Submitted URL: https://sft-test.usbank.com/
Effective URL: https://sft-test.usbank.com/WidgetSignon/login.html
Submission: On October 29 via manual from US — Scanned from US

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 19 HTTP transactions. The main IP is 23.201.177.45, located in United States and belongs to AKAMAI-AS, US. The main domain is sft-test.usbank.com.
TLS certificate: Issued by Entrust Certification Authority - L1M on October 3rd 2024. Valid for: a year.
This is the only time sft-test.usbank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 16 23.201.177.45 16625 (AKAMAI-AS)
1 2a04:4e42:200... 54113 (FASTLY)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
19 4
Apex Domain
Subdomains
Transfer
17 usbank.com
sft-test.usbank.com
uat2-onlinebanking.usbank.com
uat1-onlinebanking.usbank.com — Cisco Umbrella Rank: 227496
alpha-api.usbank.com
content.usbank.com — Cisco Umbrella Rank: 26848
uat4-onlinebanking.usbank.com Failed
1 MB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 791
31 KB
19 2
Domain Requested by
7 sft-test.usbank.com 1 redirects sft-test.usbank.com
4 uat1-onlinebanking.usbank.com sft-test.usbank.com
uat1-onlinebanking.usbank.com
3 uat2-onlinebanking.usbank.com sft-test.usbank.com
2 alpha-api.usbank.com uat1-onlinebanking.usbank.com
1 content.usbank.com
1 code.jquery.com sft-test.usbank.com
0 uat4-onlinebanking.usbank.com Failed uat1-onlinebanking.usbank.com
19 7

This site contains no links.

Subject Issuer Validity Valid
uat5.www.usbank.com
Entrust Certification Authority - L1M
2024-10-03 -
2025-11-03
a year crt.sh
*.jquery.com
Sectigo ECC Domain Validation Secure Server CA
2024-06-25 -
2025-06-25
a year crt.sh
usb.usbank.com
Entrust Certification Authority - L1M
2024-06-27 -
2025-07-27
a year crt.sh

This page contains 1 frames:

Primary Page: https://sft-test.usbank.com/WidgetSignon/login.html
Frame ID: 9D0B9708DE7DF46FBF6A83CC974A8ECD
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

U.S. Bank Secure File Transfer

Page URL History Show full URLs

  1. https://sft-test.usbank.com/ HTTP 302
    https://sft-test.usbank.com/WidgetSignon/login.html Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

19
Requests

89 %
HTTPS

67 %
IPv6

2
Domains

7
Subdomains

4
IPs

1
Countries

1295 kB
Transfer

5567 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://sft-test.usbank.com/ HTTP 302
    https://sft-test.usbank.com/WidgetSignon/login.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login.html
sft-test.usbank.com/WidgetSignon/
Redirect Chain
  • https://sft-test.usbank.com/
  • https://sft-test.usbank.com/WidgetSignon/login.html
11 KB
4 KB
Document
General
Full URL
https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
HTTP Server /
Resource Hash
eaa193b0f8fd41dcafc4f08c208ff4d3ea4981955a44fe2c519f022bc83551c4
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

akamai-grn
0.ad24c317.1730226933.fb6bff4a
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
content-length
3327
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Tue, 29 Oct 2024 18:35:33 GMT
referrer-policy
no-referrer-when-downgrade
server
HTTP Server
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-akamai-transformed
9 10966 0 pmb=mTOE,1
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

akamai-grn
0.ad24c317.1730226933.fb6bf9f4
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-length
0
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
date
Tue, 29 Oct 2024 18:35:33 GMT
location
/WidgetSignon/login.html
referrer-policy
no-referrer-when-downgrade
server
HTTP Server
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
login.js
sft-test.usbank.com/WidgetSignon/resources/
10 KB
10 KB
Script
General
Full URL
https://sft-test.usbank.com/WidgetSignon/resources/login.js
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
HTTP Server /
Resource Hash
39b11e57638505b6f5670ab39710fd79a07f7e4b2d733abc56c94059cbd60002
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-length
10290
x-xss-protection
1; mode=block
date
Tue, 29 Oct 2024 18:35:34 GMT
content-type
application/javascript; charset=UTF-8
akamai-grn
0.ad24c317.1730226934.fb6c0656
server
HTTP Server
x-frame-options
SAMEORIGIN
jquery-3.6.1.min.js
code.jquery.com/
88 KB
31 KB
Script
General
Full URL
https://code.jquery.com/jquery-3.6.1.min.js
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::649 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

