urlscan.io logo urlscan.io
SecurityTrails logo

sts.webhelp.com Open in urlscan Pro
20.73.35.146  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nw.myworkday.com/api/workday_auth?state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195
Effective URL: https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/logi...
Submission: On July 03 via manual from NI — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 3 domains to perform 15 HTTP transactions. The main IP is 20.73.35.146, located in Amsterdam, Netherlands and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is sts.webhelp.com.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on September 7th 2023. Valid for: a year.
This is the only time sts.webhelp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.239.36.36 16509 (AMAZON-02)
8 52.32.94.220 16509 (AMAZON-02)
2 2 37.0.1.24 198301 (WKD-AS)
7 20.73.35.146 8075 (MICROSOFT...)
15 3
Apex Domain
Subdomains		 Transfer
10 workday.com
auth.api.workday.com — Cisco Umbrella Rank: 342817
wd3-impl.workday.com — Cisco Umbrella Rank: 107099
692 KB
7 webhelp.com
sts.webhelp.com
207 KB
1 myworkday.com
nw.myworkday.com — Cisco Umbrella Rank: 426838
550 B
15 3
Domain Requested by
8 auth.api.workday.com auth.api.workday.com
7 sts.webhelp.com auth.api.workday.com
sts.webhelp.com
2 wd3-impl.workday.com 2 redirects
1 nw.myworkday.com 1 redirects
15 4

This site contains no links.

Subject Issuer Validity Valid
api.workday.com
Amazon RSA 2048 M03		 2024-04-23 -
2025-05-22		 a year crt.sh
sts.webhelp.com
GeoTrust TLS RSA CA G1		 2023-09-07 -
2024-09-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Frame ID: A778A160D116DB944F90CD0DA5E7D1DD
Requests: 16 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Startbereichsermittlung

Page URL History Show full URLs

  1. https://nw.myworkday.com/api/workday_auth?state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195 HTTP 302
    https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&resp... Page URL
  2. https://wd3-impl.workday.com/webhelp/authorize?client_id=NmMzNDFlMDgtZDk3Zi00OWNmLTgwYTYtNTg5MzY3Y2RhNGU5... HTTP 302
    https://wd3-impl.workday.com/wday/authgwy/webhelp/authorize?response_type=code&from=octopaas&redirect_uri... HTTP 302
    https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Page Statistics

15
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

3
IPs

3
Countries

897 kB
Transfer

889 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nw.myworkday.com/api/workday_auth?state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195 HTTP 302
    https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb Page URL
  2. https://wd3-impl.workday.com/webhelp/authorize?client_id=NmMzNDFlMDgtZDk3Zi00OWNmLTgwYTYtNTg5MzY3Y2RhNGU5&from=octopaas&redirect_uri=https%3A%2F%2Fauth.api.workday.com%2Frouter&response_type=code&state=8d888629169a62480457f7a6 HTTP 302
    https://wd3-impl.workday.com/wday/authgwy/webhelp/authorize?response_type=code&from=octopaas&redirect_uri=https%3A%2F%2Fauth.api.workday.com%2Frouter&state=8d888629169a62480457f7a6&client_id=NmMzNDFlMDgtZDk3Zi00OWNmLTgwYTYtNTg5MzY3Y2RhNGU5 HTTP 302
    https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://nw.myworkday.com/api/workday_auth?state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195 HTTP 302
  • https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb

