b2ea9d9a22b5bab7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
6327
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:05:01 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:05:01 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		8 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=VOYD8Xe7kQA0lniBYXVpAsMHTZGL8kCaWO8Y8t8sgIHhXZJZSmHSlUjqpqxqaKe2L8BnkRQTPfKr4DstN9zH4TrxL09ilI02TFWphZuNcUgwDRGr2fMUmj3nKLdnu7ne0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
6b2afbeaebec8c306a47c14214c92d12dca51838721a4b6fbe4b39176d81213d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
1499
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:50:38 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:50:38 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		7 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=hOeJu0xhC-uW6Gf8ooKdXp5id5jdCCxMJNKOujNYsGMFWpNHfZWPDB0EMy8desk355UvvCGx5U8QIA6IwwV5P_ezB4fQWigqLc8llLxPaQG9RHzdRxfDTN518ZA_WGmu0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f4800fd5a0865d1af7a7461c8fc1384b1de6bdd3308f29eb712e926dbdd0f0b2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
1553
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:50:35 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:50:35 GMT
ScriptResource.axd
sbb-portal.boncard.ch/ 		22 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/ScriptResource.axd?d=XlV9GqTk6b5uqDuL38kZ4LtVy62VTrHmYOqb6aX0EOI44cCMoqT_hij_G7Wquy9MweLscHe1mdlS0Anl-m1_kwOnK256YD2KGsdh4ASCLf8kKkG7gtVGRORIcRS4WaUS0&t=7d5986a
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4f201a9db257558e03914601b1fb3cd538a2b71bddfe58d889ef590fe9e117fe
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
4268
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 22:05:00 GMT
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Content-Type
text/javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 22:05:00 GMT
WebResource.axd
sbb-portal.boncard.ch/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/WebResource.axd?d=JoBkLzP19aTuxbWOhHobYsGIDzbTdAsnD0u3L-pkkjCsLMhsuoGIgaUUnR8hiZStMN43bqOUKFB5A1sJdebYGw2&t=638459133597698506
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
X-AspNet-Version
4.0.30319
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
978
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Wed, 13 Mar 2024 06:55:59 GMT
Server
Microsoft-IIS/10.0
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Cache-Control
public
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Expires
Wed, 02 Jul 2025 23:15:19 GMT
select2.js
sbb-portal.boncard.ch/Select2/js/ 		156 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/Select2/js/select2.js
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f08bf5582e38e062cc898db094ce317ae54e10127103b2e851a929a2f36fb8ca
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
46678
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"d6406aadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/x-javascript
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
select2.css
sbb-portal.boncard.ch/Select2/css/ 		19 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/Select2/css/select2.css?ver=10.218
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
319d2ea7f4263b0f12e2592b0e66b96ad34c70a7305b7f84435b75330312f85c
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Permitted-Cross-Domain-Policies
none
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Content-Length
3723
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
ETag
"208f5dadacccda1:0"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
sms_sds.png
sbb-portal.boncard.ch/images/ 		57 KB
58 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/images/sms_sds.png
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
c04fdd57d47165d58178c694103ab72c26766f52f21afa5bf59de6bcc4214d12
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"829f6a6acccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/png
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
58134
X-XSS-Protection
1; mode=block
loeschen%20-%20kreuz_16.png
sbb-portal.boncard.ch/Icons/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/Icons/loeschen%20-%20kreuz_16.png
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
f429df472dd065ffd67c0fe82fa732965a60a6f35035955d5e37f251fe2d6e6e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"ab6090a6acccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/png
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
3546
X-XSS-Protection
1; mode=block
