Submitted URL: http://checkout.postfinance.ch/
Effective URL: https://checkout.postfinance.ch/user/login
Submission: On October 30 via manual from DE — Scanned from CH

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 15 HTTP transactions. The main IP is 2606:4700:10::6814:4ab6, located in United States and belongs to CLOUDFLARENET, US. The main domain is checkout.postfinance.ch.
TLS certificate: Issued by SwissSign RSA TLS OV ICA 2022 - 1 on May 7th 2024. Valid for: a year.
This is the only time checkout.postfinance.ch was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 16 2606:4700:10:... 13335 (CLOUDFLAR...)
15 1
Apex Domain
Subdomains
Transfer
16 postfinance.ch
checkout.postfinance.ch
584 KB
15 1
Domain Requested by
16 checkout.postfinance.ch 1 redirects checkout.postfinance.ch
15 1

This site contains links to these domains. Also see Links.

Domain
www.postfinance.ch
Subject Issuer Validity Valid
checkout.postfinance.ch
SwissSign RSA TLS OV ICA 2022 - 1
2024-05-07 -
2025-05-07
a year crt.sh

This page contains 1 frames:

Primary Page: https://checkout.postfinance.ch/user/login
Frame ID: 598B4228187003934BF64B131815921C
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Login

Page URL History Show full URLs

  1. http://checkout.postfinance.ch/ HTTP 307
    https://checkout.postfinance.ch/ HTTP 302
    https://checkout.postfinance.ch/user/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <a[^>]*href=[^>]*/Checkout

Page Statistics

15
Requests

100 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

582 kB
Transfer

2152 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://checkout.postfinance.ch/ HTTP 307
    https://checkout.postfinance.ch/ HTTP 302
    https://checkout.postfinance.ch/user/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request login
checkout.postfinance.ch/user/
Redirect Chain
  • http://checkout.postfinance.ch/
  • https://checkout.postfinance.ch/
  • https://checkout.postfinance.ch/user/login
10 KB
3 KB
Document
General
Full URL
https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
25531f561a168774b0973c6c053198759e70d0d6daed015849aa266b97ec5bf4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8da9ca9c185ed37a-FRA
content-encoding
br
content-language
de-CH
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
content-type
text/html;charset=utf-8
date
Wed, 30 Oct 2024 07:46:25 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
reporting-endpoints
csp-endpoint="/csp-reports"
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-svid
073f067a9678c0b07
x-url
/user/login
x-xss-protection
1

