URL: https://santander-co.belvo-link.com/
Submission: On October 31 via manual from MX — Scanned from DE

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 99.86.4.109, located in United States and belongs to AMAZON-02, US. The main domain is santander-co.belvo-link.com.
TLS certificate: Issued by Amazon RSA 2048 M03 on March 5th 2024. Valid for: a year.
This is the only time santander-co.belvo-link.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 99.86.4.109 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
3 2600:9000:266... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 142.250.185.131 15169 (GOOGLE)
3 2600:9000:224... 16509 (AMAZON-02)
1 3.160.150.67 16509 (AMAZON-02)
17 7
Domain Requested by
5 santander-co.belvo-link.com santander-co.belvo-link.com
3 cdn.belvo.io santander-co.belvo-link.com
cdn.belvo.io
3 statics.belvo.io santander-co.belvo-link.com
3 fonts.googleapis.com santander-co.belvo-link.com
client
1 statics.belvo.com
1 fonts.gstatic.com fonts.googleapis.com
1 connect-page-api.belvo.com santander-co.belvo-link.com
17 7

This site contains links to these domains. Also see Links.

Domain
belvo.com
Subject Issuer Validity Valid
*.belvo-link.com
Amazon RSA 2048 M03
2024-03-05 -
2025-04-03
a year crt.sh
upload.video.google.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
statics.belvo.io
Amazon RSA 2048 M02
2024-09-24 -
2025-10-22
a year crt.sh
connect-page-api.belvo.com
Cloudflare Inc ECC CA-3
2024-01-14 -
2024-12-31
a year crt.sh
*.gstatic.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh
cdn.belvo.io
Amazon RSA 2048 M02
2024-09-26 -
2025-10-25
a year crt.sh
*.belvo.com
Amazon RSA 2048 M02
2024-08-15 -
2025-09-14
a year crt.sh

This page contains 1 frames:

Primary Page: https://santander-co.belvo-link.com/
Frame ID: ED027219DE37AC7B85F49B13BC8F2999
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

Conecta tu cuenta con Santander

Page Statistics

17
Requests

100 %
HTTPS

57 %
IPv6

5
Domains

7
Subdomains

7
IPs

2
Countries

916 kB
Transfer

2597 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
santander-co.belvo-link.com/
381 B
2 KB
Document
General
Full URL
https://santander-co.belvo-link.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fbf08bab0973bfd33ccebc1aae499036aebb96c9966e290169322dc170e5f470
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
cache-control
no-store, must-revalidate
content-length
381
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
content-type
text/html
date
Thu, 31 Oct 2024 23:08:37 GMT
etag
"9f35eb9bb4946939a7f412d8c5258195"
last-modified
Thu, 31 Oct 2024 07:56:03 GMT
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
referrer-policy
same-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
x-amz-cf-id
v-ySmRchOnclfAXIoWMY3o1hJm2jNENd6XggWN0h4hx_G_TpaKBSew==
x-amz-cf-pop
FRA6-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
cZs3R.xC3UUO_zXlHxFaCmpphwB15wqy
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
index-BigsqbMF.js
santander-co.belvo-link.com/v1.1.79/assets/
562 KB
201 KB
Script
General
Full URL
https://santander-co.belvo-link.com/v1.1.79/assets/index-BigsqbMF.js
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
27e515a65edf790cfe3660c964fc0eb969e3e136af66d83022d5d8cea2c98c7a
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://santander-co.belvo-link.com
Referer
https://santander-co.belvo-link.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag
content-encoding
gzip
x-amz-version-id
8.hIUuNaYzbcckVqeOO_5j5KevnzZb4K
etag
W/"0a335163e8e1d8bbf35cae5ca650a55f"
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
wilG16m2QGEm82cbP6GTisXo1SxDaNkNutF1OGBdtaKKBruw4FnBaw==
date
Thu, 31 Oct 2024 23:08:37 GMT
content-type
text/javascript
vary
accept-encoding
last-modified
Thu, 31 Oct 2024 07:56:02 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
cache-control
no-store, must-revalidate
referrer-policy
same-origin
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
access-control-allow-origin
*
x-amz-cf-pop
FRA6-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
index-CD-lXoYm.css
santander-co.belvo-link.com/v1.1.79/assets/
133 KB
19 KB
Stylesheet
General
Full URL
https://santander-co.belvo-link.com/v1.1.79/assets/index-CD-lXoYm.css
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
43fb1b6ca47581e6eceb8ffeed45643b44e0a0b57bd6aebd692c0124d0cb480f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://santander-co.belvo-link.com
Referer
https://santander-co.belvo-link.com/

