urlscan.io logo urlscan.io
SecurityTrails logo

www.bp.com Open in urlscan Pro
2.17.185.115  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bpbonusclub.at/
Effective URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Submission: On November 19 via manual from HU — Scanned from AT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 25 HTTP transactions. The main IP is 2.17.185.115, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.bp.com. The Cisco Umbrella rank of the primary domain is 253396.
TLS certificate: Issued by Entrust Certification Authority - L1K on November 4th 2024. Valid for: a year.
This is the only time www.bp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 195.69.208.230 25070 (COMARCH-A...)
2 27 2.17.185.115 16625 (AKAMAI-AS)
25 2
Apex Domain
Subdomains		 Transfer
27 bp.com
www.bp.com — Cisco Umbrella Rank: 253396
analytics.bp.com — Cisco Umbrella Rank: 478051
1 MB
1 bpkatalog.at
www.bpkatalog.at
471 B
1 bpbonusclub.at
bpbonusclub.at
281 B
25 3
Domain Requested by
24 www.bp.com 2 redirects www.bp.com
3 analytics.bp.com www.bp.com
analytics.bp.com
1 www.bpkatalog.at 1 redirects
1 bpbonusclub.at 1 redirects
25 4

This site contains links to these domains. Also see Links.

Domain
praemien.payback.at
www.facebook.com
Subject Issuer Validity Valid
www.bp.com
Entrust Certification Authority - L1K		 2024-11-04 -
2025-12-04		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Frame ID: A288597E37FF7DD15C946F78726D33E0
Requests: 27 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Ende des bp Prämienkatalogs | Produkte und Services | bp in Österreich – moderne Kraftstoffe und 24/7 Shops

Page URL History Show full URLs

  1. http://bpbonusclub.at/ HTTP 307
    https://bpbonusclub.at/ HTTP 302
    https://www.bpkatalog.at/ HTTP 301
    https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-prae... HTTP 301
    https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-prae... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

25
Requests

96 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

1359 kB
Transfer

3830 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bpbonusclub.at/ HTTP 307
    https://bpbonusclub.at/ HTTP 302
    https://www.bpkatalog.at/ HTTP 301
    https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html/ HTTP 301
    https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 25
  • https://www.bp.com/favicon.ico HTTP 301
  • https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico

25 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request ende-bp-praemienkatalog.html
www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/
Redirect Chain
  • http://bpbonusclub.at/
  • https://bpbonusclub.at/
  • https://www.bpkatalog.at/
  • https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html/
  • https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
78 KB
13 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c2dff3d4da2ec9e167e7677d2bce9d0ae6fb19104a0db0a5ed54861293d8b747
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
cache-control
max-age=0, no-cache, no-store, private
content-encoding
gzip
content-length
11501
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-type
text/html; charset=UTF-8
date
Tue, 19 Nov 2024 22:23:09 GMT
etag
W/"13805-6274b7a648e6a"
expires
Tue, 19 Nov 2024 22:23:09 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
platform
Navitas-Blue
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
Apache
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-akamai-transformed
9 11281 0 pmb=mTOE,4
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-origin
https://bppay-wallet-web-app.bp.com
cache-control
private, max-age=262
content-length
319
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
content-type
text/html; charset=iso-8859-1
date
Tue, 19 Nov 2024 22:23:08 GMT
expires
Tue, 19 Nov 2024 22:27:30 GMT
location
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
platform
Navitas-Blue
referrer-policy
no-referrer-when-downgrade
server
Apache
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
NRIcons.woff2
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ 		6 KB
7 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/NRIcons.woff2
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
534ef9c90b1f7da068b665cd36d632002ea9c86082838b71514e84a0a4cfe484
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.bp.com
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

etag
"1748-605c315c11180"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:24:25 GMT
date
Tue, 19 Nov 2024 22:23:09 GMT
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=76
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
5960
x-xss-protection
1; mode=block
server
Apache
Roboto-Regular.woff
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ 		92 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/Roboto-Regular.woff
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
30f35b44f8e8062ce72090ab461396ed263b3d9e0edbad833be0fa47b0d08edb
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.bp.com
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

