hcsauth.health.ny.gov Open in urlscan Pro
54.83.180.32 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://commerce.health.state.ny.us/
Effective URL:
https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamls...
Submission: On December 11 via manual (December 11th 2024, 2:10:13 pm UTC) from US — Scanned from US

Summary HTTP 37 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 7 IPs in 1 countries across 6 domains to perform 37 HTTP transactions. The main IP is 54.83.180.32, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is hcsauth.health.ny.gov. The Cisco Umbrella rank of the primary domain is 126843.
TLS certificate: Issued by Amazon RSA 2048 M02 on February 26th 2024. Valid for: a year.

This is the only time hcsauth.health.ny.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
3 23	54.83.180.32 54.83.180.32	14618 (AMAZON-AES) (AMAZON-AES)
2	2607:f8b0:400... 2607:f8b0:4006:81d::2008	15169 (GOOGLE) (GOOGLE)
4 11	2606:4700::68... 2606:4700::6812:bca	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2607:f8b0:400... 2607:f8b0:4006:80b::200e	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:aca	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.67.163.237 172.67.163.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	3.129.32.16 3.129.32.16	16509 (AMAZON-02) (AMAZON-02)
37	7

23 54.83.180.32 (Ashburn, United States) 3 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-83-180-32.compute-1.amazonaws.com

commerce.health.state.ny.us	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hcsauth.health.ny.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:81d::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:bca (United States) 4 redirects

ASN13335 (CLOUDFLARENET, US)

static-assets.ny.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:80b::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:aca (United States)

ASN13335 (CLOUDFLARENET, US)

alerts-cta.static-assets.ny.gov	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.163.237 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.129.32.16 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-129-32-16.us-east-2.compute.amazonaws.com

6294241.global.r2.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	ny.gov 5 redirects hcsauth.health.ny.gov — Cisco Umbrella Rank: 126843 static-assets.ny.gov — Cisco Umbrella Rank: 38876 alerts-cta.static-assets.ny.gov — Cisco Umbrella Rank: 49941	596 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 36	21 KB
4	state.ny.us 2 redirects commerce.health.state.ny.us — Cisco Umbrella Rank: 109596	6 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	192 KB
1	siteimproveanalytics.io 6294241.global.r2.siteimproveanalytics.io — Cisco Umbrella Rank: 41749	149 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 3815	12 KB
37	6

	Domain	Requested by
19	hcsauth.health.ny.gov	1 redirects hcsauth.health.ny.gov
11	static-assets.ny.gov	4 redirects hcsauth.health.ny.gov static-assets.ny.gov
4	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
4	commerce.health.state.ny.us	2 redirects
2	alerts-cta.static-assets.ny.gov	static-assets.ny.gov
2	www.googletagmanager.com	hcsauth.health.ny.gov commerce.health.state.ny.us
1	6294241.global.r2.siteimproveanalytics.io
1	siteimproveanalytics.com	commerce.health.state.ny.us
37	8

This site contains links to these domains. Also see Links.

Domain
ny.gov
pub-contactus.health.ny.gov
blip.health.ny.gov
www.ny.gov

Subject Issuer	Validity	Valid
*.health.state.ny.us Amazon RSA 2048 M03	`2024-06-27` - `2025-07-27`	a year	crt.sh
*.health.ny.gov Amazon RSA 2048 M02	`2024-02-26` - `2025-03-27`	a year	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.ny.gov GlobalSign RSA OV SSL CA 2018	`2024-07-31` - `2025-07-20`	a year	crt.sh
alerts-cta.static-assets.ny.gov WE1	`2024-12-03` - `2025-03-03`	3 months	crt.sh
siteimproveanalytics.com WE1	`2024-10-17` - `2025-01-15`	3 months	crt.sh
*.global.r2.siteimproveanalytics.io Amazon RSA 2048 M02	`2024-09-02` - `2025-10-01`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL
Frame ID: 66352149F7B984B3A84EA4418C33C17E
Requests: 37 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Log on to the Health Commerce System

Page URL History Show full URLs

http://commerce.health.state.ny.us/ HTTP 307
https://commerce.health.state.ny.us/ HTTP 302
https://commerce.health.state.ny.us/hcs/index.html HTTP 302
https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html Page URL
https://hcsauth.health.ny.gov/samlsso HTTP 302
https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAut... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