content-encoding
gzip
etag
W/"28feccc0-15e40"
age
218920
x-cache
HIT, HIT
date
Tue, 29 Oct 2024 18:35:34 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
x-cache-hits
1, 5551
last-modified
Fri, 18 Oct 1991 12:00:00 GMT
x-served-by
cache-lga13629-LGA, cache-mia-kmia1760079-MIA
cache-control
public, max-age=31536000, stale-while-revalidate=604800
x-timer
S1730226934.001325,VS0,VE0
via
1.1 varnish, 1.1 varnish
accept-ranges
bytes
access-control-allow-origin
*
content-length
30957
server
nginx
stylesheet.css
sft-test.usbank.com/WidgetSignon/resources/
6 KB
2 KB
Stylesheet
General
Full URL
https://sft-test.usbank.com/WidgetSignon/resources/stylesheet.css
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
HTTP Server /
Resource Hash
23f98395289b452c8a2dfa7c37dea3eb4573715371a25cb85350166238d083dc
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000
akamai-grn
0.ad24c317.1730226934.fb6c0655
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
cache-control
no-store, no-cache, must-revalidate, max-age=0
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-length
1719
x-xss-protection
1; mode=block
date
Tue, 29 Oct 2024 18:35:34 GMT
content-type
text/css; charset=UTF-8
vary
Accept-Encoding
server
HTTP Server
x-frame-options
SAMEORIGIN
react.production.min.js
uat2-onlinebanking.usbank.com/auth/login/staticlibs/
12 KB
5 KB
Script
General
Full URL
https://uat2-onlinebanking.usbank.com/auth/login/staticlibs/react.production.min.js
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
5cef9367d2bcaba25b74d20e0e139d2cf900e9123e5fde26101aee7f40f6b5cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
content-encoding
gzip
etag
W/"671ba73f-30af"
x-envoy-upstream-service-time
2
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:45:34 GMT
access-control-allow-origin
*
content-length
4904
date
Tue, 29 Oct 2024 18:35:34 GMT
akamai-grn
0.ad24c317.1730226933.fb6c0659
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 14:12:15 GMT
server
none
vary
Accept-Encoding
react-dom.production.min.js
uat2-onlinebanking.usbank.com/auth/login/staticlibs/
116 KB
38 KB
Script
General
Full URL
https://uat2-onlinebanking.usbank.com/auth/login/staticlibs/react-dom.production.min.js
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
4949f4e1cff9e8a960b44c9a8be70bc4bb10216eb4d0123ca61753e0908a0f87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
content-encoding
gzip
etag
W/"671ba73f-1cf80"
x-envoy-upstream-service-time
5
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:45:34 GMT
access-control-allow-origin
*
content-length
38398
date
Tue, 29 Oct 2024 18:35:34 GMT
akamai-grn
0.ad24c317.1730226933.fb6c0657
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 14:12:15 GMT
server
none
vary
Accept-Encoding
index.js
uat1-onlinebanking.usbank.com/auth/login/wmf/micro-app-loader/dist/umd/
3 KB
2 KB
Script
General
Full URL
https://uat1-onlinebanking.usbank.com/auth/login/wmf/micro-app-loader/dist/umd/index.js
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
561becff48f6dbededbef25320b3b8a40dafaae21863a7f192c4f473c84c1fad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
content-encoding
gzip
etag
W/"671ba70a-aa0"
x-envoy-upstream-service-time
2
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:45:34 GMT
access-control-allow-origin
*
content-length
1366
date
Tue, 29 Oct 2024 18:35:34 GMT
akamai-grn
0.ad24c317.1730226934.fb6c0950
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 14:11:22 GMT
server
none
vary
Accept-Encoding
babel.min.js
uat2-onlinebanking.usbank.com/auth/login/staticlibs/
3 MB
612 KB
Script
General
Full URL
https://uat2-onlinebanking.usbank.com/auth/login/staticlibs/babel.min.js
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
52a434e3d3fd0983c35a5906915d38834134c4bbaa2c45660a3a6075369b4a22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
content-encoding
gzip
etag
W/"671ba73f-2cb966"
x-envoy-upstream-service-time
6
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:45:34 GMT
access-control-allow-origin
*
content-length
626447
date
Tue, 29 Oct 2024 18:35:34 GMT
akamai-grn
0.ad24c317.1730226934.fb6c0658
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 14:12:15 GMT
server
none
vary
Accept-Encoding
USBankLogo.gif
sft-test.usbank.com/WidgetSignon/resources/
2 KB
3 KB
Image
General
Full URL
https://sft-test.usbank.com/WidgetSignon/resources/USBankLogo.gif
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/login.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
HTTP Server /
Resource Hash
be7a2dbd8e1b36e2e50ef810483459e5d1569245dc4180dc7a64a65889328c03
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-length
2450
x-xss-protection
1; mode=block
date
Tue, 29 Oct 2024 18:35:34 GMT
content-type
image/gif; charset=UTF-8
akamai-grn
0.ad24c317.1730226934.fb6c1299
server
HTTP Server
x-frame-options
SAMEORIGIN
MastheadBkgd_Map.gif
sft-test.usbank.com/WidgetSignon/resources/
6 KB
7 KB
Image
General
Full URL
https://sft-test.usbank.com/WidgetSignon/resources/MastheadBkgd_Map.gif
Requested by
Host: sft-test.usbank.com
URL: https://sft-test.usbank.com/WidgetSignon/resources/stylesheet.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
HTTP Server /
Resource Hash
c21e24565a91e86c9b2aff8708df0fa0dd50ececc698664adc1ec6abfa3cc768
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/resources/stylesheet.css

