customercare.hmhco.com Open in urlscan Pro
209.235.125.43  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H/1.1	200 OK	Primary Request orderTrackingValidateUser.do Show response customercare.hmhco.com/csrportal/	36 KB 37 KB	422ms 107ms	Document text/html	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Full URL https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Undertow/1 JSP/2.3 Resource Hash 6ed95c63b6619361f6f782a835c73f01fe624c8ea89ac8c0639f16418bedc81c Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 accept-language de-DE,de;q=0.9 Response headers Connection keep-alive Content-Language de-DE Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Content-Type text/html; charset = UTF-8;charset=ISO-8859-1 Date Mon, 25 Jul 2022 16:10:49 GMT Keep-Alive timeout=5 Server Strict-Transport-Security max-age=31536000; includeSubdomains; Transfer-Encoding chunked X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Permitted-Cross-Domain-Policies none X-Powered-By Undertow/1 JSP/2.3 X-XSS-Protection 1;mode=block
GET H/1.1	200 OK	ccosc-main.css customercare.hmhco.com/ordertracking/css/	11 KB 4 KB	187ms 97ms	Stylesheet text/css	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Full URL https://customercare.hmhco.com/ordertracking/css/ccosc-main.css Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash eebc70ca190a2d6fe68f42d970d8a1d16d226d0261de4a9234209fa0d46d357d Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Content-Encoding gzip Last-Modified Thu, 16 May 2019 10:34:26 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Vary Accept-Encoding Content-Type text/css Connection keep-alive Transfer-Encoding chunked Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; Keep-Alive timeout=5 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	ccosc-tracking.css customercare.hmhco.com/ordertracking/css/	15 KB 5 KB	283ms 96ms	Stylesheet text/css	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Full URL https://customercare.hmhco.com/ordertracking/css/ccosc-tracking.css Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash fef03184b588d9d8f7cf23eb303a4a9a2a09f0bf92d053368c9d6d865472f80d Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Content-Encoding gzip Last-Modified Wed, 03 Sep 2014 09:46:07 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Vary Accept-Encoding Content-Type text/css Connection keep-alive Transfer-Encoding chunked Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; Keep-Alive timeout=5 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	tabcontent.js Show response customercare.hmhco.com/ordertracking/scripts/	9 KB 10 KB	284ms 96ms	Script application/javascript	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Full URL https://customercare.hmhco.com/ordertracking/scripts/tabcontent.js Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash 242ac3c65cc2ebb06c46f4e1e0d404d670de1e73e22b6ee3c22c5a598f2c66e5 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Tue, 11 Aug 2009 19:05:45 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/javascript Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 9077 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	calender.js Show response customercare.hmhco.com/ordertracking/scripts/	14 KB 15 KB	285ms 97ms	Script application/javascript	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Full URL https://customercare.hmhco.com/ordertracking/scripts/calender.js Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash 237ec1b6d16d849dab9bd8ca07b6fdab5a45b83d46663e3c708b974a2b000739 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Tue, 22 Jun 2010 19:01:38 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type application/javascript Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 14409 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	ajax-loader.gif customercare.hmhco.com/product/customercare/images/overlay/	3 KB 4 KB	98ms 98ms	Image image/gif	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/product/customercare/images/overlay/ajax-loader.gif Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Fri, 18 Jul 2014 10:04:39 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/gif Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 