Response headers

access-control-max-age
3000
access-control-expose-headers
ETag
content-encoding
gzip
x-amz-version-id
bf10qge9FV04QR0dsW7pOGFkaJl_ozVe
etag
W/"e74574af43117a1d13b73d0de5954aa7"
access-control-allow-methods
GET, HEAD
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
2pPlIhaSTdy93DhAHpAI-qZ_GCIoXElh3ny_lpJL9hVdNkcWLuvlHg==
date
Thu, 31 Oct 2024 23:08:37 GMT
content-type
text/css
vary
accept-encoding
last-modified
Thu, 31 Oct 2024 07:56:02 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
cache-control
no-store, must-revalidate
referrer-policy
same-origin
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
access-control-allow-origin
*
x-amz-cf-pop
FRA6-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
css2
fonts.googleapis.com/
18 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/v1.1.79/assets/index-CD-lXoYm.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8b23c40eb87b72d0152815ccdae685f1381b9c282f2d582b1f3a1eddfa5887dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 31 Oct 2024 23:08:37 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 31 Oct 2024 23:08:37 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 31 Oct 2024 22:45:43 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
loading.svg
statics.belvo.io/connect-page/
1 KB
1 KB
Image
General
Full URL
https://statics.belvo.io/connect-page/loading.svg
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/loading
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:1000:1a:6382:1ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d3607fd565a988bf0f7d06408c89d6ce9dbc16bd9806703b78ffef42c3145f50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
W/"54b9e993f98a45a42c2cad114ac4ce91"
x-amz-version-id
null
age
11117
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
AWhdYZtu4UnqNtewCMO441UkehXVfSS1gWR6bvJ3HohYAphsqtC1nA==
date
Thu, 31 Oct 2024 20:03:21 GMT
content-type
image/svg+xml
vary
accept-encoding
last-modified
Wed, 30 Oct 2024 15:43:33 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 90d4d7d1a3cebe66392e229fd5792ae0.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
/
connect-page-api.belvo.com/api/config/
885 B
835 B
XHR
General
Full URL
https://connect-page-api.belvo.com/api/config/
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/v1.1.79/assets/index-BigsqbMF.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:774 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb980ea2311797a82abe5025ed794217c5bafe3f21094149c2571ca46b9ee204
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer

Response headers

x-request-id
d0b280779c3b4c0389e9f986ece4647b
access-control-expose-headers
content-disposition
content-encoding
gzip
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
date
Thu, 31 Oct 2024 23:08:38 GMT
content-type
application/json; version=1.86.0
vary
Cookie, origin
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-opener-policy
same-origin
access-control-allow-credentials
true
referrer-policy
same-origin
allow
GET, HEAD, OPTIONS
cf-ray
8db74edfd8886aeb-FRA
access-control-allow-origin
https://santander-co.belvo-link.com
server
cloudflare
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.gstatic.com/s/opensans/v40/
47 KB
47 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans:wght@400;600;700&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
sffe /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://santander-co.belvo-link.com
Referer
https://fonts.googleapis.com/

Response headers

age
263354
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Tue, 28 Oct 2025 21:59:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Mon, 28 Oct 2024 21:59:23 GMT
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
48236
x-xss-protection
0
server
sffe
favicon.ico
santander-co.belvo-link.com/
91 KB
92 KB
Other
General
Full URL
https://santander-co.belvo-link.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c17add452df30fc89ad51a67ad2dfa796dec91acde6795f67c8924cffa7918e7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://santander-co.belvo-link.com/loading