Response headers

strict-transport-security
max-age=31536000
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-length
6516
x-xss-protection
1; mode=block
date
Tue, 29 Oct 2024 18:35:35 GMT
content-type
image/gif; charset=UTF-8
akamai-grn
0.ad24c317.1730226935.fb6c19b8
server
HTTP Server
x-frame-options
SAMEORIGIN
manifest.json
uat1-onlinebanking.usbank.com/auth/login/wmf/latest/
2 KB
2 KB
Fetch
General
Full URL
https://uat1-onlinebanking.usbank.com/auth/login/wmf/latest/manifest.json
Requested by
Host: uat1-onlinebanking.usbank.com
URL: https://uat1-onlinebanking.usbank.com/auth/login/wmf/micro-app-loader/dist/umd/index.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
a67a1835da218eb262645a0730914825282ea91cf66a777b5ff82b50118f641f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=15
content-encoding
gzip
etag
W/"671ba70a-80f"
x-envoy-upstream-service-time
2
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:35:50 GMT
access-control-allow-origin
*
content-length
502
date
Tue, 29 Oct 2024 18:35:35 GMT
akamai-grn
0.ad24c317.1730226935.fb6c1e01
content-type
application/json
last-modified
Fri, 25 Oct 2024 14:11:22 GMT
server
none
vary
Accept-Encoding
favicon.ico
sft-test.usbank.com/
1 KB
2 KB
Other
General
Full URL
https://sft-test.usbank.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
HTTP Server /
Resource Hash
a85c98aca7f14ff02c722538988491eca8a5541970f7be7112938b1e35083ee4
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000
content-security-policy
object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
cache-control
no-store, no-cache, must-revalidate, max-age=0
referrer-policy
no-referrer-when-downgrade
x-content-type-options
nosniff
content-length
1406
x-xss-protection
1; mode=block
date
Tue, 29 Oct 2024 18:35:35 GMT
content-type
image/ico; charset=UTF-8
akamai-grn
0.ad24c317.1730226935.fb6c1df5
server
HTTP Server
x-frame-options
SAMEORIGIN
main-5df5c035009cb6a85565.js
uat1-onlinebanking.usbank.com/auth/login/wmf/latest/
2 MB
440 KB
Script
General
Full URL
https://uat1-onlinebanking.usbank.com/auth/login/wmf/latest/main-5df5c035009cb6a85565.js
Requested by
Host: uat1-onlinebanking.usbank.com
URL: https://uat1-onlinebanking.usbank.com/auth/login/wmf/micro-app-loader/dist/umd/index.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
12c33cc8b95f6d0b95ff21dceac7deaad5063bb8dc50ac5474225f755231fc51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
content-encoding
gzip
etag
W/"671ba70a-1f1fa0"
x-envoy-upstream-service-time
5
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:45:36 GMT
access-control-allow-origin
*
content-length
449479
date
Tue, 29 Oct 2024 18:35:36 GMT
akamai-grn
0.ad24c317.1730226936.fb6c2b9d
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 14:11:22 GMT
server
none
vary
Accept-Encoding
config
alpha-api.usbank.com/authentication/customer-auth/app-config/v1/
0
0
Preflight
General
Full URL
https://alpha-api.usbank.com/authentication/customer-auth/app-config/v1/config
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
ak,app-id,app-version,channel-id,correlation-id,interaction-id,tenant-id
Access-Control-Request-Method
GET
Origin
https://sft-test.usbank.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
access-control-allow-origin, ak, app-id, tenant-id, channel-id, app-version, correlation-id, interaction-id, remember-me-token
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://sft-test.usbank.com
access-control-max-age
86400
content-length
123
content-security-policy
default-src 'self';
content-type
application/json
date
Tue, 29 Oct 2024 18:35:37 GMT
strict-transport-security
max-age=31536000; includeSubDomains
HelveticaNeueLTW04-55Roman.woff2
content.usbank.com/content/dam/onlinebanking/common/static/fonts/
41 KB
42 KB
Font
General
Full URL
https://content.usbank.com/content/dam/onlinebanking/common/static/fonts/HelveticaNeueLTW04-55Roman.woff2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:141b:1c00:2581::39f0 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Apache /
Resource Hash
f0d0bf9731f51367f0cafa9b577e7cc77c1532e7c66b27bd51f7c8bb670d05d6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://sft-test.usbank.com
Referer
https://sft-test.usbank.com/