3208 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	hmhco_logo.gif customercare.hmhco.com/gratis/images/	2 KB 3 KB	97ms 97ms	Image image/gif	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/gratis/images/hmhco_logo.gif Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash ca8b8574a20672e23eff08fbc9146babaab445bb6fc4fbcb81e4454ebac881f5 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Thu, 21 Feb 2013 11:27:33 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/gif Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 2482 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	hmh_logo_w.jpg customercare.hmhco.com/gratis/images/	18 KB 19 KB	98ms 97ms	Image image/jpeg	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/gratis/images/hmh_logo_w.jpg Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash 9a683750dc79ff0d46cf144db8633cb935e88a563826e635ca5b388c14a25925 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Thu, 23 Jul 2009 15:45:50 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/jpeg Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 18929 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	hmh-ccosc_logo.gif customercare.hmhco.com/gratis/images/	2 KB 3 KB	99ms 98ms	Image image/gif	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/gratis/images/hmh-ccosc_logo.gif Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash fb08c0f8a6165295e0ebb1dd53f38201be5ee33c6e35d67216e036eb3c1d1227 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Thu, 21 Feb 2013 11:29:06 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/gif Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 2111 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	one_icon.gif customercare.hmhco.com/ordertracking/images/	669 B 2 KB	100ms 98ms	Image image/gif	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/ordertracking/images/one_icon.gif Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash 58357bb3a655390a0971e1e40b7b1e8098bdfcd01c83af2888fa8b04a6456514 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Wed, 13 Jan 2010 15:36:23 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/gif Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 669 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	ccosc-main-print.css customercare.hmhco.com/ordertracking/css/	3 KB 2 KB	104ms 103ms	Stylesheet text/css	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Full URL https://customercare.hmhco.com/ordertracking/css/ccosc-main-print.css Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash cbd1c5e92727004004bd7771c7804b31c66a8bacced1591024121f3fc73f3054 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Content-Encoding gzip Last-Modified Mon, 11 Jul 2011 10:06:14 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Vary Accept-Encoding Content-Type text/css Connection keep-alive Transfer-Encoding chunked Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; Keep-Alive timeout=5 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	two_icon.gif customercare.hmhco.com/ordertracking/images/	663 B 2 KB	100ms 96ms	Image image/gif	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/ordertracking/images/two_icon.gif Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash b34bdd04e38b9c67ec4c96aaad831916a2887b94c63d78be17edfa30c5e79a4b Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Wed, 13 Jan 2010 15:36:26 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/gif Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 663 X-XSS-Protection 1;mode=block Server
GET H/1.1	200 OK	cal.gif customercare.hmhco.com/ordertracking/images/	127 B 1004 B	195ms 102ms	Image image/gif	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/ordertracking/images/cal.gif Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash b65951581ff3b4219f3de2544ea69ec30c312dcb1a09b1c1aeadf2db6484dd81 Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Wed, 13 Jan 2010 15:36:22 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/gif Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 127 X-XSS-Protection 1;mode=block Server
