urlscan.io logo urlscan.io
SecurityTrails logo

www.pin1.harvard.edu Open in urlscan Pro
3.225.225.233  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://harvardtotalrewards.ehr.com/default.ashx
Effective URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%...
Submission: On August 03 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 16 HTTP transactions. The main IP is 3.225.225.233, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.pin1.harvard.edu. The Cisco Umbrella rank of the primary domain is 282679.
TLS certificate: Issued by InCommon RSA Server CA on September 20th 2021. Valid for: a year.
This is the only time www.pin1.harvard.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 158.82.146.142 40196 (WILLISNOR...)
3 3 107.21.117.105 14618 (AMAZON-AES)
13 3.225.225.233 14618 (AMAZON-AES)
16 2
Apex Domain
Subdomains		 Transfer
16 harvard.edu
key-idp.iam.harvard.edu — Cisco Umbrella Rank: 623502
www.pin1.harvard.edu — Cisco Umbrella Rank: 282679
1 MB
4 ehr.com
harvardtotalrewards.ehr.com
11 KB
16 2
Domain Requested by
13 www.pin1.harvard.edu www.pin1.harvard.edu
4 harvardtotalrewards.ehr.com 1 redirects
3 key-idp.iam.harvard.edu 3 redirects
16 3

This site contains links to these domains. Also see Links.

Domain
key.harvard.edu
accessibility.harvard.edu
accessibility.huit.harvard.edu
huit.harvard.edu
Subject Issuer Validity Valid
harvardtotalrewards.ehr.com
GlobalSign RSA OV SSL CA 2018		 2021-10-20 -
2022-11-21		 a year crt.sh
hk20-key-auth.iam.harvard.edu
InCommon RSA Server CA		 2021-09-20 -
2022-09-20		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Frame ID: 6A74110481A309ABA02B15A12300E7AC
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HarvardKey - Harvard University Authentication Service

Page URL History Show full URLs

  1. https://harvardtotalrewards.ehr.com/default.ashx HTTP 302
    https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE Page URL
  2. https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGINCHOICE Page URL
  3. https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=SPSAML&TARGET=harvard-estmt&RELAYSTATE= Page URL
  4. https://key-idp.iam.harvard.edu/idp/profile/SAML2/POST/SSO HTTP 302
    https://key-idp.iam.harvard.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
    https://key-idp.iam.harvard.edu/idp/Authn/External?conversation=e1s1 HTTP 302
    https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExte... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

2
IPs

1
Countries

1461 kB
Transfer

2629 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://harvardtotalrewards.ehr.com/default.ashx HTTP 302
    https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE Page URL
  2. https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGINCHOICE Page URL
  3. https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=SPSAML&TARGET=harvard-estmt&RELAYSTATE= Page URL
  4. https://key-idp.iam.harvard.edu/idp/profile/SAML2/POST/SSO HTTP 302
    https://key-idp.iam.harvard.edu/idp/profile/SAML2/POST/SSO?execution=e1s1 HTTP 302
    https://key-idp.iam.harvard.edu/idp/Authn/External?conversation=e1s1 HTTP 302
    https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://harvardtotalrewards.ehr.com/default.ashx HTTP 302
  • https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
default.ashx
harvardtotalrewards.ehr.com/
Redirect Chain
  • https://harvardtotalrewards.ehr.com/default.ashx?
  • https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
561 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.146.142 Katy, United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
d2f7d9fde94b19472e94dfb276ce6f8992a480339e53ba50909fa4ad639bde03
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Length
561
Content-Security-Policy
default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html; charset=utf-8
Date
Wed, 03 Aug 2022 14:02:04 GMT
Expires
Tue, 02 Aug 2022 21:22:04 GMT
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN