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
8da9ca9b7f4bd37a-FRA
content-language
de-CH
content-length
0
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
date
Wed, 30 Oct 2024 07:46:25 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://checkout.postfinance.ch/user/login
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
reporting-endpoints
csp-endpoint="/csp-reports"
server
cloudflare
strict-transport-security
max-age=0; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-svid
073f067a9678c0b07
x-url
/
x-xss-protection
1
compressed.css
checkout.postfinance.ch/assets/
496 KB
71 KB
Stylesheet
General
Full URL
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
981b2ada8aedaac32fc598f1548e3c47889c5f88326b1f215c0f70b60cfc7bf9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-02Png03FQs1pUMYpUTCK1Q=='; style-src 'self' 'nonce-02Png03FQs1pUMYpUTCK1Q=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Apr 2025 08:46:25 CEST
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
text/css
vary
Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0cb50c80819a4ab2d
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-02Png03FQs1pUMYpUTCK1Q=='; style-src 'self' 'nonce-02Png03FQs1pUMYpUTCK1Q=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9cc97fd37a-FRA
accept-ranges
bytes
content-length
72461
x-xss-protection
1
server
cloudflare
compressed.css
checkout.postfinance.ch/assets/
7 KB
2 KB
Stylesheet
General
Full URL
https://checkout.postfinance.ch/assets/compressed.css?p=eNpLy88rKdYvT8zJSU3VzUzOz9MrSS4uBgBjVAiV&h=4BQ8M5KPc3q33b2mtSV_deZkWAo1wr78snmaP7RJi7Q
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e0143c33928f737ab7ddbda6b5257f75e664580a35c2befcb2799a3fb4498bb4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-Ti3LIqlXipbObLEx+j7V5g=='; style-src 'self' 'nonce-Ti3LIqlXipbObLEx+j7V5g=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Apr 2025 08:46:25 CEST
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
text/css
vary
Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
00aa2a0dfdd338ff3
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-Ti3LIqlXipbObLEx+j7V5g=='; style-src 'self' 'nonce-Ti3LIqlXipbObLEx+j7V5g=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9cc983d37a-FRA
accept-ranges
bytes
content-length
1090
x-xss-protection
1
server
cloudflare
compressed.css
checkout.postfinance.ch/assets/
44 KB
6 KB
Stylesheet
General
Full URL
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d06c1dd392717c0d91bb25247bb234edcaea1ef346e89f25fe4aa9d59bd5640
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-0XTdzxyileZwRMtsKmxTTQ=='; style-src 'self' 'nonce-0XTdzxyileZwRMtsKmxTTQ=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Apr 2025 08:46:25 CEST
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
text/css
vary
Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0e2afcb4a64f075d9
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-0XTdzxyileZwRMtsKmxTTQ=='; style-src 'self' 'nonce-0XTdzxyileZwRMtsKmxTTQ=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9cc986d37a-FRA
accept-ranges
bytes
content-length
6107
x-xss-protection
1
server
cloudflare
PostFinance_Logo.svg
checkout.postfinance.ch/assets/images/
4 KB
2 KB
Image
General
Full URL
https://checkout.postfinance.ch/assets/images/PostFinance_Logo.svg
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b41f80bb91f3a2ea338aca8a118c0a2342791d42669be21aece7187543aa00a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
br
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:25 CET
x-url
/assets/images/PostFinance_Logo.svg
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
image/svg+xml
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0656e8ddd4005011c
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9cc98cd37a-FRA
x-xss-protection
1
server
cloudflare
PostFinance_Icon_Color.svg
checkout.postfinance.ch/assets/images/
1 KB
2 KB
Image
General
Full URL
https://checkout.postfinance.ch/assets/images/PostFinance_Icon_Color.svg
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
649ea8f64e804933cbec78fc10448e318d27d63ecb9ede6bc2ee94e8455a3aba
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
br
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:25 CET
x-url
/assets/images/PostFinance_Icon_Color.svg
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
image/svg+xml
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
02bbd67adbed7916f
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9cc98ed37a-FRA
x-xss-protection
1
server
cloudflare
compressed.js
checkout.postfinance.ch/assets/
1 MB
294 KB
Script
General
Full URL
https://checkout.postfinance.ch/assets/compressed.js?p=eNrLKtZPSixOBQAKgAKo&h=kQo-d7U8kJ36UkryJKzK7q9lNcVLxrqbJcvLGxrJVsc
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
910a3e77b53c909dfa524af224accaeeaf6535c54bc6ba9b25cbcb1b1ac956c7
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-FEsG0NHDYNKO00uWkT09oQ=='; style-src 'self' 'nonce-FEsG0NHDYNKO00uWkT09oQ=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Apr 2025 08:46:25 CEST
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0cfab57e31dad37c8
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-FEsG0NHDYNKO00uWkT09oQ=='; style-src 'self' 'nonce-FEsG0NHDYNKO00uWkT09oQ=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9ce9afd37a-FRA
accept-ranges
bytes
content-length
300391
x-xss-protection
1
server
cloudflare
compressed.js
checkout.postfinance.ch/assets/
266 KB
62 KB
Script
General
Full URL
https://checkout.postfinance.ch/assets/compressed.js?p=eNrLKtZPLCgAAAfwAk4,&h=J4IujFqMJ_7oj62pshDlBnWUZLNf3PC43nKKcU2ltCk
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27822e8c5a8c27fee88fada9b210e506759464b35fdcf0b8de728a714da5b429
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-mHgheSm9ilJk9iKoMxpYNg=='; style-src 'self' 'nonce-mHgheSm9ilJk9iKoMxpYNg=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Apr 2025 08:46:25 CEST
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0656e8ddd4005011c
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-mHgheSm9ilJk9iKoMxpYNg=='; style-src 'self' 'nonce-mHgheSm9ilJk9iKoMxpYNg=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9ce9b2d37a-FRA
accept-ranges
bytes
content-length
62587
x-xss-protection
1
server
cloudflare
compressed.js
checkout.postfinance.ch/assets/
5 KB
2 KB
Script
General
Full URL
https://checkout.postfinance.ch/assets/compressed.js?p=eNrLKtZPKy7QyyoGABDYA2E,&h=mVlD0l0q_tZ4T1y8-9Dvn3YMaXi7AlxNM5-5OAgT1aM
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/user/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
995943d25d2afed6784f5cbcfbd0ef9f760c6978bb025c4d339fb9380813d5a3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-OmeSUNx/7sPv+cESQISvPw=='; style-src 'self' 'nonce-OmeSUNx/7sPv+cESQISvPw=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