info%20-%20i_48.png
sbb-portal.boncard.ch/Icons/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/Icons/info%20-%20i_48.png
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
89dfdc6efb79aeebdc080ce9a48fc51ef77f0e72504606ca8128081177ec6b8b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"3138ca6acccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/png
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
50235
X-XSS-Protection
1; mode=block
spacer.gif
sbb-portal.boncard.ch/images/ 		43 B
953 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/images/spacer.gif
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"829f6a6acccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/gif
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
43
X-XSS-Protection
1; mode=block
ajax-loader1.gif
sbb-portal.boncard.ch/images/ 		35 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/images/ajax-loader1.gif
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/Login.aspx
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fd969eab7bf38ffda200dcbf707646810df3039138abe643793c20404ecf5900
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:26 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"a1bd0a6acccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/gif
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
36044
X-XSS-Protection
1; mode=block
header.jpg
sbb-portal.boncard.ch/MasterPageResources/SBB_3/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/images/header.jpg
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.css?ver=10.218
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b6d4a121fd06dba97ece3e28934939b4f12f3c157f0e1b21ba5ebed23f31a336
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"199290abacccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/jpeg
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
2624
X-XSS-Protection
1; mode=block
SBBWeb-Roman.ttf
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		161 KB
162 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/SBBWeb-Roman.ttf
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.css?ver=10.218
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
00381d39bf63917b45c1932402cabfa9971ff490b5540ef5b0d206007df27577
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://sbb-portal.boncard.ch
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"105c9eabacccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
application/octet-stream
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
165028
X-XSS-Protection
1; mode=block
object100365017.png
sbb-portal.boncard.ch/MasterPageResources/SBB_3/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/images/object100365017.png
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.css?ver=10.218
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
60891545ad989ea99fed489032860da49ade1090d897dade5057692e0be305dc
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"eff692abacccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/png
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
3779
X-XSS-Protection
1; mode=block
home_white.png
sbb-portal.boncard.ch/resources/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sbb-portal.boncard.ch/resources/home_white.png
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.css?ver=10.218
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1e6535b41ebde4356d8108bb628f1164265d1859c442b2486a6b38f2bf736252
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:37 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"e4649adacccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/png
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
3338
X-XSS-Protection
1; mode=block
roboto-regular.ttf
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		164 KB
165 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/roboto-regular.ttf
Requested by
Host: sbb-portal.boncard.ch
URL: https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/style.css?ver=10.218
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
319cff6e7a31f0f2a41c475dca42890aa5d19fe16017e2290f8c1d4e14f76481
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://sbb-portal.boncard.ch
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"45899dabacccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
application/octet-stream
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
168260
X-XSS-Protection
1; mode=block
favicon.ico
sbb-portal.boncard.ch/MasterPageResources/SBB_3/ 		98 KB