Redirect headers

Cache-Control
private
Content-Length
168
Content-Security-Policy
default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html; charset=utf-8
Date
Wed, 03 Aug 2022 14:02:04 GMT
Expires
Tue, 02 Aug 2022 21:22:04 GMT
Location
/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
default.ashx
harvardtotalrewards.ehr.com/ 		634 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGINCHOICE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.146.142 Katy, United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
1cf36bece3f4f81a1f4627b4fd5753fd45f0710b936ad14e021e67564f320500
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://harvardtotalrewards.ehr.com
Referer
https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Length
634
Content-Security-Policy
default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html; charset=utf-8
Date
Wed, 03 Aug 2022 14:02:04 GMT
Expires
Tue, 02 Aug 2022 21:22:04 GMT
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
default.ashx
harvardtotalrewards.ehr.com/ 		6 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=SPSAML&TARGET=harvard-estmt&RELAYSTATE=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.146.142 Katy, United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://harvardtotalrewards.ehr.com
Referer
https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGINCHOICE
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Length
5869
Content-Security-Policy
default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html
Date
Wed, 03 Aug 2022 14:02:04 GMT
Expires
Tue, 02 Aug 2022 21:22:05 GMT
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
Primary Request login
www.pin1.harvard.edu/cas/
Redirect Chain
  • https://key-idp.iam.harvard.edu/idp/profile/SAML2/POST/SSO
  • https://key-idp.iam.harvard.edu/idp/profile/SAML2/POST/SSO?execution=e1s1
  • https://key-idp.iam.harvard.edu/idp/Authn/External?conversation=e1s1
  • https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
23 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
effac42dfe78a66fc2dc20fd3c64c58e4a1dc71eb04bbb8d3b3d002da33d7a16
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://harvardtotalrewards.ehr.com
Referer
https://harvardtotalrewards.ehr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-language
de-DE
content-type
text/html;charset=UTF-8
date
Wed, 03 Aug 2022 14:02:07 GMT
expires
0
pragma
no-cache
server
Apereo CAS
strict-transport-security
max-age=15768000 ; includeSubDomains
vary
accept-encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

cache-control
private
content-length
0
content-security-policy
frame-ancestors 'none';
date
Wed, 03 Aug 2022 14:02:06 GMT
location
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
strict-transport-security
max-age=0
x-frame-options
DENY
normalize.css
www.pin1.harvard.edu/cas/webjars/normalize.css/8.0.1/ 		6 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/normalize.css/8.0.1/normalize.css
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
580818700724d42d7fcc4979b0197971fca1c6d2e0286769237a0ac897df5512
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
text/css;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
6138
x-xss-protection
1; mode=block
bootstrap-grid.min.css
www.pin1.harvard.edu/cas/webjars/bootstrap/4.6.0/css/ 		49 KB
50 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/bootstrap/4.6.0/css/bootstrap-grid.min.css
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
158cf68fff05fa7b67dab1734752e67e4d4dcf08a3bbb3e046d5cd9cbc3bd86b
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
text/css;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
50636
x-xss-protection
1; mode=block
material-components-web.css
www.pin1.harvard.edu/cas/webjars/material-components-web/10.0.0/dist/ 		499 KB
500 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/material-components-web/10.0.0/dist/material-components-web.css
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
2a0b5ab24475e6aa6916f4e4303bf7efa83858b9983545fe3d1c860ea1ebc9a3
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
text/css;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
511270
x-xss-protection
1; mode=block
materialdesignicons.css
www.pin1.harvard.edu/cas/webjars/mdi__font/5.8.55/css/ 		319 KB
320 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/mdi__font/5.8.55/css/materialdesignicons.css
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
eb1a3c38989d48bf7ea4bdfc076b953114b940fc2c18f657b8f9d430475236fe
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
text/css;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
326347
x-xss-protection
1; mode=block
cas.css
www.pin1.harvard.edu/cas/css/ 		23 KB
23 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/css/cas.css
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
b2e3147a2d14599b0bd2753556910af4d494e8b0f9dca7e98432f71a01c1bc01
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
text/css;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
23390
x-xss-protection
1; mode=block
es5-shim.js
www.pin1.harvard.edu/cas/webjars/es5-shim/4.5.9/ 		83 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/es5-shim/4.5.9/es5-shim.js
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
baa149cfca28ea70ccc424d5e526768f8177d7c2153ad2b6c0dd76693b66794a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
application/javascript;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-xss-protection
1; mode=block
css-vars-ponyfill.min.js
www.pin1.harvard.edu/cas/webjars/css-vars-ponyfill/2.3.1/dist/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/css-vars-ponyfill/2.3.1/dist/css-vars-ponyfill.min.js
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
b7fc55ab62b81eb54ae01de81fee15005fc4f62859ad8c050d6eb1275c8525b7
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
application/javascript;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-xss-protection
1; mode=block
jquery.min.js
www.pin1.harvard.edu/cas/webjars/jquery/3.6.0/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/jquery/3.6.0/jquery.min.js
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
ff1523fb7389539c84c65aba19260648793bb4f5e29329d2ee8804bc37a3fe6e
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
application/javascript;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-xss-protection
1; mode=block
material-components-web.js
www.pin1.harvard.edu/cas/webjars/material-components-web/10.0.0/dist/ 		1 MB
147 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/material-components-web/10.0.0/dist/material-components-web.js
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
1d22057c7ef47f1aa42bf5cb05597d66e3f0227914871f3c3dae953c94b30f99
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
application/javascript;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-xss-protection
1; mode=block
cas.js
www.pin1.harvard.edu/cas/js/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/js/cas.js
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
177aaab3f1a92ff971f4cee66f727e238ad41e0a7ce1011d9e659c9e4c7b5091
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

