my.ny.gov Open in urlscan Pro
161.11.222.92  Public Scan

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

1. https://www.wcb.ny.gov/eCase/ Page URL
2. https://login.ny.gov/oauth2/default/v1/authorize?client_id=0oachs3ok683Gdjja297&code_challenge=eR8yXDfB8cDfcFWIykC9AFqLovUMA-4smnK4HphU4k4&code_challenge_method=S256&nonce=eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH&redirect_uri=https%3A%2F%2Fwww.wcb.ny.gov%2FeCase%2Fredirect&response_type=code&state=ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX&scope=openid%20email%20profile Page URL
3. https://my.ny.gov/LoginV4/login.xhtml Page URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	/ Show response www.wcb.ny.gov/eCase/	13 KB 2 KB	1283ms 299ms	Document text/html	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash da08ce060ab539ae5d904852a97d15a847c97275dfc46784cc7b3618f2c2619b Security Headers Name Value X-Content-Type-Options nosniff Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Accept-Ranges bytes Connection Keep-Alive Content-Encoding gzip Content-Length 1716 Content-Type text/html; charset=UTF-8 Date Wed, 01 Mar 2023 23:23:38 GMT ETag "80c60f6e231d91:0" Keep-Alive timeout=5, max=100 Last-Modified Fri, 27 Jan 2023 00:04:45 GMT SameSite lax Server Microsoft-IIS/8.5 Vary Accept-Encoding X-Content-Type-Options nosniff X-Powered-By ASP.NET
GET H2	200	bootstrap.min.css cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/	158 KB 25 KB	276ms 100ms	Stylesheet text/css	104.16.87.20 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 104.16.87.20 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://www.wcb.ny.gov/ Origin https://www.wcb.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Wed, 01 Mar 2023 23:23:38 GMT strict-transport-security max-age=31536000; includeSubDomains; preload x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} age 658167 x-jsd-version 4.6.0 content-encoding br x-cache HIT, HIT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400, h3-29=":443"; ma=86400 x-served-by cache-fra-eddf8230111-FRA, cache-yyz4545-YYZ x-jsd-version-type version server cloudflare etag W/"27681-LKxK/BIJg5IUESlr1Oj9ipS6I34" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VYfh0X51ZoLeDeMlogH3eXm4rLw3qDqcdJYByoVtDE94UH728NeARPvCM%2FfGXlJfCfNaJpHinSTtLrJXNRCZCNXWt6ZSM9HsY4GSnjHq2y7CN2st0H2C5DKlr4f5Lbuoyc8%3D"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * access-control-expose-headers * cache-control public, max-age=31536000, s-maxage=31536000, immutable timing-allow-origin * cf-ray 7a15261d9cbb29a4-MEL
GET H/1.1	200 OK	global-nav-bundle.js Show response static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/	265 KB 83 KB	520ms 100ms	Script application/javascript	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 68c19608e5281f2faad514e6ba6bcb3bafa5cb1ceb56afbb58bc2cbd1c70f039 Security Headers Name Value X-Frame-Options ALLOWALL Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556799 Transfer-Encoding chunked X-Cache MISS Connection keep-alive X-AH-Environment prod X-Request-ID v-5e199c22-b377-11ed-9410-0f5318450d5f X-UA-Compatible IE=Edge,chrome=1 Last-Modified Thu, 16 Feb 2023 12:35:31 GMT Server cloudflare Vary Accept-Encoding X-Frame-Options ALLOWALL Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=15552000 CF-RAY 7a15261f2d26fe99-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	runtime.f2216733647bd0bf.js Show response www.wcb.ny.gov/eCase/	3 KB 4 KB	297ms 297ms	Script application/javascript	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/runtime.f2216733647bd0bf.js Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash e2adb70762c98aaabb2ecfc86864412153a58e59be74d377d161638c2afddb97 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.wcb.ny.gov/eCase/ Origin https://www.wcb.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT X-Content-Type-Options nosniff Last-Modified Fri, 27 Jan 2023 00:04:42 GMT Server Microsoft-IIS/8.5 SameSite lax ETag "2f4516f5e231d91:0" X-Powered-By ASP.NET Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=99 Content-Length 3366
GET H/1.1	200 OK	polyfills.37d4fde0d8667d12.js Show response www.wcb.ny.gov/eCase/	33 KB 33 KB	299ms 299ms	Script application/javascript	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 2d811cf0f021304861943aa9775926fef5b94b52a16b0df1ebe09b1c6ec00245 Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.wcb.ny.gov/eCase/ Origin https://www.wcb.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT X-Content-Type-Options nosniff Last-Modified Fri, 27 Jan 2023 00:04:42 GMT Server Microsoft-IIS/8.5 SameSite lax ETag "e1e16f5e231d91:0" X-Powered-By ASP.NET Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 33816