Response headers

x-amz-version-id
q3Ckj0sEZ1EcWLDgB8smPymT6xqzjYnA
etag
"8f5429ba11910da08bdd903e223558a2"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
Boj_m6f5OqaN3vXiK09XouKUdPYai8qNCxIQ5oWnTD-PAZFC0AxjuA==
date
Thu, 31 Oct 2024 23:08:39 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 04 Jul 2024 13:38:42 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
cache-control
no-store, must-revalidate
referrer-policy
same-origin
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
93062
x-amz-cf-pop
FRA6-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
belvo-widget-1-stable.js
cdn.belvo.io/
2 KB
904 B
Script
General
Full URL
https://cdn.belvo.io/belvo-widget-1-stable.js
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/v1.1.79/assets/index-BigsqbMF.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:8400:1:6d78:8900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3541de14da428242f664d5d5f13b10d62a683154b4bffbcb715d469d6e6cc152

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

x-amz-cf-pop
FRA60-P1
content-encoding
gzip
x-amz-version-id
umrGiVXd4OWLev8Z5zfPGn2SQyeU4f1L
etag
W/"26a3d4d28f6cb47650593cf4d4f76c19"
age
27768
via
1.1 b3fce8903671f8346e7a6a138d2d4610.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
GSMSpDPt7WtblHmetw87fN_fEALAjZhqIodAX7bHNriawmQigFFRJg==
date
Thu, 31 Oct 2024 15:25:51 GMT
content-type
text/javascript
vary
Accept-Encoding
server
AmazonS3
last-modified
Thu, 31 Oct 2024 15:22:30 GMT
logo-santander.svg
statics.belvo.com/production/connect-page/media/company_logos/
12 KB
6 KB
Image
General
Full URL
https://statics.belvo.com/production/connect-page/media/company_logos/logo-santander.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.160.150.67 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-3-160-150-67.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbc815fe7aef7b3bc8ca584477632ba525bec7933e38b2a48352b108e8303e77
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=15552000; includeSubDomains; preload
vary
Accept-Encoding
content-encoding
gzip
x-amz-version-id
czqFZ9m_FG_A.34L1Yx0Lr5nAQLEK8WY
etag
W/"53e2d4793b9518c2c849a98bc0432f20"
via
1.1 85b175d782816d34ed73f9ca030bf062.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
QpEBbGArTLjCmTg1vc1-WKoYoCZ0cUYBO5yxQLKFHZ0uII-2I4fYKg==
date
Thu, 31 Oct 2024 23:08:40 GMT
content-type
image/svg+xml
last-modified
Sat, 08 Jul 2023 00:09:34 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P7
x-amz-server-side-encryption
AES256
belvo_logo_black.svg
statics.belvo.io/images/
3 KB
2 KB
Image
General
Full URL
https://statics.belvo.io/images/belvo_logo_black.svg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:1000:1a:6382:1ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
01cbecfcfceac0ad233fcf04b1e46d186d3cd8fb21415f54cbeacb3e3e492df3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
etag
W/"8806f7373c4bdfa4f24a9995626c0701"
x-amz-version-id
null
age
11117
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
iEL8dHIstdvuBK6HXXxLQp6a4r0M9tQtbBwgV9lKA_ADWjY0wLjcWA==
date
Thu, 31 Oct 2024 20:03:22 GMT
content-type
image/svg+xml
vary
accept-encoding
last-modified
Wed, 30 Oct 2024 15:43:36 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 90d4d7d1a3cebe66392e229fd5792ae0.cloudfront.net (CloudFront)
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
icons.ttf
statics.belvo.io/fonts/
2 KB
2 KB
Font
General
Full URL
https://statics.belvo.io/fonts/icons.ttf
Requested by
Host: santander-co.belvo-link.com
URL: https://santander-co.belvo-link.com/v1.1.79/assets/index-CD-lXoYm.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:266e:1000:1a:6382:1ac0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
478bfca044d9c96194b271a73be3700fbf7fbea8d2615491acd9a87242f9467f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://santander-co.belvo-link.com
Referer

Response headers

access-control-max-age
3000
content-encoding
gzip
x-amz-version-id
null
etag
W/"e0049112ba631861e023f3c7a40b976a"
access-control-allow-methods
GET
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
tCh3RbyYXXvDqg68GDJV1BGJoNZQweTtsM7Fj0CI8RT7HVwgyQf-kg==
date
Thu, 31 Oct 2024 23:08:40 GMT
content-type
font/ttf
vary
Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
last-modified
Wed, 30 Oct 2024 15:43:35 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
referrer-policy
strict-origin-when-cross-origin
via
1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-xss-protection
1; mode=block
x-amz-cf-pop
FRA56-P8
server
AmazonS3
x-amz-server-side-encryption
AES256
favicon.ico
santander-co.belvo-link.com/
91 KB
92 KB
Other
General
Full URL
https://santander-co.belvo-link.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c17add452df30fc89ad51a67ad2dfa796dec91acde6795f67c8924cffa7918e7
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://santander-co.belvo-link.com/