date
Wed, 03 Aug 2022 14:02:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
application/javascript;charset=UTF-8
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
x-xss-protection
1; mode=block
harvard-logo.svg
www.pin1.harvard.edu/cas/images/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.pin1.harvard.edu/cas/images/harvard-logo.svg
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
6f86fc78cc07771bc52e67130abd8a01a4fbe788918d6fb223b5d42e1c55331a
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.pin1.harvard.edu/cas/login?service=https%3A%2F%2Fkey-idp.iam.harvard.edu%2Fidp%2FAuthn%2FExternal%3Fconversation%3De1s1%26entityId%3Dhttps%3A%2F%2Fharvardtotalrewards.ehr.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 03 Aug 2022 14:02:07 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
image/svg+xml;charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
19490
x-xss-protection
1; mode=block
expires
0
materialdesignicons-webfont.woff2
www.pin1.harvard.edu/cas/webjars/mdi__font/5.8.55/fonts/ 		312 KB
314 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.pin1.harvard.edu/cas/webjars/mdi__font/5.8.55/fonts/materialdesignicons-webfont.woff2?v=5.8.55
Requested by
Host: www.pin1.harvard.edu
URL: https://www.pin1.harvard.edu/cas/webjars/mdi__font/5.8.55/css/materialdesignicons.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.225.225.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-225-225-233.compute-1.amazonaws.com
Software
Apereo CAS /
Resource Hash
4e5e3a08174fdcc2aae6a421bba2e4e4b752d060fa9fc1edf1af95c83c657ad6
Security Headers
Name Value
Strict-Transport-Security max-age=15768000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.pin1.harvard.edu/cas/webjars/mdi__font/5.8.55/css/materialdesignicons.css
Origin
https://www.pin1.harvard.edu
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.5112.79 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 03 Aug 2022 14:02:08 GMT
x-content-type-options
nosniff
last-modified
Tue, 26 Jul 2022 15:51:32 GMT
server
Apereo CAS
x-frame-options
DENY
content-type
application/font-woff2;charset=UTF-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
strict-transport-security
max-age=15768000 ; includeSubDomains
accept-ranges
bytes
vary
Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-length
319984
x-xss-protection
1; mode=block
expires
0