GET H2	200	ga.js Show response ssl.google-analytics.com/	45 KB 17 KB	49ms 10ms	Script text/javascript	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ssl.google-analytics.com/ga.js Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Referer https://customercare.hmhco.com/ accept-language de-DE,de;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Intervention <https://www.chromestatus.com/feature/5718547946799104>; level="warning" Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Wed, 13 Apr 2022 21:02:38 GMT server Golfe2 age 1267 date Mon, 25 Jul 2022 15:51:04 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 17168 expires Mon, 25 Jul 2022 17:51:04 GMT
GET H2	200	__utm.gif ssl.google-analytics.com/r/	35 B 197 B	16ms 15ms	Image image/gif	2a00:1450:4001:809::2008 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://ssl.google-analytics.com/r/__utm.gif?utmwv=5.7.2&utms=1&utmn=1466551167&utmhn=customercare.hmhco.com&utmcs=windows-1252&utmsr=1600x1200&utmvp=1600x1200&utmsc=24-bit&utmul=en-us&utmje=0&utmfl=-&utmdt=Order%20Tracking%20-%20Customer%20Care%20Online%20Service%20Center%20-%20Houghton%20Mifflin%20Harcourt%20Publishing%20Company&utmhid=70730905&utmr=-&utmp=%2Fcsrportal%2ForderTrackingValidateUser.do&utmht=1658765531197&utmac=UA-10593299-4&utmcc=__utma%3D164555309.4635810.1658765531.1658765531.1658765531.1%3B%2B__utmz%3D164555309.1658765531.1.1.utmcsr%3D(direct)%7Cutmccn%3D(direct)%7Cutmcmd%3D(none)%3B&utmjid=1822670528&utmredir=1&utmu=DAAAAAAAAAAAAAAAAAAAAAAE~ Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:809::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers pragma no-cache date Mon, 25 Jul 2022 16:12:11 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 35 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H/1.1	200 OK	button-bg-1x30.jpg customercare.hmhco.com/ordertracking/images/	357 B 1 KB	105ms 103ms	Image image/jpeg	209.235.125.43 NAVISITE-EAST-2
General Check archive.org Show headers Download Go to Show image Full URL https://customercare.hmhco.com/ordertracking/images/button-bg-1x30.jpg Requested by Host: customercare.hmhco.com URL: https://customercare.hmhco.com/ordertracking/css/ccosc-tracking.css Protocol HTTP/1.1 Security TLS 1.2, RSA, AES_256_CBC Server 209.235.125.43 , United States, ASN14135 (NAVISITE-EAST-2, US), Reverse DNS andp-customercare.hmhco.com Software / Resource Hash f1cc8215242715e00ab037f3175f3a87fdb813344230aa1f90d3c6bdf808260f Security Headers Name Value Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Strict-Transport-Security max-age=31536000; includeSubdomains; X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ X-Xss-Protection 1;mode=block Request headers accept-language de-DE,de;q=0.9 Referer https://customercare.hmhco.com/ordertracking/css/ccosc-tracking.css User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.134 Safari/537.36 Response headers Date Mon, 25 Jul 2022 16:10:50 GMT Last-Modified Tue, 11 Aug 2009 19:05:54 GMT X-Permitted-Cross-Domain-Policies none X-Frame-Options ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/ Strict-Transport-Security max-age=31536000; includeSubdomains; Content-Type image/jpeg Content-Security-Policy default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval' Connection keep-alive Accept-Ranges bytes Keep-Alive timeout=5 Content-Length 357 X-XSS-Protection 1;mode=block Server

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| ddtabcontent undefined| winCal object| dtToday undefined| Cal undefined| docCal object| MonthName object| WeekDayName undefined| exDateTime string| cnTop string| cnLeft string| WindowTitle number| WeekChar number| CellWidth string| DateSeparator number| TimeMode boolean| ShowLongMonth boolean| ShowMonthYear string| MonthYearColor string| WeekHeadColor string| SundayColor string| SaturdayColor string| WeekDayColor string| FontColor string| TodayColor string| SelDateColor string| YrSelColor string| ThemeBg function| NewCal function| RenderCal function| GenCell function| closeMinWindow function| Calendar function| GetMonthIndex function| IncYear function| DecYear function| SwitchMth function| SetHour function| SetMinute function| SetSecond function| SetAmPm function| getShowHour function| GetMonthName function| GetMonDays function| IsLeapYear function| FormatDate string| categoryName string| categoryPageName function| clearDivisionCheckbox function| addListener function| hideErrors function| submitSearch function| submitAccountSearch function| gotoReturnURL function| changeZipCode function| changeSanNumber function| changeCountry function| changeOrderNumber function| changeInvoiceNumber function| changePoNumber function| changeProdNumber function| changeDivision function| displayOverlay string| gaJsHost object| _gat object| _gaq object| pageTracker object| gaGlobal object| mysearch object| fld function| writeYear