37
Requests

89 %
HTTPS

57 %
IPv6

6
Domains

8
Subdomains

7
IPs

1
Countries

822 kB
Transfer

1784 kB
Size

13
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://ny.gov/

Search URL Search Domain Scan URL

URL: https://pub-contactus.health.ny.gov/
Title: Report a problem here

Search URL Search Domain Scan URL

URL: https://blip.health.ny.gov/
Title: HCS Status Dashboard

Search URL Search Domain Scan URL

URL: https://www.ny.gov/agencies
Title: Agencies

Search URL Search Domain Scan URL

URL: https://www.ny.gov/mobileapps
Title: App Directory

Search URL Search Domain Scan URL

URL: https://www.ny.gov/counties
Title: Counties

Search URL Search Domain Scan URL

URL: https://www.ny.gov/events
Title: Events

Search URL Search Domain Scan URL

URL: https://www.ny.gov/programs
Title: Programs

Search URL Search Domain Scan URL

URL: https://www.ny.gov/services
Title: Services

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://commerce.health.state.ny.us/ HTTP 307
https://commerce.health.state.ny.us/ HTTP 302
https://commerce.health.state.ny.us/hcs/index.html HTTP 302
https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html Page URL
https://hcsauth.health.ny.gov/samlsso HTTP 302
https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0

http://commerce.health.state.ny.us/ HTTP 307
https://commerce.health.state.ny.us/ HTTP 302
https://commerce.health.state.ny.us/hcs/index.html HTTP 302
https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html

Request Chain 14

https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js HTTP 301
https://static-assets.ny.gov/unav/js/unav-bundle.js

Request Chain 20

https://static-assets.ny.gov/unav/load/header.html HTTP 308
https://static-assets.ny.gov/unav/load/header

Request Chain 21

https://static-assets.ny.gov/unav/load/footer.html HTTP 308
https://static-assets.ny.gov/unav/load/footer

Request Chain 22

https://static-assets.ny.gov/unav/load/gtm.html HTTP 308
https://static-assets.ny.gov/unav/load/gtm

37 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

relogin Show response
commerce.health.state.ny.us/
Redirect Chain

http://commerce.health.state.ny.us/
https://commerce.health.state.ny.us/
https://commerce.health.state.ny.us/hcs/index.html
https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html

2 KB
3 KB

148ms
148ms

Document
text/html

54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

Resource Hash

d19bb15c193e611fff30d8cd041f9a89ccd5aeedb471c85cdb7627cdbdc45c92

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self';
Content-Type: text/html; charset=ISO-8859-1
Date: Wed, 11 Dec 2024 14:10:06 GMT
Expires: -1
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
X-Backside-Transport: FAIL FAIL
X-Frame-Options: SAMEORIGIN
X-Global-Transaction-ID: d6bbb37167599d3ea31d1f3d

Redirect headers

Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors 'self';
Date: Wed, 11 Dec 2024 14:10:06 GMT
Expires: -1
Location: /relogin?dest=/hcs/index.html
Pragma: no-cache
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
X-Backside-Transport: FAIL FAIL
X-Frame-Options: SAMEORIGIN
X-Global-Transaction-ID: d6bbb37167599d3e586e8743

GET
H/1.1

200

Primary Request login.do Show response
hcsauth.health.ny.gov/authenticationendpoint/
Redirect Chain

https://hcsauth.health.ny.gov/samlsso
https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionD...

74 KB
25 KB

183ms
182ms

Document
text/html

54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

36f130a58367bf43a65280c92952a0db1bd35696f1bb8c115b89daea9c971b22

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

Content-Type: application/x-www-form-urlencoded
Origin: https://commerce.health.state.ny.us
Referer: https://commerce.health.state.ny.us/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods: GET, POST
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
Content-Type: text/html;charset=UTF-8
Date: Wed, 11 Dec 2024 14:10:07 GMT
Expires: -1
Host: hcs-host
Pragma: no-cache
Server: HCS
Server-Timing: dtRpid;desc="-491741844", dtSInfo;desc="0"
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
X-Backside-Transport: OK OK
X-Content-Type-Options: nosniff
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
X-Global-Transaction-ID: d6bbb37167599d3f02b8689f
X-OneAgent-JS-Injection: true
X-WSO2-TraceId: %2Fhcs%2Findex.html
vary: accept-encoding