GET H/1.1	200 OK	main.723121fb5b6ee016.js Show response www.wcb.ny.gov/eCase/	3 MB 3 MB	596ms 298ms	Script application/javascript	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/main.723121fb5b6ee016.js Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash a66f9f7936f5adbf075747cf4ddb182ce264edc2e114ef0a22c4f203f93f868e Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.wcb.ny.gov/eCase/ Origin https://www.wcb.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT X-Content-Type-Options nosniff Last-Modified Fri, 27 Jan 2023 00:04:42 GMT Server Microsoft-IIS/8.5 SameSite lax ETag "396c16f5e231d91:0" X-Powered-By ASP.NET Content-Type application/javascript Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=98 Content-Length 3269327
GET H/1.1	200 OK	global-menu.normalize.css static-assets.ny.gov/sites/all/themes/ny_gov/css/layouts/global-menu/	8 KB 2 KB	101ms 101ms	Stylesheet text/css	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/themes/ny_gov/css/layouts/global-menu/global-menu.normalize.css Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 7e25813fda40afbaff8d6b0864dfbb0fe80462d0efb4a85339bea0b8a9fe1fb4 Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556797 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 1452 X-Request-ID v-5dea58b8-b377-11ed-8f79-738ebf8e409e X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 13 Nov 2022 08:07:23 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a1526208e97fe99-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	jquery.ui.core.min.css static-assets.ny.gov/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/	924 B 1 KB	102ms 101ms	Stylesheet text/css	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/jquery.ui.core.min.css Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 1678656eeb28b4de4c6fe8871c02409cd217b80866423db5ad0e62fcd476f726 Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556797 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 498 X-Request-ID v-5e005884-b377-11ed-8843-a33eb768eba6 X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 08 May 2022 08:07:10 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a1526208a175a85-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	jquery.ui.theme.min.css static-assets.ny.gov/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/	13 KB 3 KB	203ms 101ms	Stylesheet text/css	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/jquery.ui.theme.min.css Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 76d342e20f16102f7367c4ce450586db941f46aa592039665114cf7ff126462b Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:39 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556798 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 2287 X-Request-ID v-5e025be8-b377-11ed-8bc7-27be177d4dd5 X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 13 Nov 2022 08:07:23 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a1526212f33fe99-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	jquery.ui.autocomplete.min.css static-assets.ny.gov/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/	198 B 721 B	205ms 102ms	Stylesheet text/css	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/modules/contrib/jquery_update/replace/ui/themes/base/minified/jquery.ui.autocomplete.min.css Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d423bf1b48f1e47732619f5882b1f12cbb0d81302bfe97687aaa41f1182f5fb3 Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:39 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556798 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 181 X-Request-ID v-5ddbe42c-b377-11ed-8c74-2fe323e6b0f3 X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 08 May 2022 08:07:10 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a1526212b6e5a85-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	global-menu.layout.css static-assets.ny.gov/sites/all/themes/ny_gov/css/layouts/global-menu/	92 KB 10 KB	285ms 109ms	Stylesheet text/css	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/themes/ny_gov/css/layouts/global-menu/global-menu.layout.css Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash abe4cef5afa21184d404a3357c9819c13edeca9da83197e4821d6655998a7534 Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:39 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556798 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 9738 X-Request-ID v-5dd746c4-b377-11ed-bb37-7fb0c6cb36a9 X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 08 May 2022 08:07:11 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a15262198d42b31-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	global-footer.layout.css static-assets.ny.gov/sites/all/themes/ny_gov/css/layouts/global-menu/	11 KB 3 KB	275ms 99ms	Stylesheet text/css	