15 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
authorize
auth.api.workday.com/v1/
Redirect Chain
  • https://nw.myworkday.com/api/workday_auth?state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195
  • https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
3c6efa8d6b3d63c7976d1007c1fac1d357d7589fb593db52f7bb7610e1272f3f
Security Headers
Name Value
Content-Security-Policy script-src 'self' https://auth.api.workday.com https://api.eu.wcp.workday.com/auth https://api.us.wcp.workday.com/auth; base-uri 'none'; img-src 'self' data:; default-src 'self'; object-src 'none'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options allow-from
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
content-length
1134
content-security-policy
script-src 'self' https://auth.api.workday.com https://api.eu.wcp.workday.com/auth https://api.us.wcp.workday.com/auth; base-uri 'none'; img-src 'self' data:; default-src 'self'; object-src 'none'; frame-ancestors 'self'
content-type
text/html; charset=UTF-8
date
Wed, 03 Jul 2024 17:56:12 GMT
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
request-time
6
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin
x-content-type-options
nosniff
x-frame-options
allow-from
x-permitted-cross-domain-policies
master-only
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
application/json
date
Wed, 03 Jul 2024 17:56:11 GMT
location
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront), 1.1 7333604337e68c1ea3a1a85e9b6be668.cloudfront.net (CloudFront)
x-amz-apigw-id
aWONXG6lPHcEtqg=
x-amz-cf-id
yQkalgQbt0bfY5GPhW90H5-E2P3dEsotKdi9_PkhVtREPVu6f3cYQQ==
x-amz-cf-pop
FRA56-P2 AMS58-P2
x-amzn-requestid
6af4ed7b-934d-4ce6-ad1c-3cdcda84b370
x-amzn-trace-id
Root=1-668590bb-631c7d6b687741a627d4c84c;Sampled=1;lineage=cda8d37b:0
x-cache
Miss from cloudfront
canvas-kit-css.css
auth.api.workday.com/assets/stylesheets/1.3.0/ 		109 KB
109 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/assets/stylesheets/1.3.0/canvas-kit-css.css
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e969b1ca9c71f5757c3b3783275ab84cd6a9cc1c8471b621bf24e5dcd4b1f64a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
x-permitted-cross-domain-policies
master-only
etag
"c2579856bda6a12de2e005ca12d75370c6638b77"
request-time
1
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
111178
x-xss-protection
1; mode=block
main.d49ac0a5.css
auth.api.workday.com/assets/react/static/css/ 		10 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/assets/react/static/css/main.d49ac0a5.css
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
8c53905bd421ca52cefb06f088bbc4f264084faf72896fd5460027d6feb41991
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
x-permitted-cross-domain-policies
master-only
etag
"b4656ec24d08060b534116dc7ca6c4a5dc1d800a"
request-time
1
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
10017
x-xss-protection
1; mode=block
javascriptRoutes
auth.api.workday.com/ 		39 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/javascriptRoutes
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
be57ecf3435fec6bd258e32d72c6b709baf00a16bcc4741601d2b2729e6dd6c5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
request-time
2
x-frame-options
DENY
content-type
application/javascript
content-length
40178
x-xss-protection
1; mode=block
main.5402b44d.js
auth.api.workday.com/assets/react/static/js/ 		519 KB
520 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/assets/react/static/js/main.5402b44d.js
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
d9f637c4620908b2409ebf89b8d8dbc085829ce400091658991375f599d31278
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:12 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
x-permitted-cross-domain-policies
master-only
etag
"0f6493c0d8561e3f23110f834e2a8f4d44f098f2"
request-time
0
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
531170
x-xss-protection
1; mode=block
auth
auth.api.workday.com/v1/ 		367 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/v1/auth
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/assets/react/static/js/main.5402b44d.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
6256d61937e8042d3ce288edc470be7929f169bad958d136968b872764e0922c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
x-wd-request-id
OCTO|1cdfbf56-df51-415b-b2c3-40cd6d113155
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
content-type
application/json
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
x-permitted-cross-domain-policies
master-only
x-frame-options
DENY
vary
Origin
content-type
application/json
request-time
14
access-control-allow-origin
https://auth.api.workday.com
access-control-max-age
86400
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-headers
Accept, Origin, Content-type, authorization
content-length
367
x-xss-protection
1; mode=block
logo.01edd041.svg
auth.api.workday.com/static/media/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://auth.api.workday.com/static/media/logo.01edd041.svg
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
809d7a1ca7cf817c2c846ca012f2bd3d525450419f6a97cd6eb1f89323ac0560
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:17 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
x-permitted-cross-domain-policies
master-only
etag
"9631e5d15d741875050ba37e28ea9b4503854d49"
request-time
1
x-frame-options
DENY
content-type
image/svg+xml
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