etag
"16e60-5fb921f458500"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:26:56 GMT
date
Tue, 19 Nov 2024 22:23:09 GMT
content-type
application/font-woff
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=227
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
93792
x-xss-protection
1; mode=block
server
Apache
Roboto-Light.woff
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ 		91 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/Roboto-Light.woff
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
236765cdd11da57ff429fccc35033664069777cae6f46a834d2e29e2672f47b3
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.bp.com
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

etag
"16d28-5fb92401d1cc0"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:24:28 GMT
date
Tue, 19 Nov 2024 22:23:09 GMT
content-type
application/font-woff
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=79
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
93480
x-xss-protection
1; mode=block
server
Apache
Roboto-Bold.woff
www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/ 		92 KB
93 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets/fonts/Roboto-Bold.woff
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
731502cf89d9c2add0feb1634d8f13c56cd0e530a42c5e7641cae78c9865eaeb
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.bp.com
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

etag
"16f60-5fb922b6e5000"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:23:32 GMT
date
Tue, 19 Nov 2024 22:23:09 GMT
content-type
application/font-woff
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=23
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
94048
x-xss-protection
1; mode=block
server
Apache
assets.css
www.bp.com/apps/settings/wcm/designs/refresh/bp/ 		354 KB
51 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.css
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
90ad65e96d37252a03eae65ac9213a370a03026187806dcc51ddb678ac6a2841
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-encoding
gzip
etag
"5886a-62270dd046c00"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:25:24 GMT
date
Tue, 19 Nov 2024 22:23:09 GMT
content-type
text/css
vary
Accept-Encoding
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=135
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
51018
x-xss-protection
1; mode=block
server
Apache
22690e2a
www.bp.com/akam/13/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/akam/13/22690e2a
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
632a117132a4e6e7f2d4ed0fb40042ebad0fa49bd0fac7071df18617499c11e9