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/themes/ny_gov/css/layouts/global-menu/global-footer.layout.css Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash bc1e7fd805b4d1647f6a0f357cb7044ae79e4f59a4c1468e92f8aedaae628dea Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:39 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556798 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 2029 X-Request-ID v-5de5e79c-b377-11ed-9e60-836a5604a64e X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 08 May 2022 08:07:10 GMT Server cloudflare Vary Accept-Encoding Content-Type text/css Access-Control-Allow-Origin * Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a1526219e7f5a55-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	ajax Show response static-assets.ny.gov/load_global_menu/	7 KB 3 KB	557ms 382ms	XHR text/html	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/load_global_menu/ajax Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e248eae06539b49669109f8884b69432f34b6bb299e239b91b4e4adab0e79ffa Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Referer https://www.wcb.ny.gov/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Expires Wed, 01 Mar 2023 23:20:56 GMT Date Wed, 01 Mar 2023 23:23:39 GMT Via varnish X-Content-Type-Options nosniff CF-Cache-Status HIT Content-Encoding gzip Transfer-Encoding chunked X-Cache HIT Connection keep-alive X-AH-Environment prod X-Request-ID v-05180270-b887-11ed-9e8b-9bbed1c26493 Last-Modified Wed, 01 Mar 2023 23:15:56 GMT Server cloudflare Vary Cookie,Accept-Encoding Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Content-Language en Cache-Control public, max-age=300 Permissions-Policy interest-cohort=() CF-RAY 7a152621be845aac-MEL X-Drupal-Cache MISS X-Cache-Hits 92
GET H/1.1	200 OK	styles.52cda1e61fb7cbed.css www.wcb.ny.gov/eCase/	143 KB 143 KB	299ms 299ms	Stylesheet text/css	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/styles.52cda1e61fb7cbed.css Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 25da261b4d214243c66de984ed277011b8985aed6c5c6e84bc533a7097881a8a Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language en-AU,en;q=0.9 Referer https://www.wcb.ny.gov/eCase/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:38 GMT X-Content-Type-Options nosniff Last-Modified Fri, 27 Jan 2023 00:04:42 GMT Server Microsoft-IIS/8.5 SameSite lax ETag "2f4516f5e231d91:0" X-Powered-By ASP.NET Content-Type text/css Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=100 Content-Length 145922
GET H2	200	KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 fonts.gstatic.com/s/roboto/v30/	11 KB 11 KB	516ms 171ms	Font font/woff2	142.251.12.94 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2 Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/ Protocol H2 Security TLS 1.3, , AES_128_GCM Server 142.251.12.94 , United States, ASN15169 (GOOGLE, US), Reverse DNS se-in-f94.1e100.net Software sffe / Resource Hash 796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.wcb.ny.gov/ Origin https://www.wcb.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Sun, 26 Feb 2023 09:34:55 GMT x-content-type-options nosniff age 308924 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 11028 x-xss-protection 0 last-modified Wed, 11 May 2022 19:24:50 GMT server sffe cross-origin-opener-policy same-origin; report-to="apps-themes" report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * expires Mon, 26 Feb 2024 09:34:55 GMT
GET H/1.1	200 OK	availabilityproperties.json Show response www.wcb.ny.gov/eCase/assets/	4 KB 4 KB	295ms 295ms	XHR application/json	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/assets/availabilityproperties.json Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 84ebaed62df4ff6592d6e10ca6331785ae7054f35d2aafbdfb60829fdb0a1588 Security Headers Name Value X-Content-Type-Options nosniff Request headers Pragma no-cache accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Content-Type application/json Accept application/json, text/plain, */* Cache-Control no-cache, no-store, must-revalidate, post-check=0, pre- check=0 Referer https://www.wcb.ny.gov/eCase/ Expires 0 Response headers Date Wed, 01 Mar 2023 23:23:54 GMT X-Content-Type-Options nosniff Last-Modified Fri, 27 Jan 2023 00:36:26 GMT Server Microsoft-IIS/8.5 SameSite lax ETag "c52fe363e731d91:0" X-Powered-By ASP.NET Content-Type application/json Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=97 Content-Length 3832
GET H/1.1	200 OK	configprop.json Show response www.wcb.ny.gov/eCase/assets/	237 B 594 B	589ms 294ms	XHR application/json	161.11.225.208 NYS