4739
x-xss-protection
1; mode=block
wcp-favicon.ico
auth.api.workday.com/assets/images/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://auth.api.workday.com/assets/images/wcp-favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.32.94.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-32-94-220.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
x-permitted-cross-domain-policies
master-only
etag
"43c5bc5692e8421decf56ee61f6af02b833a48c3"
request-time
1
x-frame-options
DENY
content-type
image/x-icon
cache-control
public, max-age=3600
accept-ranges
bytes
content-length
1150
x-xss-protection
1; mode=block
Primary Request idpinitiatedSignon.aspx
sts.webhelp.com/adfs/ls/
Redirect Chain
  • https://wd3-impl.workday.com/webhelp/authorize?client_id=NmMzNDFlMDgtZDk3Zi00OWNmLTgwYTYtNTg5MzY3Y2RhNGU5&from=octopaas&redirect_uri=https%3A%2F%2Fauth.api.workday.com%2Frouter&response_type=code&s...
  • https://wd3-impl.workday.com/wday/authgwy/webhelp/authorize?response_type=code&from=octopaas&redirect_uri=https%3A%2F%2Fauth.api.workday.com%2Frouter&state=8d888629169a62480457f7a6&client_id=NmMzND...
  • https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
22 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Requested by
Host: auth.api.workday.com
URL: https://auth.api.workday.com/assets/react/static/js/main.5402b44d.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
73ce182eabb6abeb69f6207fa1df2642fc7f5b7da984f9cb506fe4b6019de3ce
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Frame-Options allow-from https://wbh.eu.centrical.me/w/game/link/2
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache,no-store
content-length
23009
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
content-type
text/html; charset=utf-8
date
Wed, 03 Jul 2024 17:56:18 GMT
expires
-1
p3p
ADFS doesn't have P3P policy, please contact your site's admin for more details
pragma
no-cache
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
strict-transport-security
max-age = 31536000
x-content-type-options
nosniff
x-frame-options
allow-from https://wbh.eu.centrical.me/w/game/link/2
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cache-control
no-store, no-cache
cf-cache-status
MISS
cf-ray
89d8c05dc91a2671-TXL
content-language
de-DE
content-length
0
date
Wed, 03 Jul 2024 17:56:18 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
location
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-robots-tag
noindex, nofollow
style.css
sts.webhelp.com/adfs/portal/css/ 		22 KB
22 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sts.webhelp.com/adfs/portal/css/style.css?id=5332B2B5DFB1403616C6FD20DFC7C06DE22AB6649D4913FB90FC381079EA46DF
Requested by
Host: sts.webhelp.com
URL: https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
5332b2b5dfb1403616c6fd20dfc7c06de22ab6649d4913fb90fc381079ea46df
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:19 GMT
strict-transport-security
max-age = 31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
etag
5332B2B5DFB1403616C6FD20DFC7C06DE22AB6649D4913FB90FC381079EA46DF
content-type
text/css
content-length
22463
x-xss-protection
1; mode=block
expires
Fri, 02 Aug 2024 17:56:19 GMT
logo.png
sts.webhelp.com/adfs/portal/logo/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.webhelp.com/adfs/portal/logo/logo.png?id=72ADA00298749F500394FF0CB0E2666F5CB093D903C56E4FC66B8C2D6AE25D93
Requested by
Host: sts.webhelp.com
URL: https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
72ada00298749f500394ff0cb0e2666f5cb093d903c56e4fc66b8c2d6ae25d93
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:19 GMT
strict-transport-security
max-age = 31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
etag
72ADA00298749F500394FF0CB0E2666F5CB093D903C56E4FC66B8C2D6AE25D93
content-type
image/png
content-length
9124
x-xss-protection
1; mode=block
expires
Fri, 02 Aug 2024 17:56:19 GMT
idp.png
sts.webhelp.com/adfs/portal/images/idp/ 		931 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.webhelp.com/adfs/portal/images/idp/idp.png?id=3EADD3E829A20DF612C7A77960FF811E66E3EE6BAE2C33C9B20E7478BAC87548
Requested by
Host: sts.webhelp.com
URL: https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
3eadd3e829a20df612c7a77960ff811e66e3ee6bae2c33c9b20e7478bac87548
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:19 GMT
strict-transport-security
max-age = 31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
etag
3EADD3E829A20DF612C7A77960FF811E66E3EE6BAE2C33C9B20E7478BAC87548
content-type
image/png
content-length
931
x-xss-protection
1; mode=block
expires
Fri, 02 Aug 2024 17:56:19 GMT
localsts.png
sts.webhelp.com/adfs/portal/images/idp/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.webhelp.com/adfs/portal/images/idp/localsts.png?id=A3911892BE04D81EBA5A8E0C74F77099AA1DB05E542FBFCC78C9DF4B0EC0E3A6
Requested by
Host: sts.webhelp.com
URL: https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
a3911892be04d81eba5a8e0c74f77099aa1db05e542fbfcc78c9df4b0ec0e3a6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:19 GMT
strict-transport-security
max-age = 31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
etag
A3911892BE04D81EBA5A8E0C74F77099AA1DB05E542FBFCC78C9DF4B0EC0E3A6
content-type
image/png
content-length
1977
x-xss-protection
1; mode=block
expires
Fri, 02 Aug 2024 17:56:19 GMT
truncated
/ 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
44c09a1300a946429d86582c5416de91810a9fe3cf55b31f852510fd0fe01a53