Redirect headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Encoding: gzip
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
Date: Wed, 11 Dec 2024 14:10:06 GMT
Expires: -1
Host: hcs-host
Location: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL
Pragma: no-cache
Server: HCS
Server-Timing: dtRpid;desc="927157747", dtTao;desc="1", dtSInfo;desc="0"
Strict-Transport-Security: max-age=31536000
Timing-Allow-Origin: *
Transfer-Encoding: chunked
X-Backside-Transport: OK OK
X-Content-Type-Options: nosniff
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
X-Global-Transaction-ID: d6bbb37167599d3e02b8688f
X-OneAgent-JS-Injection: true
X-WSO2-TraceId: 41f06e8c-22d3-43cf-864c-14d03c507069

GET
H/1.1 200
OK favicon.ico
commerce.health.state.ny.us/ 894 B
1 KB 150ms
150ms Other
image/vnd.microsoft.icon 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://commerce.health.state.ny.us/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html

Response headers

X-Backside-Transport: OK OK
Content-Encoding: gzip
ETag: "37e-465dc9089c0c0"
Expires: -1
Date: Wed, 11 Dec 2024 14:10:06 GMT
Content-Type: image/vnd.microsoft.icon
Last-Modified: Tue, 24 Mar 2009 12:31:39 GMT
Host: hcs-host
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors 'self';
Cache-Control: max-age=0, no-cache, no-store
X-Global-Transaction-ID: d6bbb37167599d3e9d7964a1
Pragma: no-cache
Connection: keep-alive
Server: HCS

GET
H/1.1 200
OK ruxitagentjs_A7NVfghqrtux_10303241106123517.js Show response
hcsauth.health.ny.gov/public/ 0
411 B 149ms
146ms Script
text/plain 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/public/ruxitagentjs_A7NVfghqrtux_10303241106123517.js

Requested by

Host: hcsauth.health.ny.gov
URL: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

Transfer-Encoding: chunked
X-Backside-Transport: FAIL FAIL
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b896ff
Content-Encoding: gzip
Connection: keep-alive
Date: Wed, 11 Dec 2024 14:10:07 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/

GET
H/1.1 200 bootstrap.min.css
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/ 119 KB
20 KB 320ms
170ms Stylesheet
text/css 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/bootstrap.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 31c3e0d4-0d16-4e09-a11f-739e287ad58b
Content-Encoding: gzip
ETag: W/"121457-1709849287000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="-1696771022", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: text/css
Host: hcs-host
vary: accept-encoding
Last-Modified: Thu, 07 Mar 2024 22:08:07 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f9d798c51
Connection: keep-alive
Server: HCS

GET
H/1.1 200 bootstrap-icons.css
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/ 59 KB
9 KB 430ms
171ms Stylesheet
text/css 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/bootstrap-icons.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

32cc4a47b370e278072a6440249872e681efa1d992600420c03a9631da885d70

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 43eee5e1-fa6d-461e-aa97-9324109bd533
Content-Encoding: gzip
ETag: W/"60859-1714104811000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="460432109", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: text/css
Host: hcs-host
vary: accept-encoding
Last-Modified: Fri, 26 Apr 2024 04:13:31 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3fa31d6c5d
Connection: keep-alive
Server: HCS

GET
H/1.1 200 hcs_hhs_style.css
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/ 32 KB
7 KB 438ms
178ms Stylesheet
text/css 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

73eb2978f157a1e4a7d3c5127707f6a59d652ba612ea9c7487e9a9409586cddd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: f21e7d2d-f50e-4342-b892-625c48a49507
Content-Encoding: gzip
ETag: W/"32357-1731990116000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="966374983", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: text/css
Host: hcs-host
vary: accept-encoding
Last-Modified: Tue, 19 Nov 2024 04:21:56 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b8855f
Connection: keep-alive
Server: HCS

GET
H/1.1 200 ua-parser.min.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 10 KB
5 KB 431ms
171ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ua-parser.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

5583858f93e086cae423aca0dcff6e69c276c687435d36b4b93653cfc16d4789

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 4bd86070-cf7d-4e71-af6b-31c468ee1baf
Content-Encoding: gzip
ETag: W/"10663-1573573344000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="-1068392737", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
vary: accept-encoding
Last-Modified: Tue, 12 Nov 2019 15:42:24 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b8993f
Connection: keep-alive
Server: HCS