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

cache-control
max-age=21600
content-encoding
gzip
etag
"5acce20ff3ecf56d03601d73fdd5a17c382cf17d5a3e0e7a752812c2415870b1"
pragma
no-cache
expires
Tue, 19 Nov 2024 22:23:10 GMT
content-length
8781
date
Tue, 19 Nov 2024 22:23:10 GMT
stored-attribute-sha-checksum
632a117132a4e6e7f2d4ed0fb40042ebad0fa49bd0fac7071df18617499c11e9
last-modified
Thu, 22 Feb 2024 19:51:28 GMT
content-type
application/javascript
vary
Accept-Encoding
bp_horizontal_rgb.svg
www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/ 		14 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/bp_horizontal_rgb.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e9fc9bcacb9378413ce52d76c7a263367f6b77943f1ce775bc223ab7655d5fc2
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-encoding
gzip
etag
"363a-5fd1e75473380"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:27:08 GMT
date
Tue, 19 Nov 2024 22:23:09 GMT
content-type
image/svg+xml
vary
Accept-Encoding
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=239
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
5176
x-xss-protection
1; mode=block
server
Apache
bp-logo.svg
www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/ 		10 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/images/navigation/bp-logo.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
68532cd7e3546faddb5ce30af3e3285006ff4772ee38c21089883d74998c7789
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-encoding
gzip
etag
"2784-5bf91c877a280"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:25:39 GMT
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
image/svg+xml
vary
Accept-Encoding
feature-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains;
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=149
referrer-policy
no-referrer-when-downgrade
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
2845
x-xss-protection
1; mode=block
server
Apache
bp-icon-map-pointer-black-720.png
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/ 		7 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/bp-icon-map-pointer-black-720.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
f5eeab4b537b610d336a8b6b12054d228eda70f3d08b98098d660cf4871e5d4e
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=13623
etag
"9bf2-58e962abfba40"
expires
Wed, 20 Nov 2024 02:10:13 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
7533
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Thu, 07 Nov 2024 08:59:10 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
bp-icon-finance-admin-black-720.png
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/bp-icon-finance-admin-black-720.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
1acdcd4996aa6130b7256ee5e344cb7f491074bbcee6a29fdb8203cffe83ce45
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=13686
etag
"a6cc-58e96b30151c0"
expires
Wed, 20 Nov 2024 02:11:16 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
11816
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Fri, 01 Nov 2024 23:20:46 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
bp-icon-book-black-720.png
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/bp-icon-book-black-720.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
6a78d4860ef464003c6a4be0b13664adfe7c6c37aa26d4bafe2dccd7b7afdaea
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=44088
etag
"596f-58e962aa135c0"
expires
Wed, 20 Nov 2024 10:37:58 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
3988
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Fri, 08 Nov 2024 15:08:01 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
people-care.png
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/icons/ 		11 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/icons/people-care.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
0249a4dbf0b165488b0deb15eddac5d040ed08a18f008db4a58cd791383f4490
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=13308
etag
"a1e2-5f059963eb1c0"
expires
Wed, 20 Nov 2024 02:04:58 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
11500
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Tue, 05 Nov 2024 13:40:21 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
bp-icon-envelope-black-720.png
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/bp-icon-envelope-black-720.png
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
f774172e81c48a918f3ef2c7eab0b1eafa174faa64811b95bbb46cad2b4eb303
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=12224
etag
"5acd-58e962ab07800"
expires
Wed, 20 Nov 2024 01:46:54 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
3500
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Mon, 04 Nov 2024 15:51:46 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
P8167-Katalogende.jpg.img.50.medium.jpg
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/produkte-und-services/f%C3%BCr-ihr-payback-konto/ 		860 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/produkte-und-services/f%C3%BCr-ihr-payback-konto/P8167-Katalogende.jpg.img.50.medium.jpg
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
52af6b752c47300453ae9274899f9988e8d8b2df1a99646d15a30ebb0390a361
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=19232
etag
"4fe-6186ae5119a40"
expires
Wed, 20 Nov 2024 03:43:42 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
860
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Sat, 16 Nov 2024 09:07:35 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
fb.svg
www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/ 		562 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/master-site/en/global/home/images/social_icons/fb.svg
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
6e1964914997a707c66637e088bcc85eedf432ebf3ce0a92be9b1192ec515b8e
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-encoding
gzip
etag
"232-56f7144929d00"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:23:34 GMT
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
image/svg+xml
vary
Accept-Encoding
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains;
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=24
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
335
x-xss-protection
1; mode=block
server
Apache
assets.js
www.bp.com/apps/settings/wcm/designs/refresh/bp/ 		1 MB
322 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/assets.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
a00c1d766daffb0e9fb69d19f07fd6378cbb35e488878ccc6f6e038eb89de66e
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-encoding
gzip
etag
"11811c-626d8697f3640"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:24:36 GMT
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
application/javascript
vary
Accept-Encoding
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=86
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
accept-ranges
bytes
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
328836
x-xss-protection
1; mode=block
server
Apache
csrf.js
www.bp.com/etc.clientlibs/clientlibs/granite/jquery/granite/ 		0
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.js
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

etag
"0-5cc33295e5640"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:24:46 GMT
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
application/javascript
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains;
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=96
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
0
x-xss-protection
1; mode=block
server
Apache
gtm.js
analytics.bp.com/ 		690 KB
167 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.bp.com/gtm.js?id=GTM-WJFXK46
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Navitas SGTM Server /
Resource Hash
1e6cbdd75fbfc779f6ae183d26965a85013074d7c8a532ee53ec106e79502e8f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

cache-control
private, max-age=42
content-encoding
gzip
expires
Tue, 19 Nov 2024 22:23:52 GMT
alt-svc
h3=":443"; ma=93600
content-length
171067
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 19 Nov 2024 21:00:00 GMT
vary
Accept-Encoding
server
Navitas SGTM Server
auepb-hdr.jpg
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/produkte-und-services/f%C3%BCr-ihr-payback-konto/alles-ueber-payback-bei-bp/ 		48 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/produkte-und-services/f%C3%BCr-ihr-payback-konto/alles-ueber-payback-bei-bp/auepb-hdr.jpg
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Manager /
Resource Hash
e98fea26c187652a1a394eeac2a169e4361d33b813a87eca42507d66f9b150ee
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, no-transform, max-age=31577
etag
"8c857-58db8ed857a80"
expires
Wed, 20 Nov 2024 07:09:27 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
49356
date
Tue, 19 Nov 2024 22:23:10 GMT
last-modified
Mon, 18 Nov 2024 08:32:09 GMT
content-type
image/avif
server
Akamai Image Manager
x-frame-options
SAMEORIGIN
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
gtm.js
analytics.bp.com/ 		601 KB
149 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.bp.com/gtm.js?id=GTM-WXHV2VT&l=dataLayer&gtm=45Fe4be0v79875305za204&sign=cea0cca042b4295b6e453c37e0c45a88c725372e5a3846062247994a68e7c370_20241119
Requested by
Host: analytics.bp.com
URL: https://analytics.bp.com/gtm.js?id=GTM-WJFXK46
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Navitas SGTM Server /
Resource Hash
8b9ed5f76188d674bbd52e9389469d87ec713b1b03932fff9e8eaebbabb1f42a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

