mydeal-dhp.gbm.hsbc.com Open in urlscan Pro
193.108.78.222  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request / Show response mydeal-dhp.gbm.hsbc.com/	3 KB 2 KB	1174ms 57ms	Document text/html	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash 94bd7cc1d280954fc767944a29c1e5ce17578c20dd0ae790bea5d382aca003d7 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 accept-language en-GB,en;q=0.9 Response headers accept-ranges bytes access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control no-cache, no-store, must-revalidate content-encoding gzip content-length 1347 content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default content-type text/html date Fri, 06 Oct 2023 02:17:02 GMT etag "041b51abcf2d91:0" last-modified Fri, 29 Sep 2023 10:02:50 GMT report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding x-content-type-options nosniff x-frame-options DENY x-powered-by ASP.NET x-xss-protection 1; mode=block
GET H2	200	2.2988646c.chunk.css mydeal-dhp.gbm.hsbc.com/static/css/	1 KB 710 B	161ms 161ms	Stylesheet text/css	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/static/css/2.2988646c.chunk.css Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash 41c7be339f6afc1d8e1b7b38470d66184f587f6597e276402f2493199600adb0 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default x-powered-by ASP.NET content-length 670 x-xss-protection 1; mode=block last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" vary Accept-Encoding x-frame-options DENY content-type text/css access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} cache-control public, max-age=604800 accept-ranges bytes
GET H2	200	main.da8e76e1.chunk.css mydeal-dhp.gbm.hsbc.com/static/css/	156 KB 37 KB	155ms 155ms	Stylesheet text/css	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/static/css/main.da8e76e1.chunk.css Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash 88fb4f1e1b2b884827c1a18a631dff6bbaa158864c132bf2421314185bfe82db Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default x-powered-by ASP.NET content-length 37718 x-xss-protection 1; mode=block last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type text/css access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 vary Accept-Encoding accept-ranges bytes
GET H2	200	2.c772e3bd.chunk.js Show response mydeal-dhp.gbm.hsbc.com/static/js/	4 MB 1 MB	170ms 170ms	Script application/javascript	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/static/js/2.c772e3bd.chunk.js Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash babd96e2d009e74a9328167e3a386c21ffa9d7d18b2c48e6048989a1b5606da0 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default x-powered-by ASP.NET x-xss-protection 1; mode=block last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type application/javascript access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 vary Accept-Encoding accept-ranges bytes
GET H2	200	main.6f34ca20.chunk.js Show response mydeal-dhp.gbm.hsbc.com/static/js/	799 KB 249 KB	226ms 226ms	Script application/javascript	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/static/js/main.6f34ca20.chunk.js Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash 744435362e2a40d86bf0d6d73ec4d0107168791f77538f081145004a0828b01e Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default x-powered-by ASP.NET x-xss-protection 1; mode=block last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type application/javascript access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 vary Accept-Encoding accept-ranges bytes
GET H2	200	utag.sync.js Show response tags.tiqcdn.com/utag/hsbc/global-gbm-mydeal/qa/	109 B 543 B	611ms 426ms	Script application/javascript	2600:9000:21f3:d600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/hsbc/global-gbm-mydeal/qa/utag.sync.js Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:d600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5ab0b02f7d2790fbddcb312d1aba8560cf6f11ec62a26a676b122f6957fa73ad Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers x-amz-version-id RLoZW1VSQWbEyd1eL89xRaqeEKhZ.7k0 date Fri, 06 Oct 2023 02:17:04 GMT via 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront) last-modified Wed, 07 Jun 2023 08:33:20 GMT server AmazonS3 x-amz-cf-pop FRA2-C2 x-amz-server-side-encryption AES256 etag "1ec3cbba4427b2af3a2e3b5f5dd40092" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript cache-control max-age=300 accept-ranges bytes content-length 109 x-amz-cf-id FLRl4yrdsi03O4uCK04pnAwY983hwTzDjPTa9XH-22Ctw-ahIaVESw==