99 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
51.107.58.160 Zurich, Switzerland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4addea022e0a5cdc962c6b85fb864d832eab3644ead37d59057503bc34e9f39a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-CH,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 03 Jul 2024 19:33:36 GMT
Strict-Transport-Security
max-age=2592000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Last-Modified
Tue, 02 Jul 2024 18:21:34 GMT
Server
Microsoft-IIS/10.0
X-Permitted-Cross-Domain-Policies
none
ETag
"4d218eabacccda1:0"
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
X-Frame-Options
DENY
Content-Type
image/x-icon
Permissions-Policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Accept-Ranges
bytes
Content-Length
100145
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

168 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| $ function| jQuery function| openWin function| openTab function| openInNewTab function| showModal function| adjustModalSize function| findParentByTagName function| calculateLuhnCheckDigit function| validateDecimalInput function| navigatorResizeHandler function| processElementMultiplyBg function| responsiveNavigator function| setHMenuOpenDirection function| menuExtendedCreate function| artButtonSetup function| Control function| fixRssIconLineHeight function| ThemeLightbox function| applyCss function| uniToPx function| isContentSlider function| sheetLeftFunc object| headerObjectResizer object| browser object| jQuery19108739202067785201 function| BackgroundHelper object| resizeData object| defaultResponsiveData object| responsiveDesign function| responsiveAbsBg function| responsiveImages function| responsiveVideos function| responsiveTextblocks function| responsiveSlider function| responsiveCollages function| responsiveHeader function| responsiveLayoutCell object| jQuery19108270563658231063 object| iziToast object| $iziModal function| DisplayComboText function| EndRequestHandler function| BeginRequestHandler function| DP_jQuery_1720035216966 function| saveIt function| saveSuccess function| saveIt2 object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY string| Page_ValidationVer boolean| Page_IsValid boolean| Page_BlockSubmit object| Page_InvalidControlToBeFocused object| Page_TextTypes function| ValidatorUpdateDisplay function| ValidatorUpdateIsValid function| AllValidatorsValid function| ValidatorHookupControlID function| ValidatorHookupControl function| ValidatorHookupEvent function| ValidatorGetValue function| ValidatorGetValueRecursive function| Page_ClientValidate function| ValidatorCommonOnSubmit function| ValidatorEnable function| ValidatorOnChange function| ValidatedTextBoxOnKeyPress function| ValidatedControlOnBlur function| ValidatorValidate function| ValidatorSetFocus function| IsInVisibleContainer function| IsValidationGroupMatch function| ValidatorOnLoad function| ValidatorConvert function| ValidatorCompare function| CompareValidatorEvaluateIsValid function| CustomValidatorEvaluateIsValid function| RegularExpressionValidatorEvaluateIsValid function| ValidatorTrim function| RequiredFieldValidatorEvaluateIsValid function| RangeValidatorEvaluateIsValid function| ValidationSummaryOnSubmit object| __cultureInfo function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events object| CommonToolkitScripts object| $common boolean| isUnminified object| $AA function| WebForm_FindFirstFocusableChild function| WebForm_AutoFocus function| WebForm_CanFocus function| WebForm_IsFocusableTag function| WebForm_IsInVisibleContainer function| WebForm_OnSubmit function| InitializeDefaultHeaderControls number| sessionTimeout function| DisplaySessionTimeout function| Navigate function| cancelBackspace string| ModalProgress string| loadingProgress string| imgTrueli function| UpdateImg function| showTrueli object| Page_Validators object| ctl00_SheetContentPlaceHolder_ctl00_ctl00_Login1_UserNameRequired object| ctl00_SheetContentPlaceHolder_ctl00_ctl00_Login1_PasswordRequired boolean| Page_ValidationActive function| ValidatorOnSubmit number| d object| Page_ValidationSummaries object| e

3 Cookies

Domain/Path Name / Value
.sbb-portal.boncard.ch/ Name: ARRAffinity
Value: 947f31875fc2c9a54d8f0704ae649c1f3f62e07e31b104ff0121262225ec4baa
.sbb-portal.boncard.ch/ Name: ARRAffinitySameSite
Value: 947f31875fc2c9a54d8f0704ae649c1f3f62e07e31b104ff0121262225ec4baa
sbb-portal.boncard.ch/ Name: ASP.NET_SessionId
Value: 5ugsujk12dtschrnroqxb1p3

3 Console Messages

Source Level URL
Text