Response headers

akamai-grn
0.6da6d017.1730226937.5491651
cache-control
max-age=84600
etag
"a58c-5ff192c79d340"
x-content-type-options
nosniff
accept-ranges
bytes
access-control-allow-origin
*
content-length
42380
x-xss-protection
1
date
Tue, 29 Oct 2024 18:35:37 GMT
content-disposition
attachment; filename="HelveticaNeueLTW04-55Roman.woff2"
last-modified
Tue, 27 Jun 2023 09:34:29 GMT
server
Apache
content-type
application/octet-stream
x-frame-options
SAMEORIGIN
config
alpha-api.usbank.com/authentication/customer-auth/app-config/v1/
2 KB
4 KB
XHR
General
Full URL
https://alpha-api.usbank.com/authentication/customer-auth/app-config/v1/config
Requested by
Host: uat1-onlinebanking.usbank.com
URL: https://uat1-onlinebanking.usbank.com/auth/login/wmf/latest/main-5df5c035009cb6a85565.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e69a2319267a92158d3fb757b0c28b21c4eaa1debeb386683a3bc34ec5cfb71a
Security Headers
Name Value
Content-Security-Policy default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Channel-ID
web
Interaction-ID
73956e3a-9ea4-458c-8be3-6b42869bbd3e
AK
emN4VDV6hXAjwIRvzkRfEX2xOjadGy67
Referer
https://sft-test.usbank.com/WidgetSignon/login.html
Correlation-ID
92250ad7-ad8b-4339-820b-8de6ce4ef6d4
App-Version
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
App-ID
SterlingFileGateway
Tenant-ID
USB

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-security-policy
default-src 'self';
cache-control
no-store
x-envoy-upstream-service-time
4
correlation-id
92250ad7-ad8b-4339-820b-8de6ce4ef6d4
access-control-allow-origin
*
content-length
2195
date
Tue, 29 Oct 2024 18:35:37 GMT
content-type
application/json
23-84407b6d1ad660b54e36.js
uat1-onlinebanking.usbank.com/auth/login/wmf/latest/
413 KB
92 KB
Script
General
Full URL
https://uat1-onlinebanking.usbank.com/auth/login/wmf/latest/23-84407b6d1ad660b54e36.js
Requested by
Host: uat1-onlinebanking.usbank.com
URL: https://uat1-onlinebanking.usbank.com/auth/login/wmf/latest/main-5df5c035009cb6a85565.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.177.45 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-177-45.deploy.static.akamaitechnologies.com
Software
none /
Resource Hash
cc0b141f008b53b53620f9219db64c192a575a5fb88c95f77eb19356d7cc4bd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://sft-test.usbank.com/WidgetSignon/login.html