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
illustration.jpg
sts.webhelp.com/adfs/portal/illustration/ 		146 KB
147 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.webhelp.com/adfs/portal/illustration/illustration.jpg?id=4B1BC070209C5CA1347E9DAE7C947688F9434811CAC11D1CD22DB24AC5FF8397
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
4b1bc070209c5ca1347e9dae7c947688f9434811cac11d1cd22db24ac5ff8397
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:19 GMT
strict-transport-security
max-age = 31536000
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:; frame-src api-20e02457.duosecurity.com
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
etag
4B1BC070209C5CA1347E9DAE7C947688F9434811CAC11D1CD22DB24AC5FF8397
content-type
image/jpeg
content-length
149884
x-xss-protection
1; mode=block
expires
Fri, 02 Aug 2024 17:56:19 GMT
favicon.ico
sts.webhelp.com/ 		315 B
424 B 		Other
General
Check archive.org
Download Go to
Full URL
https://sts.webhelp.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.73.35.146 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
ce7127c38e30e92a021ed2bd09287713c6a923db9ffdb43f126e8965d777fbf0

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
https://sts.webhelp.com/adfs/ls/idpinitiatedSignon.aspx?loginToRp=https://wd3-impl.workday.com/wday/authgwy/webhelp/login-saml.htmld
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 03 Jul 2024 17:56:19 GMT
server
Microsoft-HTTPAPI/2.0 Microsoft-HTTPAPI/2.0
content-length
315
content-type
text/html; charset=us-ascii

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage function| HRDErrors function| InputUtil function| HRD undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration string| domain_hint string| mfaSecondFactorErr string| mfaProofupMessage object| authArea undefined| errorMessage undefined| openingMessage undefined| errorDetailsLink undefined| mfaRegisterUrl