Response headers

x-amz-version-id
q3Ckj0sEZ1EcWLDgB8smPymT6xqzjYnA
etag
"8f5429ba11910da08bdd903e223558a2"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
XgOoszYDkYt9nGAR-UPdHUxxMz2SGOkhWc0gfDv5YMrBrXQO9xbFfQ==
date
Thu, 31 Oct 2024 23:08:39 GMT
content-type
image/vnd.microsoft.icon
last-modified
Thu, 04 Jul 2024 13:38:42 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
cache-control
no-store, must-revalidate
referrer-policy
same-origin
via
1.1 c05282a87474a55ae2a8dd2aa77d1232.cloudfront.net (CloudFront)
permissions-policy
geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
accept-ranges
bytes
content-length
93062
x-amz-cf-pop
FRA6-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
belvo-widget-1-stable-main.js
cdn.belvo.io/v2.5.780/stable/
2 MB
446 KB
Script
General
Full URL
https://cdn.belvo.io/v2.5.780/stable/belvo-widget-1-stable-main.js
Requested by
Host: cdn.belvo.io
URL: https://cdn.belvo.io/belvo-widget-1-stable.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:8400:1:6d78:8900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
675a256892b46c450644a262690821a31332b7511126ff7f540ad94c70a4606c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://santander-co.belvo-link.com
Referer

Response headers

access-control-max-age
3000
content-encoding
gzip
etag
W/"b816ce49975cc7857039b3df1ab69e86"
x-amz-version-id
aJTeUkYev4D8eoXB93uMgROG3SpDlDuH
access-control-allow-methods
GET
via
1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-cache
Miss from cloudfront
x-amz-cf-id
s2M8tUz1Nsg7JlyXwm7OWGKBmAClm4AcV3LSHraBtoTEU8S7A0ejxQ==
date
Thu, 31 Oct 2024 23:08:39 GMT
content-type
text/javascript
last-modified
Thu, 31 Oct 2024 15:22:27 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
dialog-error.js
cdn.belvo.io/v2.5.780/stable/js/
4 KB
2 KB
Script
General
Full URL
https://cdn.belvo.io/v2.5.780/stable/js/dialog-error.js
Requested by
Host: cdn.belvo.io
URL: https://cdn.belvo.io/belvo-widget-1-stable.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:8400:1:6d78:8900:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e5f6e825fa35d120d2f8e5d9d401b8c9fd45fb78563fc2bb5789c4a57496f063

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://santander-co.belvo-link.com
Referer

Response headers

access-control-max-age
3000
content-encoding
gzip
x-amz-version-id
D5uOK0xXqIETcRW8uOwaDxytepuwFalG
etag
W/"9edf34c21cdd90c611d04f75c15ff275"
access-control-allow-methods
GET
x-cache
Miss from cloudfront
x-amz-cf-id
ICPYCmzydMuhoQwY6UNrBASdElNNv4W3KCq6Do1AREK5CLJvrsPqCw==
date
Thu, 31 Oct 2024 23:08:40 GMT
content-type
text/javascript
last-modified
Thu, 31 Oct 2024 15:22:25 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
cache-control
max-age=300
via
1.1 d7433132a7c6595c9aab2dc2272e7060.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA60-P1
server
AmazonS3
css2
fonts.googleapis.com/
8 KB
886 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Source+Sans+Pro:wght@400;600;700&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0625e1d27b09fb1b194f9a5ac9cfbc18a4321301294d77ecfe65e52a78416505
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 31 Oct 2024 23:08:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 31 Oct 2024 23:08:39 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 31 Oct 2024 22:55:56 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
css2
fonts.googleapis.com/
4 KB
676 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Fira+Code:wght@400;500&display=swap
Requested by
Host: client
URL: about:client
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f684b016b654722ec33cc9053ecc55d46b4b0ff725685274556264aa8d2ac331
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 31 Oct 2024 23:08:39 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 31 Oct 2024 23:08:39 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 31 Oct 2024 23:08:39 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __VUE_INSTANCE_SETTERS__ object| __VUE_SSR_SETTERS__ object| DD_LOGS function| __mp_recorder boolean| __VUE__ function| routerPush function| isBelvoLoaded function| belvoSDK function| ArrayFrom

