urlscan.io logo urlscan.io
SecurityTrails logo

www.ebt.ca.gov Open in urlscan Pro
23.12.147.77  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.ebt.ca.gov/cardholder/
Submission: On April 11 via api from US — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 2 domains to perform 13 HTTP transactions. The main IP is 23.12.147.77, located in Sterling, United States and belongs to AKAMAI-ASN1, NL. The main domain is www.ebt.ca.gov. The Cisco Umbrella rank of the primary domain is 354478.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on July 14th 2022. Valid for: a year.
This is the only time www.ebt.ca.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 23.12.147.77 20940 (AKAMAI-ASN1)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
1 2600:141b:13:... 20940 (AKAMAI-ASN1)
13 4
Apex Domain
Subdomains		 Transfer
11 ca.gov
www.ebt.ca.gov — Cisco Umbrella Rank: 354478
459 KB
2 go-mpulse.net
s.go-mpulse.net — Cisco Umbrella Rank: 1312
c.go-mpulse.net — Cisco Umbrella Rank: 662
51 KB
13 2
Domain Requested by
11 www.ebt.ca.gov www.ebt.ca.gov
1 c.go-mpulse.net s.go-mpulse.net
1 s.go-mpulse.net www.ebt.ca.gov
13 3
Subject Issuer Validity Valid
www.ebt.ca.gov
Sectigo RSA Organization Validation Secure Server CA		 2022-07-14 -
2023-07-14		 a year crt.sh
akstat.io
DigiCert TLS RSA SHA256 2020 CA1		 2023-04-05 -
2024-04-04		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.ebt.ca.gov/cardholder/
Frame ID: AC5293C9B5E042B0125CECF5D9739D99
Requests: 13 HTTP requests in this frame

Frame: https://s.go-mpulse.net/boomerang/47BZE-3TL5R-TDNMS-R4AQH-W3WXQ
Frame ID: 3C1037216D7B0E8746399DFA43E71935
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CardHolder Portal

Detected technologies

Overall confidence: 100%
Detected patterns

Page Statistics

13
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

4
IPs

1
Countries

510 kB
Transfer

2586 kB
Size

3
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.ebt.ca.gov/cardholder/ 		5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
00ca1a44c6954924f4df2d5b0e27ea0b5fc4e39634529e062814db28abf9b08b
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src https://www.ebt.ca.gov/akam/13/ * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-language
en-CA
content-length
2670
content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src https://www.ebt.ca.gov/akam/13/ * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-type
text/html;charset=UTF-8
date
Tue, 11 Apr 2023 17:05:16 GMT
expires
0
last-modified
Sat, 25 Feb 2023 07:10:40 GMT
pragma
no-cache
server
Apache
server-timing
cdn-cache; desc=MISS edge; dur=15 origin; dur=286 ak_p; desc="467009_387977293_3213560385_30019_8855_24_0";dur=1
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Origin,Accept-Encoding,Access-Control-Request-Method,Access-Control-Request-Headers
x-akamai-transformed
9 750 0 pmb=mTOE,2mRUM,1
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN DENY
x-xss-protection
1; mode=block 1; mode=block
main.css
www.ebt.ca.gov/cardholder/build/ 		513 KB
63 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/build/main.css
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f45f4574dbfe02e0b041c9a2a6bfb0c9446e440897c395cb269499e24c62f30f
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 11 Apr 2023 17:05:16 GMT
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
max-age=36288
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467009_387977293_3213562125_39_9007_24_0";dur=1
accept-ranges
bytes
content-length
64095
x-xss-protection
1; mode=block
expires
Wed, 12 Apr 2023 03:10:04 GMT
68d54fbf
www.ebt.ca.gov/akam/13/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/akam/13/68d54fbf
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5a35d0d1d1ad17032ca2c71ff99ad6d80f017057c335fd63bee4551ee73b86eb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 11 Apr 2023 17:05:22 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000 ; includeSubDomains
last-modified
Wed, 09 Feb 2022 15:13:29 GMT
etag
"ef62794da39981b64e6a72c08cc56f46b4bed61e6d4fba82aa4b105bfc076841"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=0, no-cache, no-store
server-timing
cdn-cache; desc=HIT, edge; dur=5740, ak_p; desc="467009_387977293_3213562130_574001_6561_30_0";dur=1
content-length
8760
expires
Tue, 11 Apr 2023 17:05:22 GMT
polyfills.js
www.ebt.ca.gov/cardholder/build/ 		95 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/build/polyfills.js
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
576c4409a195c783991e969bdee3f2b53b8bd0e948ce86f81359b580ee0f95d3
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 11 Apr 2023 17:05:16 GMT
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=36232
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467009_387977293_3213562127_440_11014_24_0";dur=1
accept-ranges
bytes
content-length
33294
x-xss-protection
1; mode=block
expires
Wed, 12 Apr 2023 03:09:08 GMT
vendor.js
www.ebt.ca.gov/cardholder/build/ 		964 KB
216 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/build/vendor.js
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
26d415f72679b1bb9fe1a9b443e45397a762935f981891ff0372f3cf3baa235d
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 11 Apr 2023 17:05:16 GMT
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=36361
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467009_387977293_3213562128_49_8876_24_0";dur=1
accept-ranges
bytes
content-length
220409
x-xss-protection
1; mode=block
expires
Wed, 12 Apr 2023 03:11:17 GMT
main.js
www.ebt.ca.gov/cardholder/build/ 		690 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/build/main.js
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
652691d6967afd36fb7c65af6afd56df771eaff104da516b0cad81129f9a7e8b
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 11 Apr 2023 17:05:16 GMT
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=38138
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467009_387977293_3213562129_45_8656_24_0";dur=1
accept-ranges
bytes
content-length
78929
x-xss-protection
1; mode=block
expires
Wed, 12 Apr 2023 03:40:54 GMT
47BZE-3TL5R-TDNMS-R4AQH-W3WXQ
s.go-mpulse.net/boomerang/ Frame 3C10 		202 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.go-mpulse.net/boomerang/47BZE-3TL5R-TDNMS-R4AQH-W3WXQ
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:13:7a5::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
95a439c4e11ace2484e8d42c30ff56cf7db5ea7c6463df9ce2fdafa7f6ccbf54