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			customercare.hmhco.com/csrportal	1969-12-31 23:59:59	Name: JSESSIONID Value: QzbI9R5wifBjLvyC8RPbapD-FfrvFuxvIpGxE4gM.cc-node4
			customercare.hmhco.com/	1970-01-20 04:46:05	Name: NSC_JOt2inhfdvmwwknel0tks1b2etqztb3 Value: ffffffff09ce2c2245525d5f4f58455e445a4a42378b
			customercare.hmhco.com/	1970-01-20 04:46:05	Name: NSC_JO51cpw3clf1dlgdqwxnd5dpksojuc3 Value: ffffffff09ce2c1945525d5f4f58455e445a4a42378b
			.customercare.hmhco.com/	1970-01-20 22:17:17	Name: __utma Value: 164555309.4635810.1658765531.1658765531.1658765531.1
			.customercare.hmhco.com/	1969-12-31 23:59:59	Name: __utmc Value: 164555309
			.customercare.hmhco.com/	1970-01-20 09:08:53	Name: __utmz Value: 164555309.1658765531.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
			.customercare.hmhco.com/	1970-01-20 04:46:06	Name: __utmt Value: 1
			.customercare.hmhco.com/	1970-01-20 04:46:07	Name: __utmb Value: 164555309.1.10.1658765531
			customercare.hmhco.com/	1969-12-31 23:59:59	Name: identificationtabs Value: 0
			customercare.hmhco.com/	1969-12-31 23:59:59	Name: ordersearchtabs Value: 0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Message: The Content-Security-Policy directive 'default-src' contains 'frame-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
security	error	URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do Message: The Content-Security-Policy directive 'default-src' contains 'img-src' as a source expression. Did you want to add it as a directive and forget a semicolon?
javascript	warning	URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do(Line 161) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.
javascript	warning	URL: https://customercare.hmhco.com/csrportal/orderTrackingValidateUser.do(Line 161) Message: A parser-blocking, cross site (i.e. different eTLD+1) script, https://ssl.google-analytics.com/ga.js, is invoked via document.write. The network request for this script MAY be blocked by the browser in this or a future page load due to poor network connectivity. If blocked in this page load, it will be confirmed in a subsequent console message. See https://www.chromestatus.com/feature/5718547946799104 for more details.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src frame-src * img-src * https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000; includeSubdomains;
X-Frame-Options	ALLOW-FROM http://hmhco.force.com/ https://customercare.hmhco.com/gratis/images/
X-Xss-Protection	1;mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

customercare.hmhco.com
ssl.google-analytics.com
209.235.125.43
2a00:1450:4001:809::2008
1259ea99bd76596239bfd3102c679eb0a5052578dc526b0452f4d42f8bcdd45f
237ec1b6d16d849dab9bd8ca07b6fdab5a45b83d46663e3c708b974a2b000739
242ac3c65cc2ebb06c46f4e1e0d404d670de1e73e22b6ee3c22c5a598f2c66e5
58357bb3a655390a0971e1e40b7b1e8098bdfcd01c83af2888fa8b04a6456514
6ed95c63b6619361f6f782a835c73f01fe624c8ea89ac8c0639f16418bedc81c
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
9a683750dc79ff0d46cf144db8633cb935e88a563826e635ca5b388c14a25925
b34bdd04e38b9c67ec4c96aaad831916a2887b94c63d78be17edfa30c5e79a4b
b65951581ff3b4219f3de2544ea69ec30c312dcb1a09b1c1aeadf2db6484dd81
ca8b8574a20672e23eff08fbc9146babaab445bb6fc4fbcb81e4454ebac881f5
cbd1c5e92727004004bd7771c7804b31c66a8bacced1591024121f3fc73f3054
eebc70ca190a2d6fe68f42d970d8a1d16d226d0261de4a9234209fa0d46d357d
f1cc8215242715e00ab037f3175f3a87fdb813344230aa1f90d3c6bdf808260f
fb08c0f8a6165295e0ebb1dd53f38201be5ee33c6e35d67216e036eb3c1d1227
fd29b3b084cf11160bfc4e99d98a261f2b36bff29113b07367c5204563c5d355
fef03184b588d9d8f7cf23eb303a4a9a2a09f0bf92d053368c9d6d865472f80d