GET
H/1.1 200 jquery-3.3.1.min.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 85 KB
31 KB 432ms
172ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/jquery-3.3.1.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 82dc9f28-96f0-4cca-b082-fac554912b0b
Content-Encoding: gzip
ETag: W/"86927-1573573344000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="592859462", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
vary: accept-encoding
Last-Modified: Tue, 12 Nov 2019 15:42:24 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b893df
Connection: keep-alive
Server: HCS

GET
H/1.1 200 bootstrap.min.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 39 KB
12 KB 433ms
173ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/bootstrap.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 4d7bfac4-fc27-4747-95ad-65463d8b011f
Content-Encoding: gzip
ETag: W/"39680-1709849287000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="884014868", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
vary: accept-encoding
Last-Modified: Thu, 07 Mar 2024 22:08:07 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b8999f
Connection: keep-alive
Server: HCS

GET
H/1.1 200 jquery-1.16.0.validate.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 47 KB
13 KB 494ms
170ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/jquery-1.16.0.validate.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

69dfa0c82812565efd3231b2e5b6015fe36616291d5915ff402ad5e2ef6ce4fb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 8e896853-b41e-4605-984c-2494687127df
Content-Encoding: gzip
ETag: W/"47690-1573573344000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="97073710", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
vary: accept-encoding
Last-Modified: Tue, 12 Nov 2019 15:42:24 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3fa31d6ead
Connection: keep-alive
Server: HCS

GET
H/1.1 200 jquery.capsChecker.min.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 875 B
1 KB 605ms
172ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/jquery.capsChecker.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

39da245829690e52d80b6ec61e9287dc4f3b50f3f3631a235b2813bcd897f990

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 2274ecd9-0984-4d53-9461-212086b9d0e6
Content-Encoding: gzip
ETag: W/"875-1573573344000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="-484097592", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
Last-Modified: Tue, 12 Nov 2019 15:42:24 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3fa31d6f6d
Connection: keep-alive
Server: HCS

GET
H/1.1 200 hcsCompatible.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 20 KB
5 KB 607ms
169ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/hcsCompatible.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

855cbaac4b7ac75db8469429a7ba61dc963328f1e8456c8898c03595b08fe02d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 784c4f77-5691-475f-ab46-cb3d13989128
Content-Encoding: gzip
ETag: W/"20908-1732033616000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="206883632", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
vary: accept-encoding
Last-Modified: Tue, 19 Nov 2024 16:26:56 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b88f3f
Connection: keep-alive
Server: HCS

GET
H/1.1 200 hcsPolicy_2.js Show response
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/ 6 KB
3 KB 684ms
177ms Script
application/javascript 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/hcsPolicy_2.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

95fc62b57647a7e8f77e4287794f7df68ed74037c51995707901aecb44dbeed5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 4b36d2bb-147c-4494-a90a-293656dd88a5
Content-Encoding: gzip
ETag: W/"5938-1712964907000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="1181270420", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:07 GMT
Content-Type: application/javascript
Host: hcs-host
vary: accept-encoding
Last-Modified: Fri, 12 Apr 2024 23:35:07 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d3f02b8a2df
Connection: keep-alive
Server: HCS

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 300 KB
103 KB 469ms
183ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-TRGEV3GTJ1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b1420c026be6b521f0f214a68067581eb82bdf5c08487c4804578f13006e2d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Wed, 11 Dec 2024 14:10:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 104598
x-xss-protection: 0
server: Google Tag Manager

GET
H2

200

unav-bundle.js Show response
static-assets.ny.gov/unav/js/
Redirect Chain

https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js
https://static-assets.ny.gov/unav/js/unav-bundle.js

130 KB
42 KB

90ms
89ms

Script
application/javascript

2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/unav/js/unav-bundle.js

Requested by

Protocol

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

73a2798d34b029418ba81f7bf6538e568398d3dad3333c99057d05c7517b6e9e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"57aea27b7ca24d9b2565ccc0ed4ef2aa"
age: 1042
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pHhLBcdtc3kF3Kh1wPNyJrgZYTMJAgyt8HLUzQ4n195gK2Wh%2FgK4IphGkNV5rJc3%2B8wes94GYOafDxXcz%2BTlFTEoXBt4H4Pk4UofCE%2Fu6izYylZk8b0HPPrTI1QDaOyYVsSsP4mA0oTTlPpZSKp7VeE%2BKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e726943f20a-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: application/javascript
vary: Accept-Encoding
server: cloudflare

