urlscan.io logo urlscan.io
SecurityTrails logo

qa.pay.gov Open in urlscan Pro
2605:3100:fffb:100::1e  Public Scan

Go To Rescan Add Verdict Report
URL: https://qa.pay.gov/public/accesscode
Submission: On September 20 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 5 IPs in 2 countries across 5 domains to perform 32 HTTP transactions. The main IP is 2605:3100:fffb:100::1e, located in United States and belongs to TWAI - FRIT, US. The main domain is qa.pay.gov.
TLS certificate: Issued by Entrust Certification Authority - L1K on August 22nd 2017. Valid for: 3 years.
This is the only time qa.pay.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
27 2605:3100:fff... 22906 (TWAI)
1 2600:9000:205... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
32 5
27    2605:3100:fffb:100::1e (United States)

ASN22906 (TWAI - FRIT, US)
qa.pay.gov
1    2600:9000:2057:7c00:5:83ea:ba80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
dap.digitalgov.gov
1    2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
2    2a00:1450:4001:819::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
1    2a00:1450:4001:824::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.gstatic.com
Domain Requested by
27 qa.pay.gov qa.pay.gov
2 www.google-analytics.com dap.digitalgov.gov
www.google-analytics.com
1 www.gstatic.com www.google.com
1 www.google.com qa.pay.gov
1 dap.digitalgov.gov qa.pay.gov
32 5

This site contains links to these domains. Also see Links.

Domain
www.pay.gov
Subject Issuer Validity Valid
qa.pay.gov
Entrust Certification Authority - L1K		 2017-08-22 -
2020-08-22		 3 years crt.sh
dap.digitalgov.gov
Amazon		 2018-11-28 -
2019-12-28		 a year crt.sh
www.google.com
GTS CA 1O1		 2019-09-05 -
2019-11-28		 3 months crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-09-05 -
2019-11-28		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-09-05 -
2019-11-28		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://qa.pay.gov/public/accesscode
Frame ID: DE5BD90508918C5ADCF87C16166C2DDB
Requests: 32 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+(?:([\d.]+)\/)?(?:css\/)?font-awesome(?:\.min)?\.css/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • script /\/recaptcha\/api\.js/i

Page Statistics

32
Requests

100 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

5
IPs

2
Countries

1033 kB
Transfer

1227 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

32 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set accesscode
qa.pay.gov/public/ 		34 KB
35 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
905dc013b4963a619b0d5cf02e46fc75608beae36400ab16bd54926cac3ea973
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Frame-Options DENY
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Host
qa.pay.gov
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