cache-control
private, max-age=87
content-encoding
gzip
expires
Tue, 19 Nov 2024 22:24:37 GMT
alt-svc
h3=":443"; ma=93600
content-length
152174
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
application/javascript; charset=UTF-8
last-modified
Tue, 19 Nov 2024 22:04:28 GMT
vary
Accept-Encoding
server
Navitas SGTM Server
gtm.js
analytics.bp.com/ 		419 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.bp.com/gtm.js?id=GTM-KX7KMTR&l=dataLayer&gtm=45Fe4be0v79875305za204&sign=cea0cca042b4295b6e453c37e0c45a88c725372e5a3846062247994a68e7c370_20241119
Requested by
Host: analytics.bp.com
URL: https://analytics.bp.com/gtm.js?id=GTM-WJFXK46
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Navitas SGTM Server /
Resource Hash
a8a27f7f386ea1b58b202ad5f4be2980fc122c83e3a9696260fc19efa13e9824

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

cache-control
private, max-age=38
content-encoding
gzip
expires
Tue, 19 Nov 2024 22:23:48 GMT
alt-svc
h3=":443"; ma=93600
content-length
120241
date
Tue, 19 Nov 2024 22:23:10 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
server
Navitas SGTM Server
P8167-Katalogende.jpg.img.1440.medium.jpg
www.bp.com/content/dam/bp/country-sites/de_at/austria/home/produkte-und-services/f%C3%BCr-ihr-payback-konto/ 		126 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.bp.com/content/dam/bp/country-sites/de_at/austria/home/produkte-und-services/f%C3%BCr-ihr-payback-konto/P8167-Katalogende.jpg.img.1440.medium.jpg
Requested by
Host: www.bp.com
URL: https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Akamai Image Server /
Resource Hash
7005358ba324b480edded821cf387b751e00eb1ef7eac8b04e5224400876a563
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=300
x-akamai-note
original-image
etag
"1f890-6186ae5119a40"
expires
Tue, 19 Nov 2024 22:28:12 GMT
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
129168
date
Tue, 19 Nov 2024 22:23:12 GMT
last-modified
Thu, 01 Jan 1970 00:00:01 GMT
content-type
image/jpeg
server
Akamai Image Server
x-frame-options
SAMEORIGIN
pixel_22690e2a
www.bp.com/akam/13/ 		0
741 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/akam/13/pixel_22690e2a
Requested by
Host: www.bp.com
URL: https://www.bp.com/akam/13/22690e2a
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

expires
Tue, 19 Nov 2024 22:23:11 GMT
cache-control
max-age=0, no-cache, no-store, private
content-length
0
pragma
no-cache
date
Tue, 19 Nov 2024 22:23:11 GMT
content-type
text/html
favicon.ico
www.bp.com/apps/settings/wcm/designs/refresh/bp/
Redirect Chain
  • https://www.bp.com/favicon.ico
  • https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico
15 KB
16 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico
Protocol
H2
Server
2.17.185.115 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-17-185-115.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
019cf0094d22ea2704104fc8192856f859d86e2fbd50dbcd07d86926e7e6f35c
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=0; includeSubDomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.bp.com/de_at/austria/home/produkte-und-services/fuer-ihr-payback-konto/ende-bp-praemienkatalog.html

Response headers

etag
"3c2e-5bf91c877a280"
x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:26:50 GMT
date
Tue, 19 Nov 2024 22:23:12 GMT
content-type
image/vnd.microsoft.icon
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains;
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=218
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; camera 'none'; display-capture 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport 'none'; gyroscope 'none'; layout-animations 'none'; legacy-image-formats 'none'; magnetometer 'none'; midi 'none'; navigation-override 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-get 'none'; usb 'none'; vr 'none'; wake-lock 'none'; xr-spatial-tracking 'none'
accept-ranges
bytes
content-length
15406
x-xss-protection
1; mode=block
server
Apache