General Check archive.org Show headers Download Go to Full URL https://www.wcb.ny.gov/eCase/assets/configprop.json Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.225.208 , United States, ASN26854 (NYS, US), Reverse DNS docs.paidfamilyleave.ny.gov Software Microsoft-IIS/8.5 / ASP.NET Resource Hash 32ac5b17b49099dce98c29587d3f10cedc85f72284dc7876c1520aa70c5b2373 Security Headers Name Value X-Content-Type-Options nosniff Request headers Pragma no-cache accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Content-Type application/json Accept application/json, text/plain, */* Cache-Control no-cache, no-store, must-revalidate, post-check=0, pre- check=0 Referer https://www.wcb.ny.gov/eCase/ Expires 0 Response headers Date Wed, 01 Mar 2023 23:23:54 GMT X-Content-Type-Options nosniff Last-Modified Fri, 27 Jan 2023 00:08:19 GMT Server Microsoft-IIS/8.5 SameSite lax ETag "20704776e331d91:0" X-Powered-By ASP.NET Content-Type application/json Connection Keep-Alive Accept-Ranges bytes Keep-Alive timeout=5, max=96 Content-Length 237
GET H/1.1	200 OK	ajax Show response static-assets.ny.gov/load_global_footer/	1 KB 1 KB	390ms 390ms	XHR text/html	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/load_global_footer/ajax Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash d5d608d1a3e823a5485054cad0d8529c3fbe26db1b5d18edc336f91ce159e770 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Referer https://www.wcb.ny.gov/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Expires Wed, 01 Mar 2023 23:21:56 GMT Date Wed, 01 Mar 2023 23:23:54 GMT Via varnish X-Content-Type-Options nosniff CF-Cache-Status HIT Content-Encoding gzip Transfer-Encoding chunked X-Cache HIT Connection keep-alive X-AH-Environment prod X-Request-ID v-28b5804a-b887-11ed-b42a-8fe96bb2cd2a Last-Modified Wed, 01 Mar 2023 23:16:56 GMT Server cloudflare Vary Cookie,Accept-Encoding Content-Type text/html; charset=UTF-8 Access-Control-Allow-Origin * Content-Language en Cache-Control public, max-age=300 Permissions-Policy interest-cohort=() CF-RAY 7a1526829c685aac-MEL X-Drupal-Cache MISS X-Cache-Hits 109
GET H/1.1	200 OK	google-tag-manager.html Show response static-assets.ny.gov/sites/all/widgets/universal-navigation/	618 B 1 KB	270ms 98ms	XHR text/html	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/widgets/universal-navigation/google-tag-manager.html Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 4810a8ee2dcc5f5db8262cc1a4a966855d4d46442699a04b5053b43c8620f904 Security Headers Name Value X-Frame-Options ALLOWALL Request headers Accept */* Referer https://www.wcb.ny.gov/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers X-Cache-Hits 12 Date Wed, 01 Mar 2023 23:23:54 GMT Via varnish Content-Encoding gzip CF-Cache-Status HIT Age 220014 Transfer-Encoding chunked X-Cache HIT Connection keep-alive X-AH-Environment prod X-Request-ID v-5df7036a-b377-11ed-98e7-ef207bd8a6f1 X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 08 May 2022 08:07:10 GMT Server cloudflare Vary Accept-Encoding X-Frame-Options ALLOWALL Content-Type text/html Access-Control-Allow-Origin * Cache-Control max-age=15552000 CF-RAY 7a152683a9475a4f-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	emergency-updates Show response static-assets.ny.gov/ajax/	41 B 671 B	562ms 389ms	XHR application/json	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/ajax/emergency-updates Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash c6d23640f67e9080cf78e00c8888acb5a01a580d50caff2cf52ab63ba116f1b7 Security Headers Name Value X-Content-Type-Options nosniff Request headers Accept */* Referer https://www.wcb.ny.gov/ accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers X-Cache-Hits 67 Date Wed, 01 Mar 2023 23:23:55 GMT Content-Encoding gzip X-Content-Type-Options nosniff CF-Cache-Status HIT Via varnish X-Cache HIT Connection keep-alive X-AH-Environment prod Content-Length 65 X-Request-ID v-65a7a8ca-b887-11ed-a8eb-83e425ca5ca8 Last-Modified Wed, 01 Mar 2023 23:21:11 GMT Server cloudflare Vary Accept-Encoding Content-Type application/json Access-Control-Allow-Origin * Cache-Control public, max-age=300 Accept-Ranges bytes CF-RAY 7a152683b9872996-MEL X-Drupal-Cache MISS Expires Wed, 01 Mar 2023 23:23:38 GMT
GET H/1.1	200 OK	xdomain.html Show response static-assets.ny.gov/sites/all/widgets/universal-navigation/ Frame 156A	123 B 719 B	98ms 97ms	Document text/html	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/widgets/universal-navigation/xdomain.html Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash ec33605f076e1316562eb00b8110693cb1c55779389a51952683f53e3098d147 Security Headers Name Value X-Frame-Options ALLOWALL Request headers Referer https://www.wcb.ny.gov/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Access-Control-Allow-Origin * Age 529718 CF-Cache-Status HIT CF-RAY 7a1526833f2d2b31-MEL Cache-Control max-age=15552000 Connection keep-alive Content-Encoding gzip Content-Type text/html Date Wed, 01 Mar 2023 23:23:54 GMT Expires Tue, 22 Aug 2023 12:41:17 GMT Last-Modified Sun, 13 Nov 2022 08:07:23 GMT Server cloudflare Transfer-Encoding chunked Vary Accept-Encoding Via varnish X-AH-Environment prod X-Cache MISS X-Frame-Options ALLOWALL X-Request-ID v-5df47d7a-b377-11ed-a1ac-935475a41e5b X-UA-Compatible IE=Edge,chrome=1