Date
Fri, 20 Sep 2019 14:39:12 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control
no-cache no-store,no-cache="Set-Cookie"
X-XSS-Protection
1; mode=block 1; mode=block
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000
Set-Cookie
JSESSIONID=VAxPHNW0bM7_nzA1KDx83vtc0Al7y_UOHbR9r0u0NxZjQXNAuE94!-389546407!46223827; path=/public; secure; HttpOnly PG_CLIENT_SESSION=92FE07FC69655DC0E0540010E0D9953C; expires=Fri, 20-Sep-2019 15:09:12 GMT; path=/; HttpOnly; secure
Content-Language
en,en-us
X-FRAME-OPTIONS
DENY
Keep-Alive
timeout=180
Connection
Keep-Alive
Transfer-Encoding
chunked
Content-Type
text/html; charset=ISO-8859-1
jquery-ui.1.12.1.min.css
qa.pay.gov/public/resources/css/vendor/smoothness/ 		31 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/vendor/smoothness/jquery-ui.1.12.1.min.css
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=180
Content-Length
32082
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
font-awesome.min.css
qa.pay.gov/public/resources/css/vendor/fontawesome/css/ 		30 KB
31 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/vendor/fontawesome/css/font-awesome.min.css
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=180
Content-Length
31004
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
uswds.min.css
qa.pay.gov/public/resources/css/vendor/uswds/ 		81 KB
82 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/vendor/uswds/uswds.min.css
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
7dcf41da6662e0c824d2f9febd0a7194b9fa356546fc375d1026ef0de2641fd8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=180
Content-Length
83049
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
paygov.min.css
qa.pay.gov/public/resources/css/generated/ 		80 KB
81 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/generated/paygov.min.css
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
4c2118a808cc68ac6faaee9fed97803e03b34a5ae3411f4d2357ac6b3b6340f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/css
Keep-Alive
timeout=180
Content-Length
82028
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
vendor-final.min.js
qa.pay.gov/public/resources/js/generated/ 		405 KB
406 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/js/generated/vendor-final.min.js?rev=v7.9.0.79273_2019_07_09_1250
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
bb74bf1d0816cc42beb3538f28da518a5b175dba1fab5ebe3a7180983e7588c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:44 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/javascript
Keep-Alive
timeout=180
Content-Length
415044
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
paygov-final.min.js
qa.pay.gov/public/resources/js/generated/ 		9 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/js/generated/paygov-final.min.js?rev=v7.9.0.79273_2019_07_09_1250
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
cd76165c679d4b50248f4eaa8e2046131f268103cc045f5435a4dd5c674a2ebc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:44 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/javascript
Keep-Alive
timeout=180
Content-Length
9195
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Universal-Federated-Analytics-Min.js
dap.digitalgov.gov/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=FRBCLE&sp=searchString,query,formSearchCategory
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2057:7c00:5:83ea:ba80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
456e60679a0853b3c885219ac1b8ffa4becb397615e2af7c5b3d8051241f569f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
I0hR6H.cnrZ_sfVWlm0ZTBkdCjg4s9Sc
content-encoding
gzip
last-modified
Tue, 14 May 2019 19:41:29 GMT
server
AmazonS3
age
68625
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
date
Thu, 19 Sep 2019 19:35:28 GMT
x-amz-replication-status
COMPLETED
x-amz-cf-pop
FRA6-C1
x-amz-cf-id
SI3-y-viq5urHAIGjYniRNTIJkCW4RSdGaJgfZeMgUYahP1oRoQyCw==
via
1.1 9810d82af8847b51b9c3048141069a65.cloudfront.net (CloudFront)
api.js
www.google.com/recaptcha/ 		772 B
621 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=renderCaptcha&render=explicit
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
GSE /
Resource Hash
eb7da3db8c6137530313465ee78e80fe954df5b5b2eb876b262ddaddd2cadf33
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 20 Sep 2019 14:39:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
471
x-xss-protection
1; mode=block
expires
Fri, 20 Sep 2019 14:39:12 GMT
session_warning.min.js
qa.pay.gov/public/resources/js/generated/ 		2 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/js/generated/session_warning.min.js?rev=v7.9.0.79273_2019_07_09_1250
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
9e6513e077c6bdf4badfea3490581cffe56c9ee86a71c32923df3ebf80c0fa28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:44 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
text/javascript
Keep-Alive
timeout=180
Content-Length
2242
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
Pay.gov.logo.png
qa.pay.gov/public/resources/images/ 		17 KB
17 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/Pay.gov.logo.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
ae8bf7d37f2783ddd5a777d904d62744184cc5c2d17504aa27a9599b863a5c45
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
17012
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
favicon-57.png
qa.pay.gov/public/resources/images/ 		521 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/favicon-57.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
f047e27c84a0e0d6cf3e7579db0707db9c95eca6e63e28c7f194d7dd17382a89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
521
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
icon-dot-gov.svg
qa.pay.gov/public/resources/images/ 		651 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/icon-dot-gov.svg
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
d864af09acd0424cfed830c1910b3df6ed7f484bb93c13681c8a9dbb16147daf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=180
Content-Length
651
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
icon-https.svg
qa.pay.gov/public/resources/images/ 		518 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/icon-https.svg
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
fc3f89387d29f9cf14a19103085f91348ea029d6fdbce78add1f129bbcd9d032
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:13 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=180
Content-Length
518
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
warning-icon-24.png
qa.pay.gov/public/resources/images/ 		86 KB
86 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/warning-icon-24.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
21a26b5dfeaee825f008bcb6da89fd89450e91ec21b53c83d2792075a7231c80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:44 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
87635
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
close.svg
qa.pay.gov/public/resources/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/close.svg
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
53bb515a501ec6539a82f608314094fbe39e5ea83f1dcbee0d4b72c2438b40a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=180
Content-Length
1808
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pg-contact-us-Time.png
qa.pay.gov/public/resources/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/pg-contact-us-Time.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
e880b027681e14b2dca107b99d98ac08aa1a7b17ffa8f1ee80129e2a630ee442
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
3699
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pg-contact-us-Form.png
qa.pay.gov/public/resources/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/pg-contact-us-Form.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
4b4527230dc78f293b8cb36cb801be671235173be2c0bbed23d3124c1dc94208
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
2751