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Tue, 11 Apr 2023 17:05:16 GMT
content-encoding
br
last-modified
Thu, 09 Mar 2023 04:43:38 GMT
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=604800
x-n
S
timing-allow-origin
*
content-length
51580
upFrontMsg
www.ebt.ca.gov/cardholder/rest/ 		1 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/rest/upFrontMsg
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/build/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
1b2885dd37b2bee5d3a94ae9d2efdb1a3b8ee15c2db86c6567336b76bcf24149
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.ebt.ca.gov/cardholder/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff, nosniff
date
Tue, 11 Apr 2023 17:05:16 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
server-timing
cdn-cache; desc=MISS, edge; dur=7, origin; dur=73, ak_p; desc="467009_387977293_3213563312_7965_9889_23_0";dur=1
content-length
705
x-xss-protection
1; mode=block, 1; mode=block
pragma
no-cache
server
Apache
x-frame-options
SAMEORIGIN, DENY
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
expires
0
config.json
c.go-mpulse.net/api/ Frame 3C10 		51 B
323 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.go-mpulse.net/api/config.json?key=47BZE-3TL5R-TDNMS-R4AQH-W3WXQ&d=www.ebt.ca.gov&t=5604109&v=1.632.0&if=&sl=0&si=vv0zb70m1j-rsyngt&plugins=AK,ConfigOverride,Continuity,PageParams,IFrameDelay,AutoXHR,SPA,Angular,Backbone,Ember,History,RT,CrossDomain,BW,PaintTiming,NavigationTiming,ResourceTiming,Memory,CACHE_RELOAD,Errors,TPAnalytics,UserTiming,Akamai,LOGN&acao=&ak.ai=566120
Requested by
Host: s.go-mpulse.net
URL: https://s.go-mpulse.net/boomerang/47BZE-3TL5R-TDNMS-R4AQH-W3WXQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2600:141b:13:6ae::11a6 Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c10abc0b3ad0b9db419568e7c4629502140f06c8c2d7f62276f6271aabfb1d1a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Access-Control-Allow-Origin
*
Date
Tue, 11 Apr 2023 17:05:16 GMT
Cache-Control
private, max-age=120, stale-while-revalidate=60, stale-if-error=120
Connection
keep-alive
Timing-Allow-Origin
*
Content-Length
51
Content-Type
application/json
header-ca.gov.png
www.ebt.ca.gov/cardholder/assets/img/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ebt.ca.gov/cardholder/assets/img/header-ca.gov.png
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
f2af66415bb61e8f4f27140240d8f350728296bd4047b4aa712551beceb6253c
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
date
Tue, 11 Apr 2023 17:05:16 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/png
cache-control
max-age=86400
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467009_387977293_3213563996_39_9654_26_0";dur=1
accept-ranges
bytes
content-length
9750
x-xss-protection
1; mode=block
expires
Wed, 12 Apr 2023 17:05:16 GMT
header-background.jpg
www.ebt.ca.gov/cardholder/assets/img/ 		30 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.ebt.ca.gov/cardholder/assets/img/header-background.jpg
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/build/main.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
185f3aa9212a292bfa641fbce9b427265fe6599bce430bc78890a875a34e46ec
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://www.ebt.ca.gov/cardholder/build/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
date
Tue, 11 Apr 2023 17:05:16 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
server
Apache
x-frame-options
SAMEORIGIN
content-type
image/jpeg
cache-control
max-age=86400
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="467009_387977293_3213564050_159_9116_26_0";dur=1
accept-ranges
bytes
content-length
30813
x-xss-protection
1; mode=block
expires
Wed, 12 Apr 2023 17:05:16 GMT
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
63b693778274923011281f0c339ac4116f8a31b9d186d0657849380cd5bd34b7