GET H/1.1	200 OK	openid-configuration Show response login.ny.gov/oauth2/default/.well-known/	2 KB 4 KB	283ms 283ms	Fetch application/json	34.223.206.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.ny.gov/oauth2/default/.well-known/openid-configuration Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/polyfills.37d4fde0d8667d12.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.223.206.27 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-223-206-27.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 65ef3a3b4c30a5d34153df73c5a1a8d0ef33a2d6ab92cedbad5104f061ad76bb Security Headers Name Value Content-Security-Policy frame-ancestors 'self' Strict-Transport-Security max-age=315360000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Accept application/json Referer https://www.wcb.ny.gov/ X-Okta-User-Agent-Extended okta-auth-js/6.6.2 @okta/okta-angular/5.2.0 Angular/13.3.11 accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Content-Type application/json Response headers X-Okta-Request-Id Y__ejGqIQwco_gXGdhu_uQAAAyk Date Wed, 01 Mar 2023 23:23:56 GMT content-security-policy frame-ancestors 'self' x-content-type-options nosniff Strict-Transport-Security max-age=315360000; includeSubDomains content-security-policy-report-only default-src 'self' nys.okta.com login.ny.gov *.oktacdn.com; connect-src 'self' nys.okta.com nys-admin.okta.com login.ny.gov *.oktacdn.com *.mixpanel.com *.mapbox.com app.pendo.io data.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com *.mtls.okta.com nys.kerberos.okta.com https://oinmanager.okta.com data:; script-src 'unsafe-inline' 'unsafe-eval' 'self' nys.okta.com login.ny.gov *.oktacdn.com; style-src 'unsafe-inline' 'self' nys.okta.com login.ny.gov *.oktacdn.com app.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com; frame-src 'self' nys.okta.com nys-admin.okta.com login.ny.gov login.okta.com; img-src 'self' nys.okta.com login.ny.gov *.oktacdn.com *.tiles.mapbox.com *.mapbox.com app.pendo.io data.pendo.io cdn.pendo.io pendo-static-5634101834153984.storage.googleapis.com pendo-static-5391521872216064.storage.googleapis.com data: blob:; font-src 'self' nys.okta.com login.ny.gov data: *.oktacdn.com fonts.gstatic.com; frame-ancestors 'self' Transfer-Encoding chunked p3p CP="HONK" Connection Keep-Alive x-xss-protection 0 Server nginx expect-ct report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0 vary Origin Content-Type application/json Access-Control-Allow-Origin https://www.wcb.ny.gov cache-control max-age=86400, must-revalidate Access-Control-Allow-Credentials true Keep-Alive timeout=5, max=99 expires Thu, 02 Mar 2023 23:23:56 GMT
OPTIONS H/1.1	200 OK	openid-configuration login.ny.gov/oauth2/default/.well-known/ Frame	0 0	1352ms 258ms	Preflight application/octet-stream	34.223.206.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.ny.gov/oauth2/default/.well-known/openid-configuration Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.223.206.27 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-223-206-27.us-west-2.compute.amazonaws.com Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains Request headers Accept */* Access-Control-Request-Headers content-type,x-okta-user-agent-extended Access-Control-Request-Method GET Origin https://www.wcb.ny.gov Sec-Fetch-Mode cors User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Access-Control-Allow-Credentials true Access-Control-Allow-Headers content-type,x-okta-user-agent-extended Access-Control-Allow-Methods GET, OPTIONS Access-Control-Allow-Origin https://www.wcb.ny.gov Access-Control-Max-Age 3600 Connection Keep-Alive Content-Length 0 Content-Type application/octet-stream Date Wed, 01 Mar 2023 23:23:55 GMT Keep-Alive timeout=5, max=100 Server nginx Strict-Transport-Security max-age=315360000; includeSubDomains Vary Origin X-Okta-Request-Id Y__ei2qIQwco_gXGdhu_tgAAAyk
