HTTP/1.1 200 OK
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Security-Policy: default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae vdata.amap.com webapi.amap.com restapi.amap.com bat.bing.com *.brightcove.net *.hsbc.com.tw *.recaptcha.net *.hsbc.com.cn *.g.doubleclick.net *.walkme.com ssl.google-analytics.com www.google.com connect.facebook.net tags.tiqcdn.com *.isstprod.hsbc.com.cn s.yimg.com www.gstatic.cn cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com h.online-metrix.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com * *.google.co.uk analytics.tiktok.com *.lpsnmedia.net *.liveperson.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com vdata.amap.com *.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000/* bat.bing.com adservice.google.com *.facebook.com *.siteintercept.qualtrics.com *.brightcove.com *.googletagmanager.com *.hsbc.com.cn *.doubleclick.net *.g.doubleclick.net *.walkme.com *.hsbc.com.tw *.prod.boltdns.net *.api.brightcove.com *.akamaihd.net analytics.google.com *.google-analytics.com *.liveperson.net *.sy.cobrowse.liveperson.net *.analytics.google.com www.google.com ad.doubleclick.net *.isstprod.hsbc.com.cn stats.g.doubleclick.net *.google.com.tw brightcove.hs.llnwd.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.lpsnmedia.net wup-69c80419.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net *.menlosecurity.com *.id.opendns.com *.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net analytics.tiktok.com h.online-metrix.net; frame-ancestors 'self' *.hsbc.com.tw; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.tw *.couponmate.com *.avast.com *.alicdn.com *.googleusercontent.com; worker-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.hsbc.com.tw *.lpsnmedia.net ssl.gstatic.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.tw *.sy.cobrowse.liveperson.net *.googletagmanager.com *.lpsnmedia.net *.liveperson.net; object-src 'self' blob:; manifest-src 'self' *.hsbc.com.tw; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Last-Modified: Tue, 06 Jan 2026 08:03:02 GMT
S: prod-ap-tko-aempub
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=57
Date: Tue, 06 Jan 2026 16:16:33 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.hsbc.com.tw/
Cache-Control: max-age=0
Date: Tue, 06 Jan 2026 16:17:13 GMT
Connection: close

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.hsbc.com.tw/
Cache-Control: max-age=0
Date: Tue, 06 Jan 2026 16:17:13 GMT
Connection: close

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Security-Policy: default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae vdata.amap.com webapi.amap.com restapi.amap.com bat.bing.com *.brightcove.net *.hsbc.com.tw *.recaptcha.net *.hsbc.com.cn *.g.doubleclick.net *.walkme.com ssl.google-analytics.com www.google.com connect.facebook.net tags.tiqcdn.com *.isstprod.hsbc.com.cn s.yimg.com www.gstatic.cn cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com h.online-metrix.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com * *.google.co.uk analytics.tiktok.com *.lpsnmedia.net *.liveperson.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com vdata.amap.com *.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000/* bat.bing.com adservice.google.com *.facebook.com *.siteintercept.qualtrics.com *.brightcove.com *.googletagmanager.com *.hsbc.com.cn *.doubleclick.net *.g.doubleclick.net *.walkme.com *.hsbc.com.tw *.prod.boltdns.net *.api.brightcove.com *.akamaihd.net analytics.google.com *.google-analytics.com *.liveperson.net *.sy.cobrowse.liveperson.net *.analytics.google.com www.google.com ad.doubleclick.net *.isstprod.hsbc.com.cn stats.g.doubleclick.net *.google.com.tw brightcove.hs.llnwd.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.lpsnmedia.net wup-69c80419.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net *.menlosecurity.com *.id.opendns.com *.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net analytics.tiktok.com h.online-metrix.net; frame-ancestors 'self' *.hsbc.com.tw; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.tw *.couponmate.com *.avast.com *.alicdn.com *.googleusercontent.com; worker-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.hsbc.com.tw *.lpsnmedia.net ssl.gstatic.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.tw *.sy.cobrowse.liveperson.net *.googletagmanager.com *.lpsnmedia.net *.liveperson.net; object-src 'self' blob:; manifest-src 'self' *.hsbc.com.tw; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Last-Modified: Tue, 06 Jan 2026 08:03:02 GMT
S: prod-ap-tko-aempub
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=58
Date: Tue, 06 Jan 2026 16:16:32 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.hsbc.com.tw/
Cache-Control: max-age=0
Date: Sat, 03 Jan 2026 09:27:19 GMT
Connection: close