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pg-contact-us-Phone.png
qa.pay.gov/public/resources/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/pg-contact-us-Phone.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
9232ed917e0a702bece2f2c7b09534829079fbb0273b9c9ca47c1cf02c4c48a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
2833
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
pg-contact-us-PhoneIntl.png
qa.pay.gov/public/resources/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/pg-contact-us-PhoneIntl.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
08051787be8f9bcccf964bc761cda18fda50a16931aa8a32e895ed48b70abfd4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
3950
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
80percentOpacityBkg.png
qa.pay.gov/public/resources/images/ 		922 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/80percentOpacityBkg.png?
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
360a3def70d7eb07fbe93cf68098960f641cd578af767b68307a4f1fcf6b0134
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:14 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
922
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: dap.digitalgov.gov
URL: https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=FRBCLE&sp=searchString,query,formSearchCategory
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
6941
date
Fri, 20 Sep 2019 12:43:33 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
17803
expires
Fri, 20 Sep 2019 14:43:33 GMT
recaptcha__en.js
www.gstatic.com/recaptcha/api2/v1566858990656/ 		264 KB
92 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/api2/v1566858990656/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=renderCaptcha&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:824::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
bd3cad6b7ba79270dee54a5ba1482ac6b522b147dc8f9d04791050711ada7865
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 30 Aug 2019 07:38:02 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 26 Aug 2019 23:45:00 GMT
server
sffe
age
1839672
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
94196
x-xss-protection
0
expires
Sat, 29 Aug 2020 07:38:02 GMT
angle-arrow-down-primary.svg
qa.pay.gov/public/resources/css/vendor/img/ 		536 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/css/vendor/img/angle-arrow-down-primary.svg
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
1f8ea9a3af64f407b039e6e0e423b40702641e1ce2f1583409e821311a9ee7a3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/resources/css/vendor/uswds/uswds.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=180
Content-Length
536
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
redStripes.jpg
qa.pay.gov/public/resources/images/ 		26 KB
26 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/redStripes.jpg
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
847fce23e2f17c4fb60a757fcfe9feb2bcc94dcf7576d0036ffc1a5da553efe6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/resources/css/generated/paygov.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/jpeg
Keep-Alive
timeout=180
Content-Length
26153
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
warning.svg
qa.pay.gov/public/resources/css/vendor/img/alerts/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/css/vendor/img/alerts/warning.svg
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
acae7a0f74b79cf57b4fb3360f842f741caa60f0d279f03eb681dddf583c925b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/resources/css/vendor/uswds/uswds.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/svg+xml
Keep-Alive
timeout=180
Content-Length
1585
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
bureau-of-the-fiscal-service-Seal.png
qa.pay.gov/public/resources/images/eftps/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/images/eftps/bureau-of-the-fiscal-service-Seal.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
d95bea74450f90071dc25d62e626aa855212c3844471ee419b7df31553aca1ff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/resources/css/generated/paygov.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
10759
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
sourcesanspro-regular-webfont.woff2
qa.pay.gov/public/resources/css/vendor/fonts/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/vendor/fonts/sourcesanspro-regular-webfont.woff2
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
cb03c54300164fcc8b068bf1cd8b419e6f8eb5cb44d607f198be1997999cc488
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://qa.pay.gov/public/resources/css/vendor/uswds/uswds.min.css
Origin
https://qa.pay.gov
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/octet-stream
Keep-Alive
timeout=180
Content-Length
23684
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
sourcesanspro-bold-webfont.woff2
qa.pay.gov/public/resources/css/vendor/fonts/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/vendor/fonts/sourcesanspro-bold-webfont.woff2
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
2517c2a8077acd9cee8170e5b1aaebb2001c3447ca77fd63e6c9f378b35052c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://qa.pay.gov/public/resources/css/vendor/uswds/uswds.min.css
Origin
https://qa.pay.gov
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/octet-stream
Keep-Alive
timeout=180
Content-Length
23368
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
sourcesanspro-italic-webfont.woff2
qa.pay.gov/public/resources/css/vendor/fonts/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://qa.pay.gov/public/resources/css/vendor/fonts/sourcesanspro-italic-webfont.woff2
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/accesscode
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
a3af3e978eab69d7cc2350a23ef8b4d7a5e5b098406cf6623fed9b2426d59d74
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://qa.pay.gov/public/resources/css/vendor/uswds/uswds.min.css
Origin
https://qa.pay.gov
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Connection
Keep-Alive
Content-Language
en
Cache-Control
no-cache, no-cache="Set-Cookie"
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
application/octet-stream
Keep-Alive
timeout=180
Content-Length
17472
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
ui-icons_444444_256x240.png
qa.pay.gov/public/resources/css/vendor/smoothness/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://qa.pay.gov/public/resources/css/vendor/smoothness/images/ui-icons_444444_256x240.png
Requested by
Host: qa.pay.gov
URL: https://qa.pay.gov/public/resources/js/generated/vendor-final.min.js?rev=v7.9.0.79273_2019_07_09_1250
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2605:3100:fffb:100::1e , United States, ASN22906 (TWAI - FRIT, US),
Reverse DNS
Software
/
Resource Hash
eaf7c7ee2747275dda6c53e731a10db1a7b15f4fbb46e1b69d6bb2056bc9fd81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://qa.pay.gov/public/resources/css/vendor/smoothness/jquery-ui.1.12.1.min.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Fri, 20 Sep 2019 14:39:15 GMT
Last-Modified
Wed, 10 Jul 2019 19:27:42 GMT
Server
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, DENY
Content-Language
en
Connection
Keep-Alive
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000
Accept-Ranges
bytes
Content-Type
image/png
Keep-Alive
timeout=180
Content-Length
7006
X-XSS-Protection
1; mode=block, 1; mode=block
Expires
Thu, 01 Dec 1994 16:00:00 GMT
collect
www.google-analytics.com/r/ 		35 B
127 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/r/collect
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
cors
Referer
https://qa.pay.gov/public/accesscode
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 20 Sep 2019 14:39:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
200
content-type
image/gif
access-control-allow-origin
https://qa.pay.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43,39"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