2 Cookies

Domain/Path Name / Value
.belvo-link.com/ Name: mp_5767b9788e4ef3aeb53ba5cc8503c776_mixpanel
Value: %7B%22distinct_id%22%3A%20%22%24device%3A192e4d68747781-075af7a48a5012-17462c6e-1d4c00-192e4d68747781%22%2C%22%24device_id%22%3A%20%22192e4d68747781-075af7a48a5012-17462c6e-1d4c00-192e4d68747781%22%2C%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%2C%22__mps%22%3A%20%7B%7D%2C%22__mpso%22%3A%20%7B%22%24initial_referrer%22%3A%20%22%24direct%22%2C%22%24initial_referring_domain%22%3A%20%22%24direct%22%7D%2C%22__mpus%22%3A%20%7B%7D%2C%22__mpa%22%3A%20%7B%7D%2C%22__mpu%22%3A%20%7B%7D%2C%22__mpr%22%3A%20%5B%5D%2C%22__mpap%22%3A%20%5B%5D%7D
santander-co.belvo-link.com/ Name: _dd_s
Value: logs=1&id=8666b2be-fc73-49ac-8e26-b23613772d61&created=1730416117566&expire=1730417017566

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com *.sentry.io *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; font-src 'self' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com; img-src 'self' *.belvo.io *.belvo.com belvo-statics-cdn-staging.s3.amazonaws.com belvo-statics-cdn-production.s3.amazonaws.com; frame-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.hcaptcha.com https://hcaptcha.com; style-src 'self' 'unsafe-inline' 'unsafe-eval' fonts.googleapis.com *.gstatic.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; connect-src 'self' 'unsafe-inline' 'unsafe-eval' *.datadoghq.com browser-intake-datadoghq.com *.sentry.io *.configcat.com api-js.mixpanel.com *.belvo.io *.belvo.com https://*.hcaptcha.com https://hcaptcha.com; worker-src blob:
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.belvo.io
connect-page-api.belvo.com
fonts.googleapis.com
fonts.gstatic.com
santander-co.belvo-link.com
statics.belvo.com
statics.belvo.io
142.250.185.131
2600:9000:2240:8400:1:6d78:8900:93a1
2600:9000:266e:1000:1a:6382:1ac0:93a1
2606:4700::6812:774
2a00:1450:4001:82b::200a
3.160.150.67
99.86.4.109
01cbecfcfceac0ad233fcf04b1e46d186d3cd8fb21415f54cbeacb3e3e492df3
0625e1d27b09fb1b194f9a5ac9cfbc18a4321301294d77ecfe65e52a78416505
27e515a65edf790cfe3660c964fc0eb969e3e136af66d83022d5d8cea2c98c7a
3541de14da428242f664d5d5f13b10d62a683154b4bffbcb715d469d6e6cc152
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
43fb1b6ca47581e6eceb8ffeed45643b44e0a0b57bd6aebd692c0124d0cb480f
478bfca044d9c96194b271a73be3700fbf7fbea8d2615491acd9a87242f9467f
675a256892b46c450644a262690821a31332b7511126ff7f540ad94c70a4606c
8b23c40eb87b72d0152815ccdae685f1381b9c282f2d582b1f3a1eddfa5887dc
c17add452df30fc89ad51a67ad2dfa796dec91acde6795f67c8924cffa7918e7
cbc815fe7aef7b3bc8ca584477632ba525bec7933e38b2a48352b108e8303e77
d3607fd565a988bf0f7d06408c89d6ce9dbc16bd9806703b78ffef42c3145f50
e5f6e825fa35d120d2f8e5d9d401b8c9fd45fb78563fc2bb5789c4a57496f063
f684b016b654722ec33cc9053ecc55d46b4b0ff725685274556264aa8d2ac331
fb980ea2311797a82abe5025ed794217c5bafe3f21094149c2571ca46b9ee204
fbf08bab0973bfd33ccebc1aae499036aebb96c9966e290169322dc170e5f470