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Security-Policy: default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae vdata.amap.com webapi.amap.com restapi.amap.com bat.bing.com *.brightcove.net *.hsbc.com.tw *.recaptcha.net *.hsbc.com.cn *.g.doubleclick.net *.walkme.com ssl.google-analytics.com www.google.com connect.facebook.net tags.tiqcdn.com *.isstprod.hsbc.com.cn s.yimg.com www.gstatic.cn cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com h.online-metrix.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com * *.google.co.uk analytics.tiktok.com *.lpsnmedia.net *.liveperson.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com vdata.amap.com *.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000/* bat.bing.com adservice.google.com *.facebook.com *.siteintercept.qualtrics.com *.brightcove.com *.googletagmanager.com *.hsbc.com.cn *.doubleclick.net *.g.doubleclick.net *.walkme.com *.hsbc.com.tw *.prod.boltdns.net *.api.brightcove.com *.akamaihd.net analytics.google.com *.google-analytics.com *.liveperson.net *.sy.cobrowse.liveperson.net *.analytics.google.com www.google.com ad.doubleclick.net *.isstprod.hsbc.com.cn stats.g.doubleclick.net *.google.com.tw brightcove.hs.llnwd.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.lpsnmedia.net wup-69c80419.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net *.menlosecurity.com *.id.opendns.com *.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net analytics.tiktok.com h.online-metrix.net; frame-ancestors 'self' *.hsbc.com.tw; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.tw *.couponmate.com *.avast.com *.alicdn.com *.googleusercontent.com; worker-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.hsbc.com.tw *.lpsnmedia.net ssl.gstatic.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.tw *.sy.cobrowse.liveperson.net *.googletagmanager.com *.lpsnmedia.net *.liveperson.net; object-src 'self' blob:; manifest-src 'self' *.hsbc.com.tw; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Last-Modified: Fri, 02 Jan 2026 10:03:45 GMT
S: prod-ap-tko-aempub
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=59
Date: Sat, 03 Jan 2026 09:27:18 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=16070400; includeSubDomains
Content-Security-Policy: default-src 'self' *.hsbc.com.hk *.mastercard.com.au *.demdex.net *.lpsnmedia.net *.liveperson.net; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.tiqcdn.com *.tealiumiq.com *.liveperson.net *.googletagmanager.com *.hsbc.co.uk *.hsbc.com.hk *.doubleclick.net *.googleadservices.com *.lpsnmedia.net *.optimizely.com *.facebook.net *.google.com *.gstatic.com *.appdynamics.com *.googleapis.com *.awswaf.com *.analytics.yahoo.com vjs.zencdn.net players.brightcove.net *.ads-twitter.com *.hsbc.ae vdata.amap.com webapi.amap.com restapi.amap.com bat.bing.com *.brightcove.net *.hsbc.com.tw *.recaptcha.net *.hsbc.com.cn *.g.doubleclick.net *.walkme.com ssl.google-analytics.com www.google.com connect.facebook.net tags.tiqcdn.com *.isstprod.hsbc.com.cn s.yimg.com www.gstatic.cn cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com h.online-metrix.net; img-src 'self' blob: *.hsbc.com.hk *.eum-appdynamics.com *.google.com.hk *.google.com *.google.co.in *.doubleclick.net *.googleapis.com *.facebook.com data: *.gstatic.com * *.google.co.uk analytics.tiktok.com *.lpsnmedia.net *.liveperson.net; connect-src 'self' *.tiqcdn.com *.tealiumiq.com *.hsbc.com.hk *.eum-appdynamics.com *.optimizely.com wss://*.liveperson.net *.cloud.hsbc *.googleapis.com *.awswaf.com *.analytics.yahoo.com players.brightcove.net edge.api.brightcove.com *.hsbc.ae *.omtrdc.net *.demdex.net *.hsbc.co.om *.brightcovecdn.com vdata.amap.com *.hsbc.co.uk rbwm-api.us.hsbc.com rbwm-api.hsbc.co.uk rbwm-api.hsbc.com.hk http://127.0.0.1:5000/* bat.bing.com adservice.google.com *.facebook.com *.siteintercept.qualtrics.com *.brightcove.com *.googletagmanager.com *.hsbc.com.cn *.doubleclick.net *.g.doubleclick.net *.walkme.com *.hsbc.com.tw *.prod.boltdns.net *.api.brightcove.com *.akamaihd.net analytics.google.com *.google-analytics.com *.liveperson.net *.sy.cobrowse.liveperson.net *.analytics.google.com www.google.com ad.doubleclick.net *.isstprod.hsbc.com.cn stats.g.doubleclick.net *.google.com.tw brightcove.hs.llnwd.net cdn-assets-prod.s3.amazonaws.com analytics.tiktok.com analytics-ipv6.tiktokw.us *.lpsnmedia.net wup-69c80419.customers.biocatch.com; frame-src 'self' blob: *.lpsnmedia.net *.optimizely.com *.liveperson.net *.google.com *.doubleclick.net *.analytics.yahoo.com players.brightcove.net *.recaptcha.net *.menlosecurity.com *.id.opendns.com *.googletagmanager.com connect.facebook.net www.facebook.com bid.g.doubleclick.net analytics.tiktok.com h.online-metrix.net; frame-ancestors 'self' *.hsbc.com.tw; font-src 'self' data: *.hsbc.com.hk *.gstatic.com *.hsbc.com.tw *.couponmate.com *.avast.com *.alicdn.com *.googleusercontent.com; worker-src 'self' blob:; child-src 'self'; media-src 'self' blob: *.boltdns.net *.media.brightcove.com *.llnw.net *.llnwd.net *.akafms.net *.akamaihd.net *.cf.brightcove.com *.brightcovecdn.com *.hsbc.com.tw *.lpsnmedia.net ssl.gstatic.com; style-src 'self' 'unsafe-inline' *.hsbc.com.hk *.googleapis.com players.brightcove.net *.hsbc.com.tw *.sy.cobrowse.liveperson.net *.googletagmanager.com *.lpsnmedia.net *.liveperson.net; object-src 'self' blob:; manifest-src 'self' *.hsbc.com.tw; upgrade-insecure-requests ; report-uri https://csp.prod.ap.dynp.cloud1.vv1865.com;
Last-Modified: Fri, 02 Jan 2026 10:03:45 GMT
S: prod-ap-tko-aempub
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Type: text/html; charset=utf-8
Cache-Control: max-age=59
Date: Sat, 03 Jan 2026 09:27:18 GMT
Transfer-Encoding:  chunked
Connection: close
Connection: Transfer-Encoding

HTTP/1.1 301 Moved Permanently
Server: AkamaiGHost
Content-Length: 0
Location: https://www.hsbc.com.tw/
Cache-Control: max-age=0
Date: Sat, 03 Jan 2026 09:27:18 GMT
Connection: close