content-encoding
gzip
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Apr 2025 08:46:25 CEST
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
text/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
04869ad29699b41c7
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-OmeSUNx/7sPv+cESQISvPw=='; style-src 'self' 'nonce-OmeSUNx/7sPv+cESQISvPw=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9ce9b3d37a-FRA
accept-ranges
bytes
content-length
1635
x-xss-protection
1
server
cloudflare
input-border-left.png
checkout.postfinance.ch/assets/images/
942 B
3 KB
Image
General
Full URL
https://checkout.postfinance.ch/assets/images/input-border-left.png
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
02eb02cdb556defb1b4e160fff6868045f5d2f83fb7da6f8bb6b9b8dda23bb58
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Response headers

cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:25 CET
x-url
/assets/images/input-border-left.png
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
image/png
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0f9416bd3d0f0126f
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9e7cb0d37a-FRA
accept-ranges
bytes
content-length
942
x-xss-protection
1
server
cloudflare
icons--sprite--2.png
checkout.postfinance.ch/assets/images/
61 KB
61 KB
Image
General
Full URL
https://checkout.postfinance.ch/assets/images/icons--sprite--2.png
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd054e12c437b67c0fb469ac789f7d471ea53f28c965edb84e974faffb333b23
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-B5axuZtJg/msrApONkplaA=='; style-src 'self' 'nonce-B5axuZtJg/msrApONkplaA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1i_ILy5Jy8xLzEtO1csBCgAAXOMIZg,,&h=jQbB3TknF8DZG7JSR7sjTtyuoe80bonyX-SqnVm9VkA

Response headers

strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
038d9c269e58fb594
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self'; font-src 'self'; frame-src 'self'; img-src 'self'; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'self' 'nonce-B5axuZtJg/msrApONkplaA=='; style-src 'self' 'nonce-B5axuZtJg/msrApONkplaA=='; worker-src 'self'; report-to csp-endpoint; report-uri /csp-reports;
cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
cf-ray
8da9ca9e7cb7d37a-FRA
expires
Wed, 30 Oct 2024 10:46:25 CET
date
Wed, 30 Oct 2024 07:46:25 GMT
x-xss-protection
1
content-type
image/png
vary
Accept-Encoding
server
cloudflare
frutiger-light.woff2
checkout.postfinance.ch/assets/fonts/frutiger/
23 KB
23 KB
Font
General
Full URL
https://checkout.postfinance.ch/assets/fonts/frutiger/frutiger-light.woff2
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cc096bfc8cf24ef257e6f7915b5eb4d0764e51aac0736c62e5ad90194fd360d9
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://checkout.postfinance.ch
Referer
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Response headers

cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:25 CET
x-url
/assets/fonts/frutiger/frutiger-light.woff2
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
application/font-woff2
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
0656e8ddd4005011c
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9f0dd5d37a-FRA
accept-ranges
bytes
content-length
23500
x-xss-protection
1
server
cloudflare
frutiger-bold.woff2
checkout.postfinance.ch/assets/fonts/frutiger/
23 KB
23 KB
Font
General
Full URL
https://checkout.postfinance.ch/assets/fonts/frutiger/frutiger-bold.woff2
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8344685be20012c5aa9370634a97d4906e1dc9e9e5032f9c87290f2fb6b1cb57
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://checkout.postfinance.ch
Referer
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Response headers

cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:25 CET
x-url
/assets/fonts/frutiger/frutiger-bold.woff2
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
application/font-woff2
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
074988e1df327de3e
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9f0ddad37a-FRA
accept-ranges
bytes
content-length
23616
x-xss-protection
1
server
cloudflare
frutiger-normal.woff2
checkout.postfinance.ch/assets/fonts/frutiger/
23 KB
23 KB
Font
General
Full URL
https://checkout.postfinance.ch/assets/fonts/frutiger/frutiger-normal.woff2
Requested by
Host: checkout.postfinance.ch
URL: https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3485c87f397dd46d3772d92ac4dc20f11b23ca441b9a540c48e190db7bdc3ff3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://checkout.postfinance.ch
Referer
https://checkout.postfinance.ch/assets/compressed.css?p=eNrLSS0u1k8sKNDLATIAIzEFDQ,,&h=mBsq2ortqsMvxZjxVI48R4icX4gyax8hXA9wtgz8e_k