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /unav/js/unav-bundle.js
cf-cache-status: HIT
age: 710
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WMOyQpRjsnFdcAk%2FaQzGHRY1pQYNnWo48MzRjY9godJxgBjaywpTm7DIzofuoWN3dV%2BXjjjPTdE11bQgFLwR5EkhIaftqET9LdamE1Z9WS9CiZKTBTaTqkabELh%2Bi6rR9%2FlFPcmjxw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e71cfd9f20a-LAX
access-control-allow-origin: *
content-length: 38
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H/1.1 200 hcsLockup-web.png
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/images/logo/ 5 KB
6 KB 172ms
171ms Image
image/png 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/images/logo/hcsLockup-web.png

Requested by

Host: hcsauth.health.ny.gov
URL: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

f842f5a14be0574af9306fa5d25905090c2910d2bb918d580111ee8c8505fa3b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 67937547-e9d2-4b91-8316-1f20a9225a71
Content-Encoding: gzip
ETag: W/"5133-1573573344000"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="109280515", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:08 GMT
Content-Type: image/png
Host: hcs-host
Last-Modified: Tue, 12 Nov 2019 15:42:24 GMT
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
X-Global-Transaction-ID: d6bbb37167599d400d28a185
Connection: keep-alive
Server: HCS

GET
H/1.1 200 bootstrap-icons.woff
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/fonts/ 104 KB
103 KB 175ms
174ms Font
text/plain 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/fonts/bootstrap-icons.woff?4601c71fb26c9277391ec80789bfde9c

Requested by

Host: hcsauth.health.ny.gov
URL: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/bootstrap-icons.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

3b57f5c9b338f4e143e2fd2d286e9e4e10b1fe4e389037a200bfa35b29cedceb

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hcsauth.health.ny.gov
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/bootstrap-icons.css

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: ac5dfbe3-6ec6-4783-ab89-4b7de5023fa0
Content-Encoding: gzip
ETag: W/"106812-1714106012000:dtagent10303241106123517wEts"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="-119828024", dtTao;desc="1", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:08 GMT
Last-Modified: Fri, 26 Apr 2024 04:33:31 GMT
Host: hcs-host
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
Timing-Allow-Origin: *
X-Global-Transaction-ID: d6bbb37167599d4002b8a2cf
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Server: HCS

GET
H/1.1 200 proximanova-bold.woff2
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/fonts/proximanova/ 66 KB
67 KB 169ms
168ms Font
text/plain 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/fonts/proximanova/proximanova-bold.woff2

Requested by

Host: hcsauth.health.ny.gov
URL: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

5511a1f4edd5fb347914bfe88614a4fb593f697c291e8697347349f0cc0be07c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hcsauth.health.ny.gov
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 058e422f-e5ce-4490-a0e9-550cfae95217
Content-Encoding: gzip
ETag: W/"67320-1573573344000:dtagent10303241106123517wEts"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="-1929470739", dtTao;desc="1", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:08 GMT
Last-Modified: Tue, 12 Nov 2019 15:42:23 GMT
Host: hcs-host
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
Timing-Allow-Origin: *
X-Global-Transaction-ID: d6bbb37167599d4002b8c3ff
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Server: HCS

GET
H/1.1 200 proximanova-regular.woff2
hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/fonts/proximanova/ 67 KB
68 KB 173ms
172ms Font
text/plain 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/fonts/proximanova/proximanova-regular.woff2

Requested by

Host: hcsauth.health.ny.gov
URL: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

49d016089a67dcb52211f4ada60c743b801cd29053ebe57dfe0cb318fa614413

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hcsauth.health.ny.gov
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/css/hcs_hhs_style.css?_=202411818

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: 164b8f52-809f-4c1a-8f2b-8b6dfa9067bd
Content-Encoding: gzip
ETag: W/"68133-1573573344000:dtagent10303241106123517wEts"
X-Content-Type-Options: nosniff
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="634471556", dtTao;desc="1", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:08 GMT
Last-Modified: Tue, 12 Nov 2019 15:42:23 GMT
Host: hcs-host
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
Timing-Allow-Origin: *
X-Global-Transaction-ID: d6bbb37167599d4002b8b72f
Connection: keep-alive
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Server: HCS