Verdicts & Comments Add Verdict or Comment

29 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation undefined| returnExports function| cssVars function| $ function| jQuery object| mdc function| randomWord function| copyClipboard function| requestGeoPosition function| logGeoLocationError function| showGeoPosition function| preserveAnchorTagOnForm function| preventFormResubmission function| resourceLoadedSuccessfully boolean| isResourceLoaded boolean| trackGeoLocation object| googleAnalyticsTrackingId number| countMessages string| username boolean| disabled string| j function| preserveAnchorTagOnFormTemp

11 Cookies

Domain/Path Name / Value
key-idp.iam.harvard.edu/idp Name: JSESSIONID
Value: 7BBADB3EC10C0761B6C1044955235685
harvardtotalrewards.ehr.com/ Name: HarvardTCSApp
Value: %60%7d%bc%197%d9%d4%02%40%a2b%99(d%7b%e70Q%04%9d%bf%100%f0%ee%02%8aK%fd%11%efq%0e%f9f%07%ae%1bw%7d%80%98%d3%0d%ca%86p!
harvardtotalrewards.ehr.com/ Name: HarvardTCSSessionHistory_Insert
Value: False
harvardtotalrewards.ehr.com/ Name: HarvardTCSSessionHistory_Key
Value: c1b2b23a-3be3-423f-b8ae-6ec7fc5034ac
harvardtotalrewards.ehr.com/ Name: HarvardTCSSessionHistory_Id
Value: 9941547
harvardtotalrewards.ehr.com/ Name: f5-cookie
Value: 2279062794.0.0000
harvardtotalrewards.ehr.com/ Name: TS01613487
Value: 01bfca5a25ddc1466f228cd2933ab1154c139ffff1e69c1ca84bb9ca79ef545c4f54a51b697706e13083291e1479a9dc1ccbddf40e0dc59adeb3ff1acad052f448a326826ae76daf9048ccedd8c6fb509679a9344d45c23a58d18bb160f02db35c1626c0bda69a8fa89d874be0bd9126f430770444b9964157a39c5231feb0b74e233ab9c0
key-idp.iam.harvard.edu/ Name: AWSALB
Value: SvcIorgIk5yTn9VqZcRsicW/tkGq4AWFmWqtiTTdcsP7ZbMoVRXMJiugdPiugo8fbYYNavtrHLmPgm0+Bz8oCSTslZZC6+ExfVyz9HldOIBSqDuEhXmH/Y2BqVQ9
key-idp.iam.harvard.edu/ Name: AWSALBCORS
Value: SvcIorgIk5yTn9VqZcRsicW/tkGq4AWFmWqtiTTdcsP7ZbMoVRXMJiugdPiugo8fbYYNavtrHLmPgm0+Bz8oCSTslZZC6+ExfVyz9HldOIBSqDuEhXmH/Y2BqVQ9
www.pin1.harvard.edu/ Name: AWSALB
Value: N2bT8rYmY/1GX2bFZpQLY4vgMxi0qYSPxGa+/DddySotcgo37MkJhFWrbsicmFGpZPNxk2BDyFCk4bfYJIrZrezYK9mG1BtZ/ZIndkyrEQcuJC3gd59O4FuwIw0C
www.pin1.harvard.edu/ Name: AWSALBCORS
Value: N2bT8rYmY/1GX2bFZpQLY4vgMxi0qYSPxGa+/DddySotcgo37MkJhFWrbsicmFGpZPNxk2BDyFCk4bfYJIrZrezYK9mG1BtZ/ZIndkyrEQcuJC3gd59O4FuwIw0C

2 Console Messages

Source Level URL
Text
security error URL: https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGIN&NOUSER=TRUE(Line 4)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
security error URL: https://harvardtotalrewards.ehr.com/default.ashx?CLASSNAME=LOGINCHOICE(Line 3)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: ; font-src * data:; connect-src 'self'; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block