130 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| antiClickjack function| $ function| jQuery object| siteWidePayGov undefined| IE_VERSION function| showRefine function| closeAlert function| openAlert function| updateAlertModel object| centeredPopupWindow object| validator object| pgMessages function| functionOnEnter function| popupCenteredWindow function| blurScreen function| unblurScreen function| loadingLink function| disableLink boolean| warnBeforeUnload undefined| load_form function| paygovWarnBeforeUnload function| getWindowWidth function| paygovSerializeFormAgain function| paygovSubmitOnEnter function| cookiesEnabled function| addAriaToSelect function| buildRemoteValidate function| mergeObjects function| buildRules function| processPaygovSubmit function| renderCaptcha function| resetCaptcha function| captchaSubmit function| captchaCallback function| buildValidationObject function| disableWarnBeforeUnload function| formSubmit function| resizeImage function| toggleHelp undefined| INVALID_FILE_EXTENSION undefined| INVALID_FILE_SIZE number| session_warning_expirationMs number| session_warning_warningMs number| session_warning_intervalID object| session_warning_lastActivity string| session_warning_timeoutURL string| session_warning_logoutWarning1 string| session_warning_logoutWarning2 string| session_warning_minuteNotation string| session_warning_secondNotation function| initSessionMonitor function| keepAlive function| sessPingServer function| sessSetInterval function| sessClearInterval function| sessShowWarning function| sessCountDown function| sessTimeOut function| sessSetWarningText object| oCONFIG function| _onEveryPage function| _defineCookieDomain function| _defineAgencyCDsValues function| _cleanBooleanParam function| _isValidUANum function| _cleanDimensionValue function| _updateConfig function| _sendCustomDimensions function| _sendCustomMetrics function| _sendEvent function| _sendPageview function| gas function| _URIHandler function| _isExcludedReferrer string| tObjectCheck function| createTracker function| _initAutoTracker undefined| videoArray_fed undefined| playerArray_fed undefined| _f33 undefined| _f66 undefined| _f90 undefined| tag undefined| firstScriptTag undefined| youtube_parser_fed undefined| IsYouTube_fed undefined| YTUrlHandler_fed undefined| _initYouTubeTracker undefined| onYouTubePlayerAPIReady undefined| onFedPlayerReady undefined| onFedPlayerStateChange function| _initIdAssigner function| _tagClicks function| _setUpTrackers function| _setUpTrackersIfReady string| _fullParams string| _keyValuePair string| _key string| _value string| GoogleAnalyticsObject function| ga object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client function| postLink object| troubleShootingDialog object| troubleshootingForm function| sendTroubleShootingInformation function| submitTroubleshootingForm function| ajaxCaptchaCallback function| resetDialog object| validationRegex object| validationAlphaSafe object| validationPhoneNumber object| validationEmail function| validateUserName function| validateContactPhone function| validateContactEmail function| validateIssueDescription function| handleValidCondition function| checkLength function| checkRegexp function| updateTips object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| recaptcha