GET
H2 200 unav-styles.min.css
static-assets.ny.gov/unav/css/ 67 KB
9 KB 86ms
86ms Stylesheet
text/css 2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/unav/css/unav-styles.min.css

Requested by

Host: static-assets.ny.gov
URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

69ad833a80b4a129d8e22ff84f6b3afabcab615d76761895b2820dfe38815805

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1cd6af60cff6c6ce110bc5229ee03d2d"
age: 6916
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mtruViS4X%2BigZV7xaQFJLiyh58nJCyj4F7wjIzP8GBylUFghGl5H2X0cEfJRIm3xHaMd%2B5648vAP4q5sH%2FUtkwLxHsmlcGE6ywBwiW82h9h0sj%2BB723B9B4Mg42Ytpd7T0xpCZKiZFDIv2ApTU3lI9svXg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e730b67f20a-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: text/css; charset=utf-8
vary: Accept-Encoding
server: cloudflare

GET
H2

200

header Show response
static-assets.ny.gov/unav/load/
Redirect Chain

https://static-assets.ny.gov/unav/load/header.html
https://static-assets.ny.gov/unav/load/header

41 KB
11 KB

90ms
89ms

XHR
text/html

2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/unav/load/header

Requested by

Protocol

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4d5b1e37f1770186e58e27b4683723f31c07e58e5f685eb69caaa5e900752202

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
age: 535
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gy8pxH1Fhxz%2BjD4q31c1oqWZCapuiXW8eCZBWursYV102PIoCLUU4WUyJVKYTtmArsliVTipzfwfA36WcrlgJsTdobSLW3h0CxR8m%2B8RAkFWyk7L6QOP0ukXMh%2BAkXaV5JXAcU%2F6XA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e750a1b2b7e-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
last-modified: Wed, 11 Dec 2024 14:01:13 GMT

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /unav/load/header
cf-cache-status: HIT
age: 5429
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3wfVYes5bcmJ4UkGHUvNxl9%2BS6lAfpc%2F6Td38cF9j4j0fcM%2BTs9otuVil0%2FkFdnZidHA5c7caK3IInC1oIdrTRNuTsQ1wWcaNSdElPqzetqZjQ%2BrhDwmeQjSF9qn9TSE6GDaIxk3kQ%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e74091b2b7e-LAX
access-control-allow-origin: *
content-length: 0
date: Wed, 11 Dec 2024 14:10:08 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2

200

footer Show response
static-assets.ny.gov/unav/load/
Redirect Chain

https://static-assets.ny.gov/unav/load/footer.html
https://static-assets.ny.gov/unav/load/footer

22 KB
8 KB

104ms
103ms

XHR
text/html

2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/unav/load/footer

Requested by

Protocol

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b215228485eff02c1758e1bf31130ced225c4866a639856104d79404a466656a

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
age: 4450
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=z0Im2DdbUMCuGZQHvFYKojKp9c1GqP7TcISGWCENe2jDolLimzOJcSP2sU3Y1qXX0YUAjHkyd2Hk2lB%2BG7G2%2BibJ8sgKfjn6iI%2F2Kyab8aWGW%2FCt8PNxRN5v8D3t9b1gmcz66npbuw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e7499a72b7e-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
last-modified: Wed, 11 Dec 2024 12:55:58 GMT

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /unav/load/footer
cf-cache-status: HIT
age: 2339
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WUK8nyEzGw5eP%2Fsfh4RljuqlEqu%2Fv%2Bf6qK0%2FNas8tJTra6WrHnvu2FCENgDpr3V3KDUbEaW700BkyPY1ankihgAusYwzv8f8pOtpDcau1mRQYP%2Br9IikZYc3ChCQbE98%2B4BWU5wgSA%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e74091f2b7e-LAX
access-control-allow-origin: *
content-length: 0
date: Wed, 11 Dec 2024 14:10:08 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2

200

gtm Show response
static-assets.ny.gov/unav/load/
Redirect Chain

https://static-assets.ny.gov/unav/load/gtm.html
https://static-assets.ny.gov/unav/load/gtm

623 B
736 B

94ms
94ms

XHR
text/html

2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/unav/load/gtm

Requested by

Protocol

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b71afc64f39fcfe66c8f3fc5c5f8b67e04132bc6ab4f0b9ffcbfacf31b040c71