11 Cookies

Domain/Path Name / Value
sts.webhelp.com/adfs Name: MSISSamlRequest
Value: QmFzZVVybD1odHRwcyUzYSUyZiUyZnN0cy53ZWJoZWxwLmNvbSUyZmFkZnMlMmZscyUyZlxTQU1MUmVxdWVzdD1sVkpOVDhNd0RQMHJWZTVwMm5YZDJxaXJOTEhMSkxnTXhJRUxDb20zUnJSSmlWTUslMmY1NTBBeWFFbU1UTnNmejhQcHdLUmRmMmZEMzR4dXpnWlFEMDBYYXpJbzlaa3FTcEtpVXR4YUtrOHd3a0xiSThweWtVSU1zOEtkUU1TSFFQRHJVMUt6S0xFeEp0RVFmWUd2VEMlMmJOQktabk9hTEdtUzNhVkxuaTk0V3NSRnVYd2cwU2F3YUNQOEVkbDQzeU5uREQzR0l6dzEwUGF4dEIwVGFvJTJic1JVYWlLMnNRcG8yRE05d0sxTWlONkFDNWwlMmZ4MmZYUE5Bem1YcHlFJTJiR094QjZyMEdSYUszcmpYSWp4WXZvM3RudlpXMkpYVjFOT0ZPME1zZ2dRaHVNa0hxeWNSZkhzTFFxNWFBekxzQmZjVk9CSFVWYkNrOXdmR2ZaTlY2VUJxTWhGM0kwV2s1ZGMlMmZOJTJiaXZRVVdWVWQzMGJqOVk5SyUyZkYlMmJWRFNHZ29sdzdjUDR6ajZsc3RZZXRLRlRUSEhqdTFaVjdIdlp1ZnhCeHM3aXclMmJQM0g2byUyZkFBJTNkJTNkXFByb3RvY29sQmluZGluZz11cm4lM2FvYXNpcyUzYW5hbWVzJTNhdGMlM2FTQU1MJTNhMi4wJTNhYmluZGluZ3MlM2FIVFRQLVJlZGlyZWN0XFNpZ25hdHVyZT1HWWY3SjhLamlocHpaM2JkMkJHaER3NWklMmZXckJ0RUVuWmJFMHdSeTZIWXhvRiUyYmg3aWlycE1sN1g4TUtuWkZVamhYSWpUNUZNQTl1U3AxNFlZd0dkVE1BTFBqNVpqYk94QlZ6UmNKOGMzYlFjNFlSJTJmJTJiU05ueDNUNGRkRjlqJTJmd2hzYjNOZ0JIdkYlMmZxQ0oyQWtidUhEdTJXTGk4M2NUc01PVERhaXo5SUVkb0ZmQnhzSWNJOU5zUndFRm5JUVdjdkxTamVsJTJianJ0eFlIUEoxajVONWFzUFplcCUyZjRZSk1UUkRCcW93YkN4TGpzSWU4JTJmOXJ1dkZ4ODVRdkxvd0V4N3NNVCUyYlpLV1MwT0NhOFBnWmhYMWhOa25FdkhLUEJ6OXRteWQlMmZ0UlZ4c2xNM3M4VFY4cExGJTJmTGVaTmhuUW5iVVR2YzVzM25jcGZoNzZDdEdjQ201ckMxSCUyYlZwVEt2SDR3Qm5VSVBzZTk5Y2JMeE51MkYwSEpYOUVGbmNLQ3pBdmllZk9GTlZxJTJmNmwweWU3VFhWRkdSZnVpcXAzdG5RSGNmY2Y1SFZvWE82VVlBSWZwbk5CNkZnYVVDNyUyZjhZVGNtMjE5dzlteE1MODJNa0dZSzM3Tk9KemtRQzFydGdnb2FxeXBZV09kRzNGR2FBUVg3d2ZpSkh3Z3Jrb2FQdjB2YTNLQklHMGExdnMwWUJYa0hCSTlUa3o0aWQ5eDhMZXl6SDd5Z0JKOUpZZUJBbGJkd1FUWVMlMmJOUWglMmI5eWk1QzVkSSUyYjBBSjVoOWYlMmJRTHNSMU9BMEJEbmluNjdiOTB0d244b1FReFd2MGFJQjB6azBhcTVLZTB1V0ZjT0R0QWpLJTJiU1VEUzRLSUZLYmdqaG9tVUxJSmJ5eFpwTktMJTJmanZVN2tTb1FROFZXVGM4bCUyZm9JJTNkXFNpZ0FsZz1odHRwJTNhJTJmJTJmd3d3LnczLm9yZyUyZjIwMDElMmYwNCUyZnhtbGRzaWctbW9yZSUyM3JzYS1zaGEyNTZcUXVlcnlTdHJpbmdIYXNoPTZoOWFIRXRyUnpQUVlBeVF1QjBHZWZNaFQlMmZBdVAwWmVUb3RsdEVxVUowbyUzZA==
auth.api.workday.com/ Name: AWSALB