Redirect headers

x-content-type-options
nosniff
expires
Tue, 19 Nov 2024 22:24:15 GMT
date
Tue, 19 Nov 2024 22:23:12 GMT
content-type
text/html; charset=iso-8859-1
platform
Navitas-Blue
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
content-security-policy
default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
cache-control
private, max-age=63
location
https://www.bp.com/apps/settings/wcm/designs/refresh/bp/favicon.ico
referrer-policy
no-referrer-when-downgrade
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), wake-lock=(), xr-spatial-tracking=()
access-control-allow-origin
https://bppay-wallet-web-app.bp.com
content-length
275
x-xss-protection
1; mode=block
server
Apache

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| gtag object| dataLayer string| bazadebezolkohpepadr object| navDataArr string| brandName string| urhehlevkedkilrobacf object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data function| __defProp function| __defNormalProp function| __publicField object| PubSub object| Modernizr object| picturefillCFG function| picturefill object| GreenSockGlobals object| com function| _gsDefine function| Ease function| Power4 function| Strong function| Quint function| Power3 function| Quart function| Power2 function| Cubic function| Power1 function| Quad function| Power0 function| Linear function| TweenLite function| TweenPlugin object| _gsQueue function| TimelineLite function| CSSPlugin function| BackOut function| BackIn function| BackInOut object| Back function| SlowMo function| SteppedEase function| RoughEase function| BounceOut function| BounceIn function| BounceInOut object| Bounce function| CircOut function| CircIn function| CircInOut object| Circ function| ElasticOut function| ElasticIn function| ElasticInOut object| Elastic function| ExpoOut function| ExpoIn function| ExpoInOut object| Expo function| SineOut function| SineIn function| SineInOut object| Sine object| EaseLookup function| BezierPlugin function| setImmediate function| clearImmediate function| saveAs object| lazySizesConfig object| lazySizes object| __algolia function| $ number| _zid function| setCookie

3 Cookies

Domain/Path Name / Value
.bp.com/ Name: bm_mi
Value: FD216DFFF1835956FC0E75832FF9C7A4~YAAQtY8UAjPvjT6TAQAAy7uFRhn0duWFsp8HxSMKydZL7ccQtEVQBCvDcO1OkjoUCS5+Vhkrrzk81SWGKw5oGaQrlkx7bf9AKd2oIRXvNJTn25E4dm8tRQm/1s34gKtWZIX0h2xaLhmQ3TdZZqB2H7xILRXEY7WQtaOwCOlW9rmgTzP9m1prBPaUt60NY+U/LarjNQUZl1fjQ2c/MnMVhs+CWgmOLuIv/dFfSeVq/bTjLpm5BAHBfvY9Q6lOl32XstEW1juHAftlkW60gxpq2LPH4iwQ4TI961f+b2jXrhdbbajycrEAn4B2oI2xg9zVWtzoG0oqjUBqQOKllXGk3MCvl2VQMot/4cjTFbV1KMDfZWZoDsWg5JLPAK/65Nw2WKEkIwwZDiE7lBVzToObMYI18/MvRsMq8mmIng2jdh9vjYbYLQ==~1
.bp.com/ Name: bm_sv
Value: 0BBB1CD1F5BCD5B312754A1AAB00327F~YAAQtY8UAjTvjT6TAQAAy7uFRhliovaX9Ox/PNVhenssn7fKCndSjdXoXiJAzSAdi/TaE+5Nub8ioBx3XdL8E+Xn+rP2pgQmagZ+r6v2FFqa4IVGN+Q9YRzG70JfquNluqSP+nNjooadueFeRwiARBPaGKHVnRQTfo9Yj9KAcimWEsb9ZMvcHyPbzxrev3rQp9lEVmYNuxgu+w4DAzpQHSmPHgAWX9Q/pIu3Lk3NQ5vIhmWigxYLmCPzu3I=~1
.bp.com/ Name: ak_bmsc
Value: 4304BF27F4722E63B10963D8B9EDFC17~000000000000000000000000000000~YAAQtY8UAqvvjT6TAQAAo8CFRhkhMa30kO38FQ6S3/4YiSjkucNYI7KKBJyrcOaGShMve7/NpCCkNbHqE8HvQ/F4Kl3TT5H0eyunLp4eJtODDooNRGh+0zUeRHBem4dqpUKVviGYZ65HCEqz7tvcGoX+MPDPHCpNSZhJwiedAgOFqWSqRlgb5LfkBkbw8Lysp9wzGx3YMwLFt/8zQB3l/8o2D32skSk5OCvucQOu7d7je6kNxLS2Fgx/yMY07NT/M27HwciSzDW0iOu3hsFqoiP3S4Qc4jv44DTFH7+3+8hQCCmwgEuiAyXtf5/3ywMXK24VDbdD3BJMgvcR1xO/H4pOAQEQGDOBmOYcw5c0ePN1xzuDzW9kOPSiONPLZVkYIxmgUeP+GRvv7MTKJz893aXMIof9RaF2PbF43P1NppOywypRAD/43khJwsVPMATTBo3QqB49ZErNULTNUj2G2FECEcel2SB+isbT8tENiw9qHB+mA0HZwMTHIet89MRVJrOzqXqXqFRpIULiN/C8MFyRj+1YlFL/tgVq558fnTzcGTp/Ur3gwGCRCjgX/gLxisJKLH955iKPopVgsnGRL96q6mPTh3s=