Response headers

cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:25 CET
x-url
/assets/fonts/frutiger/frutiger-normal.woff2
date
Wed, 30 Oct 2024 07:46:25 GMT
content-type
application/font-woff2
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
06367dc5d3e3f9c42
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9ca9f0ddcd37a-FRA
accept-ranges
bytes
content-length
23380
x-xss-protection
1
server
cloudflare
favicon-32px.png
checkout.postfinance.ch/assets/images/favicon/
2 KB
3 KB
Other
General
Full URL
https://checkout.postfinance.ch/assets/images/favicon/favicon-32px.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:4ab6 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74a2e805d52457ef4ad63a293549c591fa49d292abdfd3a5d61bc99707033617
Security Headers
Name Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://checkout.postfinance.ch/user/login

Response headers

cf-cache-status
BYPASS
report-to
{ "group": "csp-endpoint", "max_age": 10886400, "endpoints": [ { "url": "/csp-reports" } ] }
x-content-type-options
nosniff
expires
Wed, 30 Oct 2024 10:46:26 CET
x-url
/assets/images/favicon/favicon-32px.png
date
Wed, 30 Oct 2024 07:46:26 GMT
content-type
image/png
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0; includeSubDomains; preload
reporting-endpoints
csp-endpoint="/csp-reports"
x-svid
00aa2a0dfdd338ff3
content-security-policy
default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
cf-ray
8da9caa17a48d37a-FRA
accept-ranges
bytes
content-length
1841
x-xss-protection
1
server
cloudflare

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| Plugins function| objectFitImages function| $ function| jQuery function| moment function| _ object| Backbone function| ES6Promise object| FlashMessage object| Ajaxify function| Cookies object| cookieStorage object| Storages object| KeepAlive function| Mousetrap function| numeral object| Formatter function| Sifter object| MicroPlugin function| Selectize function| autosize object| bootbox function| daterangepicker object| intlTelInputGlobals object| NProgress function| AddressFormElement function| Split function| swal function| sweetAlert function| SearchIndex function| Bloodhound object| layoutSettings object| loader object| Fullscreen object| ParsleyConfig object| ParsleyExtend object| psly object| Parsley object| ParsleyUtils object| ParsleyValidator object| ParsleyUI string| inputEventPatched object| parsley function| _possibleConstructorReturn function| _inherits function| _classCallCheck function| __guard__ function| __guardMethod__ function| _createClass function| Emitter function| Dropzone function| without function| camelize function| detectVerticalSquash function| drawImageIOSFix function| ExifRestore function| contentLoaded object| FacilitatorConstants object| DocumentationCache function| LineItem function| LineItemReduction object| LineItemUtil function| AbstractSettingHandler object| Setting object| GuidedTour object| $shippingRateInput object| $shippingRateSubmit

7 Cookies

Domain/Path Name / Value
checkout.postfinance.ch/user Name: storage-layout
Value: {}
checkout.postfinance.ch/user Name: storage-grid
Value: {}
checkout.postfinance.ch/ Name: _csrf_token_443
Value: 25vqgcs4iduub3c1jgbmppumb
checkout.postfinance.ch/ Name: language
Value: de-CH
checkout.postfinance.ch/ Name: time-zone-name
Value: Europe/Zurich
checkout.postfinance.ch/ Name: time-zone-offset
Value: -60
checkout.postfinance.ch/ Name: dbcctx
Value: 28f480fa3c286c34:28f48168e04bb19f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; child-src 'self'; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; font-src 'self'; frame-src 'unsafe-inline' 'self' https://www.googletagmanager.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/; img-src 'unsafe-inline' data: 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com https://*.g.doubleclick.net https://*.google.com https://*.google.at https://*.google.be https://*.google.ch https://*.google.de https://*.google.es https://*.google.fr https://*.google.ga https://*.google.ge https://*.google.gg https://*.google.com.gh https://*.google.com.gi https://*.google.gl https://*.google.gm https://*.google.gr https://*.google.it https://*.google.li https://*.google.lt https://*.google.lu https://*.google.pl https://*.google.pt https://*.google.co.uk; manifest-src 'self'; media-src 'self'; object-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.googletagmanager.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; style-src 'unsafe-inline' 'self'; worker-src blob: 'self'; form-action *; report-to csp-endpoint; report-uri /csp-reports;
Strict-Transport-Security max-age=0; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1