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=600
content-encoding
gzip
etag
W/"671ba70a-672ed"
x-envoy-upstream-service-time
4
x-content-type-options
nosniff
expires
Tue, 29 Oct 2024 18:45:38 GMT
access-control-allow-origin
*
content-length
93437
date
Tue, 29 Oct 2024 18:35:38 GMT
akamai-grn
0.ad24c317.1730226937.fb6c4f9c
content-type
application/javascript
last-modified
Fri, 25 Oct 2024 14:11:22 GMT
server
none
vary
Accept-Encoding
browser-log-transport
uat4-onlinebanking.usbank.com/digital/servicing/logging/
0
0

browser-log-transport
uat4-onlinebanking.usbank.com/digital/servicing/logging/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
uat4-onlinebanking.usbank.com
URL
https://uat4-onlinebanking.usbank.com/digital/servicing/logging/browser-log-transport
Domain
uat4-onlinebanking.usbank.com
URL
https://uat4-onlinebanking.usbank.com/digital/servicing/logging/browser-log-transport

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| ssoMsgText string| ssoMsgType string| loginForm1 string| initPageParm object| tempElem string| ssoMsgOnly string| loginURL string| logoutURL string| changePwURL function| genTopErrorMsg function| gotoLogin function| logout function| initialize function| goBack function| addPwdPolicies function| openCopyrightNotice function| changePassword function| setUpMessage function| popupMessage function| initPage function| $ function| jQuery object| React object| ReactDOM function| DS object| Babel object| antiClickjack object| header object| configSettings function| onTransmitAuthorizationSuccess function| onTransmitAuthorizationFailure object| process object| USBAuthLoginModule object| webpackChunkUSBAuthLoginModule object| appDTimers object| com object| aesjs object| elliptic function| sha256 function| sha224 object| __XMSDK_PLUGINS string| ConfigAppID

6 Cookies

Domain/Path Name / Value
.usbank.com/ Name: SSOTOKEN
Value:
.usbank.com/ Name: SSOPP
Value:
sft-test.usbank.com/ Name: FILEGATEWAY-TEST
Value: !clnGnpuqdHOKv5yOOPzTveyzLVnx7kCcOt/FdFMisQqqONxv63E4i09MgE1Jn52FzLka2o/D//PZxA==
.usbank.com/ Name: _abck
Value: B7654777992043842300F0A313ED8078~-1~YAAQrSTDFy8c5cqSAQAAE8+P2QyUeTbnxZ01cVttnzMwt8JwmOeo/AD9GBEO7C06iaF2GQO+Q3I3PUW0L77blsInImAZIhg7/Li2w16A7s9oXYwVPNy8NlRmaInwucauxAkzImJXPS5q5mtF4VO7xGVbPWxNmDbWgKPD3bzr2zCxNXbSfT/DUqLQ74Np/ZOVZn8Yb3sB9bgAJbt1N8sgvWb5gff0JWSUyXQfXQreMY2RtgOJNnKRue24D6j9lR0pEiSI8dbzk6niIVr8/Gb1qg/I9vC1sjOtoBGHCeKZIhkJ4L5+9uU136r80aASDibxFdg3Da3AZ0iw1Ko0j8Fgxh895WXY7w1OYChE8qrnAPgh00r552N2V2KpeyLeSrj+uBDBsK8/IFnhQB+kna57oQ6hs52ulj+9H/xD4Q==~-1~-1~-1
.usbank.com/ Name: SspWebSessionId
Value: F38d213f1eAb47E920Da
.usbank.com/ Name: bm_sz
Value: 58059EA5FB747B382D6084D36E91EFB4~YAAQrSTDF3gd5cqSAQAAcNCP2RlBlmYEeccz6CcJsQ8/ipZT2PEcUKk5B6jJKrCcXHGQvBmpRfyHqUgvs0WP+dgVkDmUsp2k2be0Ud9NeUs3fCjA7wYhHhkierP9dlFKkmaQ7ViidozuKi2a7KTIDNzgyDSQXS8I9WL88xHqoIywx+L8py6bGDJvXc0/P41/temTb6DHeYl5qepWjvbmWQArgjtavmmqHTvBVNCtkR8KAGHImJ6AgB5FoO9PwcjTUCCTOK6o25mNBcd6vP2ZOoiwH491p/fGC0CUWGfX/AbhzbMY4srohyZv1ccoiU8sNC5BSLU+HkDwDlURSh9xdx3nYvSoM8USwTAsdh9W5Ba3pTRGQH0fn0G4lghll1gOvg+tXigjFjL2KbPt2b1iTErt~4470593~3224886

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy object-src 'none'; script-src 'self' https://code.jquery.com/ https://*.usbank.com/auth/login/ 'unsafe-inline' 'unsafe-eval'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block