GET H/1.1	200 OK	xdLocalStoragePostMessageApi.js Show response static-assets.ny.gov/sites/all/widgets/universal-navigation/js/ Frame 156A	2 KB 1 KB	122ms 121ms	Script application/javascript	104.18.96.34 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/xdLocalStoragePostMessageApi.js Requested by Host: static-assets.ny.gov URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/xdomain.html Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 104.18.96.34 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e1d05250255da230aa6f870b5652a7a5199858fe1d5d2f69b2049f91bb1528cc Security Headers Name Value X-Frame-Options ALLOWALL Request headers accept-language en-AU,en;q=0.9 Referer https://static-assets.ny.gov/sites/all/widgets/universal-navigation/xdomain.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers Date Wed, 01 Mar 2023 23:23:54 GMT Content-Encoding gzip Via varnish CF-Cache-Status HIT Age 556810 X-Cache MISS Connection keep-alive X-AH-Environment prod Content-Length 849 X-Request-ID v-5dd37864-b377-11ed-b4ea-5bfe9954eaf8 X-UA-Compatible IE=Edge,chrome=1 Last-Modified Sun, 08 May 2022 08:07:10 GMT Server cloudflare Vary Accept-Encoding X-Frame-Options ALLOWALL Content-Type application/javascript Access-Control-Allow-Origin * Cache-Control max-age=15552000 Accept-Ranges bytes CF-RAY 7a152683e82a2b31-MEL Expires Tue, 22 Aug 2023 12:41:17 GMT
GET H/1.1	200 OK	authorize Show response login.ny.gov/oauth2/default/v1/	30 KB 11 KB	895ms 379ms	Document text/html	34.223.206.27 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://login.ny.gov/oauth2/default/v1/authorize?client_id=0oachs3ok683Gdjja297&code_challenge=eR8yXDfB8cDfcFWIykC9AFqLovUMA-4smnK4HphU4k4&code_challenge_method=S256&nonce=eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH&redirect_uri=https%3A%2F%2Fwww.wcb.ny.gov%2FeCase%2Fredirect&response_type=code&state=ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX&scope=openid%20email%20profile Requested by Host: www.wcb.ny.gov URL: https://www.wcb.ny.gov/eCase/main.723121fb5b6ee016.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 34.223.206.27 Boardman, United States, ASN16509 (AMAZON-02, US), Reverse DNS ec2-34-223-206-27.us-west-2.compute.amazonaws.com Software nginx / Resource Hash 97da5c94d76590c7de4815fd39cebb944ba642cedd93acc6cc1713f3e64e3703 Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://www.wcb.ny.gov/ Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Connection Keep-Alive Content-Encoding gzip Content-Type text/html;charset=utf-8 Date Wed, 01 Mar 2023 23:23:57 GMT Keep-Alive timeout=5, max=100 Server nginx Strict-Transport-Security max-age=315360000; includeSubDomains Transfer-Encoding chunked Vary Accept-Encoding X-Robots-Tag noindex,nofollow cache-control no-cache, no-store content-language en expect-ct report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0 expires 0 p3p CP="HONK" pragma no-cache referrer-policy no-referrer x-content-type-options nosniff x-okta-request-id Y__ejEWdin-O0j7dKwXfswAACxk x-rate-limit-limit 40000 x-rate-limit-remaining 40000 x-rate-limit-reset 1677713064 x-xss-protection 0
GET H2	200	jquery-1.12.4.2ef93d9aedc4198ec425a799a371292d.js Show response ok5static.oktacdn.com/assets/js/	289 KB 101 KB	621ms 192ms	Script application/javascript	13.33.88.100 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ok5static.oktacdn.com/assets/js/jquery-1.12.4.2ef93d9aedc4198ec425a799a371292d.js Requested by Host: login.ny.gov URL: https://login.ny.gov/oauth2/default/v1/authorize?client_id=0oachs3ok683Gdjja297&code_challenge=eR8yXDfB8cDfcFWIykC9AFqLovUMA-4smnK4HphU4k4&code_challenge_method=S256&nonce=eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH&redirect_uri=https%3A%2F%2Fwww.wcb.ny.gov%2FeCase%2Fredirect&response_type=code&state=ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX&scope=openid%20email%20profile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.88.100 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-88-100.sin2.r.cloudfront.net Software nginx / Resource Hash 43e51f129fb6eb0f52aee5fb4857f14796f9a5b38e66f445658db1ac1fb7298e Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains Request headers Referer Origin https://login.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers x-amz-meta-sha1sum 26667ee897b9e91a9b54c3d4aa445649aa92543d strict-transport-security max-age=315360000; includeSubDomains content-encoding gzip date Thu, 23 Feb 2023 20:02:56 GMT via 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront) x-amz-cf-pop SIN2-P2 age 594552 x-cache Hit from cloudfront last-modified Tue, 06 Dec 2022 21:58:14 GMT server nginx etag W/"2ef93d9aedc4198ec425a799a371292d" vary Accept-Encoding content-type application/javascript access-control-allow-origin * public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-id Cpikh1Xbl12x2UuXj7lE9i_mKf7f3VPTR4gjLluQXmYqHC9Ys9g1ZA== expires Fri, 23 Feb 2024 02:14:45 GMT