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
age: 6249
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0%2FvrP4VSDec1MKlmFQxtpfvbEL7IfcpgDw4ujmELlqs4NU0beijXh4h02J7ub6XgnoOQxDXqizZh5edskpYgUo4oPAe3u03J9n6f9F1BhDgWUv7lBc3eTv%2BkIjgbbre3CrXOUngvaw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e750a1e2b7e-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: text/html; charset=utf-8
vary: Accept-Encoding
server: cloudflare
last-modified: Wed, 11 Dec 2024 12:25:59 GMT

Redirect headers

nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
location: /unav/load/gtm
cf-cache-status: HIT
age: 1149
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGzStUWeSGTJrlL1Bqrzec0yf8YTfcgS8N6DkZalPqIIHCcI4CxgkHdeURUeUTdB33T3fgCfuSp%2BIWeR1PNfXLA1BtWD1rKCNf2NYjFYUtcomgoKrYEs1Y7eDMJ97aetrZwk%2BdCjMw%3D%3D"}],"group":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e74091e2b7e-LAX
access-control-allow-origin: *
content-length: 0
date: Wed, 11 Dec 2024 14:10:08 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 ProximaNova-Xbold-webfont.woff
static-assets.ny.gov/assets/fonts/ 64 KB
65 KB 141ms
89ms Font
font/woff 2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/assets/fonts/ProximaNova-Xbold-webfont.woff

Requested by

Host: static-assets.ny.gov
URL: https://static-assets.ny.gov/unav/css/unav-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2b42bfe485ae7b8f881f7e528464ac82951aec4abdd18b40b70f3ced4cb3ad27

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hcsauth.health.ny.gov
Referer: https://static-assets.ny.gov/unav/css/unav-styles.min.css

Response headers

cf-cache-status: HIT
etag: "d13450c8a678a9816bba733ee6a38d26"
age: 3495
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s4EdSh0U6U1fnkEdX33U89oW%2FMNxn1fP0ln7nYVt0JIYc%2Bjo3PxYBInq1DReb7%2FIjHmUucAF7w927elspyoLX9cEsNJi1dmZiG7fIGM%2FLIG3tUZb%2BL6E%2FiLaic4zFIk9olD0trleLg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: font/woff
vary: Accept-Encoding
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e7409192b7e-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 66016
server: cloudflare

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 562ms
274ms Fetch
text/plain 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-TRGEV3GTJ1&gtm=45je4ca0v883628973za200&_p=1733926208067&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=1747312315.1733926209&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733926208&sct=1&seg=0&dl=https%3A%2F%2Fhcsauth.health.ny.gov%2Fauthenticationendpoint%2Flogin.do%3FRelayState%3D%25252Fhcs%25252Findex.html%26commonAuthCallerPath%3D%252Fsamlsso%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D875e59f0-039c-48e2-b9fd-a4349fc78dc7%26relyingParty%3Dhcs%26type%3Dsamlsso%26sp%3Dhcs%26isSaaSApp%3Dfalse%26authenticators%3DHCSCustomAuthenticator%253ALOCAL&dr=https%3A%2F%2Fcommerce.health.state.ny.us%2F&dt=Log%20on%20to%20the%20Health%20Commerce%20System&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2272
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TRGEV3GTJ1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://hcsauth.health.ny.gov
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 14:10:09 GMT
content-type: text/plain
server: Golfe2

GET
H/1.1 200 logincontext Show response
hcsauth.health.ny.gov/ 20 B
963 B 178ms
178ms XHR
application/json 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/logincontext?sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&application=hcs&authenticators=HCSCustomAuthenticator%3ALOCAL&tenantDomain=carbon.super&_=1733926207950

Requested by

Host: hcsauth.health.ny.gov
URL: https://hcsauth.health.ny.gov/authenticationendpoint/health/resp/includes/js/jquery-3.3.1.min.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors https://commerce.health.state.ny.us;
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://commerce.health.state.ny.us/