Value: VTiNNcDJ5XE3oq9mgT/ohtaNIgjCgksa0wCq3UKXZT5MwCZxKFe5dc4PvSkhx7ambGeKa5jeTXFSDZGnk3sFp6UbTPpOdqTOjuHq9j01gtUY9X6dhlnj8D1DaSkI
auth.api.workday.com/ Name: AWSALBCORS
Value: VTiNNcDJ5XE3oq9mgT/ohtaNIgjCgksa0wCq3UKXZT5MwCZxKFe5dc4PvSkhx7ambGeKa5jeTXFSDZGnk3sFp6UbTPpOdqTOjuHq9j01gtUY9X6dhlnj8D1DaSkI
wd3-impl.workday.com/ Name: wd-browser-id
Value: 56794040-eb62-4f3b-b5c6-c05c2459eadb
wd3-impl.workday.com/ Name: WorkdayLB_UI
Value: 438999050.47670.0000
.wd3-impl.workday.com/ Name: __cf_bm
Value: _XFuBRuVN.4o234LCasJJ9mUyzQ0.OE5KC5tiBM.RMo-1720029378-1.0.1.1-Ldv.pxayqlxZLia9jTA0bLvfIXQCJJAIjoN3GtmnD4xagCutYAX5tKdCwV8WZJc1mD5L_dFnxR8TR_f1eLQYjA
wd3-impl.workday.com/ Name: __cflb
Value: 0H28vSF7oFDsTBiNkRDh6HDuxHAcbJAKet2ewppBGJp
.wd3-impl.workday.com/ Name: _cfuvid
Value: sZy9yJXMjwuUstz8lGkCkGbwqBQ4MpPM4xdPG.Etyls-1720029378164-0.0.1.1-604800000
wd3-impl.workday.com/ Name: JSESSIONID
Value: 6CFD29A0A166C01A32B7EDD3684CFA2E.authgwy-impl-axurjz9o.impl-ui-auth.np501.cust.dub.wd
wd3-impl.workday.com/ Name: wd-alt-sessionid
Value: 985ba9d1c8e337fe60b12e3406d1fedca41976f809e14b9bb9cb5a5a47ad2451.authgwy-impl-axurjz9o.impl-ui-auth.np501.cust.dub.wd
wd3-impl.workday.com/ Name: WorkdayLB_UIAUTHGWY
Value: 956405770.58935.0000

2 Console Messages

Source Level URL
Text
security error URL: https://auth.api.workday.com/v1/authorize?client_id=M2ZmNTA0N2MtYjlmOC00ODJmLWE5OWQtNmJmMWExZjc5YmNj&response_type=code&state=130750d7-5c5b-4e9d-a6c4-6f63f6a86195&tenantAlias=webhelp-sb(Line 16)
Message:
Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' https://auth.api.workday.com https://api.eu.wcp.workday.com/auth https://api.us.wcp.workday.com/auth". Either the 'unsafe-inline' keyword, a hash ('sha256-RBNvo1WzZ4oRRq0W9+hknpT7T8If536DEMBg9hyq/4o='), or a nonce ('nonce-...') is required to enable inline execution.
network error URL: https://sts.webhelp.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' https://auth.api.workday.com https://api.eu.wcp.workday.com/auth https://api.us.wcp.workday.com/auth; base-uri 'none'; img-src 'self' data:; default-src 'self'; object-src 'none'; frame-ancestors 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options allow-from
X-Xss-Protection 1; mode=block