GET H2	200	interstitial.39bafdc039f29c609c4419c0c0eea770.css ok5static.oktacdn.com/assets/css/sections/	8 KB 3 KB	598ms 169ms	Stylesheet text/css	13.33.88.100 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ok5static.oktacdn.com/assets/css/sections/interstitial.39bafdc039f29c609c4419c0c0eea770.css Requested by Host: login.ny.gov URL: https://login.ny.gov/oauth2/default/v1/authorize?client_id=0oachs3ok683Gdjja297&code_challenge=eR8yXDfB8cDfcFWIykC9AFqLovUMA-4smnK4HphU4k4&code_challenge_method=S256&nonce=eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH&redirect_uri=https%3A%2F%2Fwww.wcb.ny.gov%2FeCase%2Fredirect&response_type=code&state=ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX&scope=openid%20email%20profile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.88.100 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-88-100.sin2.r.cloudfront.net Software nginx / Resource Hash 066307e44b95766429d228870854b5600e6a456736b99dd4ddc92a04567caab8 Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers date Mon, 13 Feb 2023 13:22:24 GMT x-amz-meta-sha1sum 4b453362e0c694aae6e4ef4418636dbe48a1b75e content-encoding gzip strict-transport-security max-age=315360000; includeSubDomains via 1.1 b238fef36fc101d581d2aebbbc69d9a6.cloudfront.net (CloudFront) x-amz-cf-pop SIN2-P2 age 1418493 x-cache Hit from cloudfront last-modified Tue, 13 Dec 2022 18:31:54 GMT server nginx etag W/"39bafdc039f29c609c4419c0c0eea770" vary Accept-Encoding content-type text/css public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" access-control-allow-origin * cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-id B9GQgVyJzWc34QxtA2Syi-223VXkt2AsmugxtFlbFmrE4zB_ZrfwmA== expires Tue, 13 Feb 2024 13:22:24 GMT
GET H2	200	interstitial-dark-blue-brand.d4ca51b5579d1772af159f12276beb72.gif ok5static.oktacdn.com/assets/img/ui/indicators/	143 KB 144 KB	198ms 198ms	Image image/gif	13.33.88.100 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://ok5static.oktacdn.com/assets/img/ui/indicators/interstitial-dark-blue-brand.d4ca51b5579d1772af159f12276beb72.gif Requested by Host: login.ny.gov URL: https://login.ny.gov/oauth2/default/v1/authorize?client_id=0oachs3ok683Gdjja297&code_challenge=eR8yXDfB8cDfcFWIykC9AFqLovUMA-4smnK4HphU4k4&code_challenge_method=S256&nonce=eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH&redirect_uri=https%3A%2F%2Fwww.wcb.ny.gov%2FeCase%2Fredirect&response_type=code&state=ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX&scope=openid%20email%20profile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.88.100 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-88-100.sin2.r.cloudfront.net Software nginx / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains Request headers accept-language en-AU,en;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers strict-transport-security max-age=315360000; includeSubDomains date Sun, 26 Feb 2023 19:44:20 GMT via 1.1 b238fef36fc101d581d2aebbbc69d9a6.cloudfront.net (CloudFront) x-amz-cf-pop SIN2-P2 age 985977 x-cache Hit from cloudfront content-length 146495 last-modified Wed, 15 Dec 2021 01:25:34 GMT server nginx etag "d4ca51b5579d1772af159f12276beb72" content-type image/gif access-control-allow-origin * public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 accept-ranges bytes x-amz-cf-id l1j2HZlZvNKuBaxr5khcqvm8e4xo52zMU4FBNjproXLzcOIkrj2DMw== expires Sun, 18 Feb 2024 13:31:01 GMT
GET H2	200	interstitial.474dce61acfac4a4d016921943cf2a68.js Show response ok5static.oktacdn.com/assets/js/app/sso/	678 B 1 KB	343ms 343ms	Script application/javascript	13.33.88.100 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ok5static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js Requested by Host: login.ny.gov URL: https://login.ny.gov/oauth2/default/v1/authorize?client_id=0oachs3ok683Gdjja297&code_challenge=eR8yXDfB8cDfcFWIykC9AFqLovUMA-4smnK4HphU4k4&code_challenge_method=S256&nonce=eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH&redirect_uri=https%3A%2F%2Fwww.wcb.ny.gov%2FeCase%2Fredirect&response_type=code&state=ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX&scope=openid%20email%20profile Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.33.88.100 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-33-88-100.sin2.r.cloudfront.net Software nginx / Resource Hash 77b5ff765ff7653b7756896e3951eb246f500edea52c79e0c64a6ef085e4c14e Security Headers Name Value Strict-Transport-Security max-age=315360000; includeSubDomains Request headers Referer Origin https://login.ny.gov accept-language en-AU,en;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 Response headers strict-transport-security max-age=315360000; includeSubDomains content-encoding gzip via 1.1 4187f012ebd71eb85a8870ea46453784.cloudfront.net (CloudFront) date Sat, 11 Feb 2023 13:35:40 GMT x-amz-cf-pop SIN2-P2 age 1590497 x-cache Hit from cloudfront last-modified Thu, 06 Dec 2018 09:03:13 GMT server nginx etag W/"474dce61acfac4a4d016921943cf2a68" vary Accept-Encoding content-type application/javascript access-control-allow-origin * public-key-pins-report-only pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.com/r/default/hpkp/reportOnly" cache-control max-age=31536000, public,max-age=31536000,s-maxage=1814400 x-amz-cf-id 1KfH8sr16ni4mfhJqDv24g8ZoMLvZ5XqOyjOTnKiPES0-TzVdMmOkA== expires Sun, 11 Feb 2024 13:35:40 GMT