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

Content-Type
image/png
en.json
www.ebt.ca.gov/cardholder/assets/i18n// 		39 KB
12 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/cardholder/assets/i18n//en.json
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/build/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
5639b1f86dbc1612ad832ccea4587cd251c4f13fcee4d1240ad2fc0c51d5de83
Security Headers
Name Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.ebt.ca.gov/cardholder/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

content-security-policy
default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Tue, 11 Apr 2023 17:05:22 GMT
server
Apache
strict-transport-security
max-age=31536000 ; includeSubDomains
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/json
server-timing
cdn-cache; desc=MISS, edge; dur=10, origin; dur=71, ak_p; desc="467009_387977293_3213587784_8078_11406_25_0";dur=1
accept-ranges
bytes
content-length
11217
x-xss-protection
1; mode=block
pixel_68d54fbf
www.ebt.ca.gov/akam/13/ 		0
730 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.ebt.ca.gov/akam/13/pixel_68d54fbf
Requested by
Host: www.ebt.ca.gov
URL: https://www.ebt.ca.gov/cardholder/build/polyfills.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.12.147.77 Sterling, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a23-12-147-77.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains

Request headers

Referer
https://www.ebt.ca.gov/cardholder/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 11 Apr 2023 17:05:22 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
server-timing
cdn-cache; desc=HIT, edge; dur=6, ak_p; desc="467009_387977293_3213589873_676_7573_24_0";dur=1
content-length
0
content-type
text/html

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 boolean| credentialless object| Ionic string| BOOMR_API_key object| BOOMR number| BOOMR_lstart string| bazadebezolkohpepadr object| MyBundle object| core object| __core-js_shared__ function| Zone function| __zone_symbol__Promise function| __zone_symbol__ZoneAwarePromise function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader function| webpackJsonp function| Hammer object| IonicNative object| ng object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__loadfalse object| BOOMR_mq object| __zone_symbol__beforeunloadfalse object| __zone_symbol__pagehidefalse object| __zone_symbol__pageshowfalse object| __zone_symbol__DOMContentLoadedfalse object| __zone_symbol__storagefalse object| __zone_symbol__orientationchangefalse number| BOOMR_configt object| __zone_symbol__onlinefalse object| __zone_symbol__offlinefalse object| __zone_symbol__statusTapfalse string| urhehlevkedkilrobacf number| BOOMR_onload function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener undefined| __zone_symbol__eventListeners undefined| __zone_symbol__removeAllListeners function| eventListeners function| removeAllListeners

3 Cookies

Domain/Path Name / Value
.ca.gov/ Name: RT
Value: "z=1&dm=ca.gov&si=vv0zb70m1j&ss=lgcijul3&sl=0&tt=0"
.ebt.ca.gov/ Name: bm_sv
Value: EA414D66037BAF6FB29ACEE473505B0F~YAAQTRAgF5eAcFuHAQAAPHpHcRPIVFOoa8nnNGjiev2Kejpl3/Sp0QfMfQKfLMIduQ596GCal38IdlktTzm/MthCW+iAEPZp6hg4PdzOBQ6YkIoVmDGlFzHSRQ4jvMPmUYhRDH0bPJYkCiAUMJjwoDdyBohfead+Gpli5gK7393nNGQDdvXsPCA3CPco9aGeoJDS0BbMqaeHbg5aqFqdxedesYWwFesP9xlhlkbEw0MFcl9i9B1w7WILOVUcU3+O~1
.ebt.ca.gov/ Name: ak_bmsc
Value: 1EB1C4DAAB7652AF4757D30A599B9EDB~000000000000000000000000000000~YAAQTRAgF/mAcFuHAQAA33tHcROb9wKgcbuW/m8jimKSpzfCRniAOVa4pSk/XN1uv+JRFxSx/p9Uctk4kpPVwvu3+2Iu6Xsixkry/oGuFkXFiO9i7T0hjaPCSHbOAChpFVCdErErHmt0x6p7EompSQjrdrV4TIf5Vs2lTxd1bbbuR7IPYfNhUAwGmbAGNDWUi0S2ndNvQYjywjTihb9sPjqh7laRJEmj/lfeOWu/ftU0Ig0YA4hlefzoHFle067ywrhIwUaOvUKYtJL04agJhyO0Tr1KlpOCTpbDHATNnqeW3MzU+Iw8jZUhD4SsFOcWlt91LLCQDtvWYbBVKCjz4L0R6bZA77PkKeC9JE5AarvzcvYngsrRWxmA6aeIq9otAEsM3518f5g7fZ874kNvM2eGLFgbjpHh240OoujKZ8hwWBGXETiB4dDNYeubIANsWAWo7m0xfeR4PyP4XzCB2PoCIGNWIYuvJxGxFoGamqUxsFck7NEmB3ILhFY=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src *; style-src * 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline'; connect-src https://www.ebt.ca.gov/akam/13/ * 'unsafe-inline'; frame-src *; font-src * data: 'unsafe-inline'; frame-ancestors 'self';
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block 1; mode=block