10 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'vr'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'wake-lock'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: blob: 'self'; upgrade-insecure-requests; script-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; style-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'; img-src 'unsafe-inline' 'unsafe-eval' https: data: blob: 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.bp.com
bpbonusclub.at
www.bp.com
www.bpkatalog.at
195.69.208.230
2.17.185.115
019cf0094d22ea2704104fc8192856f859d86e2fbd50dbcd07d86926e7e6f35c
0249a4dbf0b165488b0deb15eddac5d040ed08a18f008db4a58cd791383f4490
1acdcd4996aa6130b7256ee5e344cb7f491074bbcee6a29fdb8203cffe83ce45
1e6cbdd75fbfc779f6ae183d26965a85013074d7c8a532ee53ec106e79502e8f
236765cdd11da57ff429fccc35033664069777cae6f46a834d2e29e2672f47b3
30f35b44f8e8062ce72090ab461396ed263b3d9e0edbad833be0fa47b0d08edb
52af6b752c47300453ae9274899f9988e8d8b2df1a99646d15a30ebb0390a361
534ef9c90b1f7da068b665cd36d632002ea9c86082838b71514e84a0a4cfe484
632a117132a4e6e7f2d4ed0fb40042ebad0fa49bd0fac7071df18617499c11e9
68532cd7e3546faddb5ce30af3e3285006ff4772ee38c21089883d74998c7789
6a78d4860ef464003c6a4be0b13664adfe7c6c37aa26d4bafe2dccd7b7afdaea
6e1964914997a707c66637e088bcc85eedf432ebf3ce0a92be9b1192ec515b8e
7005358ba324b480edded821cf387b751e00eb1ef7eac8b04e5224400876a563
731502cf89d9c2add0feb1634d8f13c56cd0e530a42c5e7641cae78c9865eaeb
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
8b9ed5f76188d674bbd52e9389469d87ec713b1b03932fff9e8eaebbabb1f42a
90ad65e96d37252a03eae65ac9213a370a03026187806dcc51ddb678ac6a2841
a00c1d766daffb0e9fb69d19f07fd6378cbb35e488878ccc6f6e038eb89de66e
a8a27f7f386ea1b58b202ad5f4be2980fc122c83e3a9696260fc19efa13e9824
c2dff3d4da2ec9e167e7677d2bce9d0ae6fb19104a0db0a5ed54861293d8b747
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e98fea26c187652a1a394eeac2a169e4361d33b813a87eca42507d66f9b150ee
e9fc9bcacb9378413ce52d76c7a263367f6b77943f1ce775bc223ab7655d5fc2
f5eeab4b537b610d336a8b6b12054d228eda70f3d08b98098d660cf4871e5d4e
f774172e81c48a918f3ef2c7eab0b1eafa174faa64811b95bbb46cad2b4eb303