GET H2	200	utag.js Show response tags.tiqcdn.com/utag/hsbc/global-gbm-mydeal/qa/	268 KB 66 KB	193ms 156ms	Script application/javascript	2600:9000:21f3:d600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/hsbc/global-gbm-mydeal/qa/utag.js Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:d600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash bb315cdcadb9ea70532b8661313fce2a110c711770a5c98ec462280177d6af6e Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers x-amz-version-id 6NGYItdLkMtLmAXQn27aRNG5YeWO.GwG content-encoding br via 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront) date Fri, 06 Oct 2023 02:17:03 GMT last-modified Wed, 07 Jun 2023 08:33:20 GMT server AmazonS3 x-amz-cf-pop FRA2-C2 x-amz-server-side-encryption AES256 etag W/"40aad1585cf79c06a958605cc4585ca3" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript cache-control max-age=300 x-amz-cf-id HTAw8ogb_yYpWD2BjbHcp6xFu3nNUJVhUuUO-y6if0riVtEwtzedVg==
GET H2	200	Orderbook-bg.08d84ae9.png mydeal-dhp.gbm.hsbc.com/static/media/	242 KB 243 KB	79ms 78ms	Image image/png	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Show image Full URL https://mydeal-dhp.gbm.hsbc.com/static/media/Orderbook-bg.08d84ae9.png Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash 562f22a3400aefff17e97728de38d0b71811a75ee3fbf31e1d009749ce47db29 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-powered-by ASP.NET x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type image/png access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 accept-ranges bytes content-length 248282 x-xss-protection 1; mode=block
GET H2	200	UniversNext-Rg.e69fa571.woff mydeal-dhp.gbm.hsbc.com/static/media/	27 KB 27 KB	78ms 78ms	Font font/x-woff	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/static/media/UniversNext-Rg.e69fa571.woff Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/static/css/main.da8e76e1.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://mydeal-dhp.gbm.hsbc.com/static/css/main.da8e76e1.chunk.css Origin https://mydeal-dhp.gbm.hsbc.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-powered-by ASP.NET x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type font/x-woff access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 accept-ranges bytes content-length 27464 x-xss-protection 1; mode=block
GET H2	200	icomoon.2469ad6d.ttf mydeal-dhp.gbm.hsbc.com/static/media/	3 KB 3 KB	86ms 85ms	Font application/octet-stream	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Full URL https://mydeal-dhp.gbm.hsbc.com/static/media/icomoon.2469ad6d.ttf Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/static/css/main.da8e76e1.chunk.css Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash a775ddebd9d633ebac8d09026ee71bac20c3e2da4b06aa8626affd5c5ee80878 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers Referer https://mydeal-dhp.gbm.hsbc.com/static/css/main.da8e76e1.chunk.css Origin https://mydeal-dhp.gbm.hsbc.com accept-language en-GB,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:02 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-powered-by ASP.NET x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type application/octet-stream access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 accept-ranges bytes content-length 3356 x-xss-protection 1; mode=block
GET H2	200	HSBC_Logo.9609bbd5.svg mydeal-dhp.gbm.hsbc.com/static/media/	2 KB 1 KB	62ms 62ms	Image image/svg+xml	193.108.78.222 HSBC-UK