POST H/1.1	200 OK	Primary Request login.xhtml my.ny.gov/LoginV4/	10 KB 0	5622ms 294ms	Document text/html	161.11.222.92
General Check archive.org Show headers Download Go to Full URL https://my.ny.gov/LoginV4/login.xhtml Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 161.11.222.92 -, , ASN (), Reverse DNS Software / Resource Hash Request headers Content-Type application/x-www-form-urlencoded Origin null Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.177 Safari/537.36 accept-language en-AU,en;q=0.9 Response headers Access-Control-Allow-Origin * Cache-Control no-store, must-revalidate, no-cache, max-age=0 Content-Length 9737 Content-Type text/html
GET		084c043756ab20003c721aa8d8e04f49a890d4ee134c5bb9528bbafda0eeccfda8a111caad5f9333 my.ny.gov/TSPD/	0 0
GET		084c043756ab20003c721aa8d8e04f49a890d4ee134c5bb9528bbafda0eeccfda8a111caad5f9333 my.ny.gov/TSPD/	0 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

my.ny.gov

URL

https://my.ny.gov/TSPD/084c043756ab20003c721aa8d8e04f49a890d4ee134c5bb9528bbafda0eeccfda8a111caad5f9333?type=11

Domain

my.ny.gov

URL

https://my.ny.gov/TSPD/084c043756ab20003c721aa8d8e04f49a890d4ee134c5bb9528bbafda0eeccfda8a111caad5f9333?type=12

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			www.wcb.ny.gov/	1969-12-31 23:59:59	Name: WCBRIIS5016 Value: .1
			www.wcb.ny.gov/	1969-12-31 23:59:59	Name: okta-oauth-redirect-params Value: {%22responseType%22:%22code%22%2C%22state%22:%22ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX%22%2C%22nonce%22:%22eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH%22%2C%22scopes%22:[%22openid%22%2C%22email%22%2C%22profile%22]%2C%22clientId%22:%220oachs3ok683Gdjja297%22%2C%22urls%22:{%22issuer%22:%22https://login.ny.gov/oauth2/default%22%2C%22authorizeUrl%22:%22https://login.ny.gov/oauth2/default/v1/authorize%22%2C%22userinfoUrl%22:%22https://login.ny.gov/oauth2/default/v1/userinfo%22%2C%22tokenUrl%22:%22https://login.ny.gov/oauth2/default/v1/token%22%2C%22revokeUrl%22:%22https://login.ny.gov/oauth2/default/v1/revoke%22%2C%22logoutUrl%22:%22https://login.ny.gov/oauth2/default/v1/logout%22}%2C%22ignoreSignature%22:false}
			www.wcb.ny.gov/	1969-12-31 23:59:59	Name: okta-oauth-nonce Value: eeXOCXbFYexK8CwkQ8r7doWkfvhsHYtElPkxXg410J8oNo59cs99b8inWSSsqnXH
			www.wcb.ny.gov/	1969-12-31 23:59:59	Name: okta-oauth-state Value: ETTCK7qxkJFrH1zJtcCXgivattg5YDZYuSVeCAgtZML0J7ssRuFIsTPC7YK8EuxX
			login.ny.gov/	1969-12-31 23:59:59	Name: JSESSIONID Value: C285F4421B24BF5DF19FEF66F205186E
			login.ny.gov/	1969-12-31 23:59:59	Name: t Value: default
			login.ny.gov/	1970-01-20 19:37:53	Name: DT Value: DI1__n2XYtVRoe6jMJn6xA6Fg

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.jsdelivr.net
fonts.gstatic.com
login.ny.gov
my.ny.gov
ok5static.oktacdn.com
static-assets.ny.gov
www.wcb.ny.gov
my.ny.gov
104.16.87.20
104.18.96.34
13.33.88.100
142.251.12.94
161.11.222.92
161.11.225.208
34.223.206.27
066307e44b95766429d228870854b5600e6a456736b99dd4ddc92a04567caab8
1678656eeb28b4de4c6fe8871c02409cd217b80866423db5ad0e62fcd476f726
25da261b4d214243c66de984ed277011b8985aed6c5c6e84bc533a7097881a8a
2d811cf0f021304861943aa9775926fef5b94b52a16b0df1ebe09b1c6ec00245
32ac5b17b49099dce98c29587d3f10cedc85f72284dc7876c1520aa70c5b2373
43e51f129fb6eb0f52aee5fb4857f14796f9a5b38e66f445658db1ac1fb7298e
4810a8ee2dcc5f5db8262cc1a4a966855d4d46442699a04b5053b43c8620f904
4ffcc598ee6cff4692c1cea272cd8a2f195f6dec32473e94370d6cdcfa5fe601
65ef3a3b4c30a5d34153df73c5a1a8d0ef33a2d6ab92cedbad5104f061ad76bb
68c19608e5281f2faad514e6ba6bcb3bafa5cb1ceb56afbb58bc2cbd1c70f039
76d342e20f16102f7367c4ce450586db941f46aa592039665114cf7ff126462b
77b5ff765ff7653b7756896e3951eb246f500edea52c79e0c64a6ef085e4c14e
796de064b8d80eba7ccacb8ba67d77fdbcdf4b385c844645d452c24537b3108f
7e25813fda40afbaff8d6b0864dfbb0fe80462d0efb4a85339bea0b8a9fe1fb4
84ebaed62df4ff6592d6e10ca6331785ae7054f35d2aafbdfb60829fdb0a1588
97da5c94d76590c7de4815fd39cebb944ba642cedd93acc6cc1713f3e64e3703
a66f9f7936f5adbf075747cf4ddb182ce264edc2e114ef0a22c4f203f93f868e
abe4cef5afa21184d404a3357c9819c13edeca9da83197e4821d6655998a7534
bc1e7fd805b4d1647f6a0f357cb7044ae79e4f59a4c1468e92f8aedaae628dea
c6d23640f67e9080cf78e00c8888acb5a01a580d50caff2cf52ab63ba116f1b7
d423bf1b48f1e47732619f5882b1f12cbb0d81302bfe97687aaa41f1182f5fb3
d5d608d1a3e823a5485054cad0d8529c3fbe26db1b5d18edc336f91ce159e770
da08ce060ab539ae5d904852a97d15a847c97275dfc46784cc7b3618f2c2619b
e1d05250255da230aa6f870b5652a7a5199858fe1d5d2f69b2049f91bb1528cc
e248eae06539b49669109f8884b69432f34b6bb299e239b91b4e4adab0e79ffa
e2adb70762c98aaabb2ecfc86864412153a58e59be74d377d161638c2afddb97
ec33605f076e1316562eb00b8110693cb1c55779389a51952683f53e3098d147