5 Cookies

Domain/Path Name / Value
.qa.pay.gov/ Name: _gat_GSA_ENOR0
Value: 1
.qa.pay.gov/ Name: _gid
Value: GA1.3.692290160.1568990355
qa.pay.gov/ Name: PG_CLIENT_SESSION
Value: 92FE07FC69655DC0E0540010E0D9953C
.qa.pay.gov/ Name: _ga
Value: GA1.3.1528411575.1568990355
qa.pay.gov/public Name: JSESSIONID
Value: VAxPHNW0bM7_nzA1KDx83vtc0Al7y_UOHbR9r0u0NxZjQXNAuE94!-389546407!46223827

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Frame-Options DENY
X-Xss-Protection 1; mode=block 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

dap.digitalgov.gov
qa.pay.gov
www.google-analytics.com
www.google.com
www.gstatic.com
2600:9000:2057:7c00:5:83ea:ba80:93a1
2605:3100:fffb:100::1e
2a00:1450:4001:819::200e
2a00:1450:4001:81c::2004
2a00:1450:4001:824::2003
08051787be8f9bcccf964bc761cda18fda50a16931aa8a32e895ed48b70abfd4
1f8ea9a3af64f407b039e6e0e423b40702641e1ce2f1583409e821311a9ee7a3
21a26b5dfeaee825f008bcb6da89fd89450e91ec21b53c83d2792075a7231c80
2517c2a8077acd9cee8170e5b1aaebb2001c3447ca77fd63e6c9f378b35052c0
360a3def70d7eb07fbe93cf68098960f641cd578af767b68307a4f1fcf6b0134
456e60679a0853b3c885219ac1b8ffa4becb397615e2af7c5b3d8051241f569f
4b4527230dc78f293b8cb36cb801be671235173be2c0bbed23d3124c1dc94208
4c2118a808cc68ac6faaee9fed97803e03b34a5ae3411f4d2357ac6b3b6340f9
53bb515a501ec6539a82f608314094fbe39e5ea83f1dcbee0d4b72c2438b40a3
7dcf41da6662e0c824d2f9febd0a7194b9fa356546fc375d1026ef0de2641fd8
820e169ce24824066d9973fd4b6561aae9dcd6dbef6435da905d5a1d6482997c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
847fce23e2f17c4fb60a757fcfe9feb2bcc94dcf7576d0036ffc1a5da553efe6
905dc013b4963a619b0d5cf02e46fc75608beae36400ab16bd54926cac3ea973
9232ed917e0a702bece2f2c7b09534829079fbb0273b9c9ca47c1cf02c4c48a8
9e6513e077c6bdf4badfea3490581cffe56c9ee86a71c32923df3ebf80c0fa28
a3af3e978eab69d7cc2350a23ef8b4d7a5e5b098406cf6623fed9b2426d59d74
acae7a0f74b79cf57b4fb3360f842f741caa60f0d279f03eb681dddf583c925b
ae8bf7d37f2783ddd5a777d904d62744184cc5c2d17504aa27a9599b863a5c45
bb74bf1d0816cc42beb3538f28da518a5b175dba1fab5ebe3a7180983e7588c2
bd3cad6b7ba79270dee54a5ba1482ac6b522b147dc8f9d04791050711ada7865
ca4df2bf400a42d8752e115f03366a90b2b4ed06b2da9ef429d41fda5f15705e
cb03c54300164fcc8b068bf1cd8b419e6f8eb5cb44d607f198be1997999cc488
cd76165c679d4b50248f4eaa8e2046131f268103cc045f5435a4dd5c674a2ebc
d864af09acd0424cfed830c1910b3df6ed7f484bb93c13681c8a9dbb16147daf
d95bea74450f90071dc25d62e626aa855212c3844471ee419b7df31553aca1ff
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e880b027681e14b2dca107b99d98ac08aa1a7b17ffa8f1ee80129e2a630ee442
eaf7c7ee2747275dda6c53e731a10db1a7b15f4fbb46e1b69d6bb2056bc9fd81
eb7da3db8c6137530313465ee78e80fe954df5b5b2eb876b262ddaddd2cadf33
f047e27c84a0e0d6cf3e7579db0707db9c95eca6e63e28c7f194d7dd17382a89
fc3f89387d29f9cf14a19103085f91348ea029d6fdbce78add1f129bbcd9d032