network error URL: https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/MasterPageAddon.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://sbb-portal.boncard.ch/Login.aspx
Message:
Refused to execute script from 'https://sbb-portal.boncard.ch/MasterPageResources/SBB_3/MasterPageAddon.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
recommendation verbose URL: https://sbb-portal.boncard.ch/Login.aspx
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' fonts.googleapis.com; font-src 'self' fonts.gstatic.com ka-f.fontawesome.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' ajax.googleapis.com kit.fontawesome.com; connect-src 'self' https:; img-src 'self' https: data: blob:
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.googleapis.com
fonts.googleapis.com
sbb-portal.boncard.ch
2a00:1450:4001:800::200a
2a00:1450:4001:810::200a
51.107.58.160
00381d39bf63917b45c1932402cabfa9971ff490b5540ef5b0d206007df27577
0a3174020a8ed2f03872df7f5083f5cdbd782763a8022b01a88edcd0205c3857
0ff589913259eeb6bbafd3f3c89f86db50474a9b9b2e1a2d96a8552df20ad67e
144524233f795d6a425b76f7ae5c0bb622b5f67e2e6ae73532ad526528ca07cf
16089a42741acc5fd00ab17da92be9458e8f0029fd645f159e582a7ea0f52ec1
1b3068f985b0c1d75fc9efbe162d26b35f5191118809a3aa8641c0829b469f54
1e6535b41ebde4356d8108bb628f1164265d1859c442b2486a6b38f2bf736252
20638e363fcc5152155f24b281303e17da62da62d24ef5dcf863b184d9a25734
27775c671902e962265042e7df2363cccbcbaf7f3538d1c99f5cd9d3bbdd4cb0
2a5e912bfa1c843535ff48d3a72503ffc98342d69295718b09a488b39addd105
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
319cff6e7a31f0f2a41c475dca42890aa5d19fe16017e2290f8c1d4e14f76481
319d2ea7f4263b0f12e2592b0e66b96ad34c70a7305b7f84435b75330312f85c
351064c4585c86aa016649d1e4fde71419edc20a9b1d5c533679381aa0cde8d5
36b2057eb5eef261a2cbb8c149dcf3a11edaa15ccd8e3d462eb34999f5ff8f2a
3978b9b2e30ea33e2170fea542f7d1048afc7517e2784468b02a0c325cb50bb8
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
3f93939a32d53667337d1f980bb4fcac832e561c97882de60da2b9e49426d95a
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4414722890ed44d6ef1ad43a9e4740a72ae1549d35be2452df2df0dbb233d06e
4999eede56af5233889aa38d6c26d966dc2734b67b2db14f00d7c0bcb12ae37d
4addea022e0a5cdc962c6b85fb864d832eab3644ead37d59057503bc34e9f39a
4f201a9db257558e03914601b1fb3cd538a2b71bddfe58d889ef590fe9e117fe
4ff9de1d1e2d4e9c4ffab3ca34f8ad8519615ccee0365951a122bddb955b5f0f
60891545ad989ea99fed489032860da49ade1090d897dade5057692e0be305dc
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
687b2dd0a60b3d1360c4e9dcea47e9db3d2d368b9da09fc9a48b4d268bb43ace
6b2afbeaebec8c306a47c14214c92d12dca51838721a4b6fbe4b39176d81213d
6cdd41c07788c24ec2eea773b1467dfe65ce90a620106d29b2ea9d9a22b5bab7
7911dcd9d0a07824b3b77fd7e69e5a3712048f739393c29d1b146c93da028e13
7aa4385c4a5d277a06e8c76cff9a42bf71650e12d0badfd057aa37a38c8eaf79
7d9cb15c912bb80237603bdce7a565d9673294fa299190960f860537547b0700
7fa7d6e3b4039b59b4d4721ea7e523a42a4dc0b56405829df9f8696f8550fa01
89dfdc6efb79aeebdc080ce9a48fc51ef77f0e72504606ca8128081177ec6b8b
8cd9a1e646ff299fa205fe757ee44ac2d9d7bc13f78d7a491290d95cb689dac0
954250ff91ebbcc502988eb01a6a7b90c903f6618cf8584d82aa298172fdce84
985a64a912615a5010adb9fa41cb2461ccc6a88b0c57a718c83628050c791f95
99078b8e416d58524493db9b1af1de0ec564f2ff6b3bb3a4372ba01aba7e4e4c
9e0eba62679628b62235b3f37c37708ae385d1ee6f5a052d18e831a3ba7e3571
b02e55b3acdb8272cff9464c9a1718bfc3a18d6008318fc8437b5699393a2a5e
b6d4a121fd06dba97ece3e28934939b4f12f3c157f0e1b21ba5ebed23f31a336
be7823de0035d66e8362de257bfea25ba1d043bc14f67cbe46b460053ba39e62
c04fdd57d47165d58178c694103ab72c26766f52f21afa5bf59de6bcc4214d12
c29095adeab0840f0495ebb337c8a5d4fc795750f8e8caf8fe59a30cefbb25f3
c3cf4212c71e2214362c7194f33e60804c1ee824c3df329d5e207c2d05f523d3
cd439da677cfeb4ace5db3902e70c419d4d3e1cf9376127cffaf08748f778f0f
d4d19f0fb634296b2d6238acd844a6c6365e9ab8a88144b44d4e48b17ba9a0a6
ed286dde4ef5eb7ae7bffbfbae0670a903e48817a82faf2877a083bae23fab08
ef9453f74b2617d43dcef4242cf5845101fcfb57289c81bceb20042b0023a192
f0441a5fde4f9853ad456b0f4931024d6308336b5e1abeeed84bfc2402c3e570
f08bf5582e38e062cc898db094ce317ae54e10127103b2e851a929a2f36fb8ca
f3c506031213cef52b137254e8ca19c84e46631ddd18fa38256491743d7958ae
f429df472dd065ffd67c0fe82fa732965a60a6f35035955d5e37f251fe2d6e6e
f4800fd5a0865d1af7a7461c8fc1384b1de6bdd3308f29eb712e926dbdd0f0b2
fcfd9bebfbe5742f3e00c5aa772f90e5163e04e7f98a4096269d8242cc6e7b56
fd969eab7bf38ffda200dcbf707646810df3039138abe643793c20404ecf5900
ffe72098dcc4840b01b476fef2d64642e73823f88f41b57e2eb8dd0a46e1d442