General Check archive.org Show headers Download Go to Show image Full URL https://mydeal-dhp.gbm.hsbc.com/static/media/HSBC_Logo.9609bbd5.svg Requested by Host: mydeal-dhp.gbm.hsbc.com URL: https://mydeal-dhp.gbm.hsbc.com/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 193.108.78.222 Sheffield, United Kingdom, ASN20705 (HSBC-UK, GB), Reverse DNS Software / ASP.NET Resource Hash 5d87f26a7667188491ec15ce9ff81f4120f11b0174def9d7a84deae482206a45 Security Headers Name Value Content-Security-Policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 1; mode=block Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers date Fri, 06 Oct 2023 02:17:03 GMT content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default x-powered-by ASP.NET x-xss-protection 1; mode=block last-modified Thu, 28 Sep 2023 10:46:12 GMT etag "03235fff8f1d91:0" x-frame-options DENY report-to {"group":"default","max_age":10886400,"endpoints":[{"url":"/csp-reporter/api/log"}]} content-type image/svg+xml access-control-allow-origin https://mydeal-dhp.gbm.hsbc.com/,https://mydeal.gbm.hsbc.com/ cache-control public, max-age=604800 vary accept-encoding accept-ranges bytes
GET H2	200	utag.v.js Show response tags.tiqcdn.com/utag/tiqapp/	2 B 430 B	40ms 39ms	Script application/javascript	2600:9000:21f3:d600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/tiqapp/utag.v.js?a=hsbc/global-gbm-mydeal/202306070832&cb=1696558623506 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/hsbc/global-gbm-mydeal/qa/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:21f3:d600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb Request headers accept-language en-GB,en;q=0.9 Referer https://mydeal-dhp.gbm.hsbc.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36 Response headers x-amz-version-id 2XUX04X5QEw0.xFya64khU._sHTRl_Pz date Fri, 06 Oct 2023 02:12:10 GMT via 1.1 c7015d60d4f8f2170aaaa75e69e40618.cloudfront.net (CloudFront) x-amz-cf-pop FRA2-C2 age 294 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront content-length 2 last-modified Sat, 11 Mar 2023 06:57:46 GMT server AmazonS3 etag "7bc0ee636b3b83484fc3b9348863bd22" vary Accept-Encoding content-type application/javascript cache-control max-age=300 accept-ranges bytes x-amz-cf-id VEOXDjY3ZNfhLASV10pPxQ05s7_6ClLrfnR94pG99e1kgCMgL_wLuA==

39 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| __MyDealUtag string| __MyDealEnv string| __LaaSEnv string| __SHOW_UNFOUND_LANG_KEYS object| utag_cfg_ovrd object| webpackJsonp boolean| utag_condload object| TEALIUM object| ccmPageList string| css object| utag function| loadLibrary function| checkUrl boolean| __tealium_twc_switch object| utag_data object| TMS object| BC_ANALYTICS_CONSENT object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| _ object| scCGSHMRCache number| 2f1acc6c3a606b082e5eef5e54414ffb object| webpackJsonploginService object| com object| aesjs object| elliptic function| sha256 function| sha224 object| __XMSDK_PLUGINS object| xmsdk object| xmui

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.hsbc.com/	1970-01-21 00:01:34	Name: utag_main Value: v_id:018b02c628c000800d3fff2c3d3803074002006c00b08$_sn:1$_se:1$_ss:1$_st:1696560422912$ses_id:1696558622912%3Bexp-session$_pn:1%3Bexp-session$_prevpage:mydeal%3Aauthentication%3Alogon%3Bexp-session

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src * blob: data: 'unsafe-inline' 'unsafe-eval'; report-uri /csp-reporter/api/log; report-to default
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

mydeal-dhp.gbm.hsbc.com
tags.tiqcdn.com
193.108.78.222
2600:9000:21f3:d600:7:2bfb:7c00:93a1
41c7be339f6afc1d8e1b7b38470d66184f587f6597e276402f2493199600adb0
562f22a3400aefff17e97728de38d0b71811a75ee3fbf31e1d009749ce47db29
5ab0b02f7d2790fbddcb312d1aba8560cf6f11ec62a26a676b122f6957fa73ad
5d87f26a7667188491ec15ce9ff81f4120f11b0174def9d7a84deae482206a45
744435362e2a40d86bf0d6d73ec4d0107168791f77538f081145004a0828b01e
88fb4f1e1b2b884827c1a18a631dff6bbaa158864c132bf2421314185bfe82db
94bd7cc1d280954fc767944a29c1e5ce17578c20dd0ae790bea5d382aca003d7
a2c2339691fc48fbd14fb307292dff3e21222712d9240810742d7df0c6d74dfb
a775ddebd9d633ebac8d09026ee71bac20c3e2da4b06aa8626affd5c5ee80878
babd96e2d009e74a9328167e3a386c21ffa9d7d18b2c48e6048989a1b5606da0
bb315cdcadb9ea70532b8661313fce2a110c711770a5c98ec462280177d6af6e
e57fa923e1242b94093a29bc1497e22d7b5f78d6f124fe5ffc651383af545e13