Request headers

Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: */*

Response headers

X-Backside-Transport: OK OK
X-WSO2-TraceId: c7fb3ea4-2911-41bd-88b3-12467afbf655
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Expires: -1
X-OneAgent-JS-Injection: true
Server-Timing: dtRpid;desc="-1433276600", dtSInfo;desc="0"
Date: Wed, 11 Dec 2024 14:10:08 GMT
Content-Type: application/json;charset=UTF-8
Host: hcs-host
X-Frame-Options: ALLOW-FROM https://commerce.health.state.ny.us/
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors https://commerce.health.state.ny.us;
Cache-Control: max-age=0, no-cache, no-store
X-Global-Transaction-ID: d6bbb37167599d409d799011
Pragma: no-cache
Connection: keep-alive
Server: HCS

GET
H2 200 ProximaNova-Reg-webfont.woff
static-assets.ny.gov/assets/fonts/ 76 KB
76 KB 90ms
89ms Font
font/woff 2606:4700::6812:bca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static-assets.ny.gov/assets/fonts/ProximaNova-Reg-webfont.woff

Requested by

Host: static-assets.ny.gov
URL: https://static-assets.ny.gov/unav/css/unav-styles.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83b44a805ca9a932cf2634ab1904c4061df24230353913296c15adca0cf429fb

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://hcsauth.health.ny.gov
Referer: https://static-assets.ny.gov/unav/css/unav-styles.min.css

Response headers

cf-cache-status: HIT
etag: "c1e31d244618fe937812a0ca1a5ce911"
age: 3495
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=b2wlAiB4%2B0Xwcds8gAyikPtqt8pg%2Bjo0Irfxe%2FlcV7WJTmwPBUe0B51sW2vp%2Fi9niNvg1rnvpUB9t66wDRubGOzRCN6WiOcXPUiMPz%2FMzP1EWMPTH6l53wOj60fcjTgx62GyMnamXA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: font/woff
vary: Accept-Encoding
cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e759aa92b7e-LAX
accept-ranges: bytes
access-control-allow-origin: *
content-length: 77756
server: cloudflare

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 540ms
274ms Fetch
text/plain 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-TRGEV3GTJ1&gtm=45je4ca0v883628973za200&_p=1733926208067&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485&cid=1747312315.1733926209&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AAAC&_s=2&sid=1733926208&sct=1&seg=1&dl=https%3A%2F%2Fhcsauth.health.ny.gov%2Fauthenticationendpoint%2Flogin.do%3FRelayState%3D%25252Fhcs%25252Findex.html%26commonAuthCallerPath%3D%252Fsamlsso%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D875e59f0-039c-48e2-b9fd-a4349fc78dc7%26relyingParty%3Dhcs%26type%3Dsamlsso%26sp%3Dhcs%26isSaaSApp%3Dfalse%26authenticators%3DHCSCustomAuthenticator%253ALOCAL&dr=https%3A%2F%2Fcommerce.health.state.ny.us%2F&dt=Log%20on%20to%20the%20Health%20Commerce%20System&en=page_view&_ee=1&_et=4&tfd=2295
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-TRGEV3GTJ1
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://hcsauth.health.ny.gov
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 14:10:09 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 256 KB
89 KB 170ms
169ms Script
application/javascript 2607:f8b0:4006:81d::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T4FP6H

Requested by

Host: commerce.health.state.ny.us
URL: https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81d::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

da671706343dbf38c8f7f9986f3ae9b51d643356a0216c19a611cd1f96cd9bd1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Wed, 11 Dec 2024 14:10:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 14:10:08 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Wed, 11 Dec 2024 12:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 90579
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 alerts.json Show response
alerts-cta.static-assets.ny.gov/ 681 B
708 B 263ms
92ms Fetch
application/json 2606:4700::6812:aca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://alerts-cta.static-assets.ny.gov/alerts.json

Requested by

Host: static-assets.ny.gov
URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8300dc71c98a8eb5d6eb0c453c4150efabf4b8d6e5a1fe55fe27ecc144449e50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"d5bd0400eaa447f69d4839e9b2d29f82"
age: 5952
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=upNPIAlJ1OeqNSC4P%2B4fs%2BuijRcF0uPZpDRYKVq8zJOrYkZcARX4CcCcnybc7xdVLqZoa%2FEgbuTgC4M97PY%2BsbaLM%2B5j%2BJB9K2lSLnIWLcyGcugoUsMSHEJN2xLbmhl48J3g4l%2BBLAidsWHgRKH2IP77"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e76cc480fdb-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:09 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare

GET
H2 200 cta.json Show response
alerts-cta.static-assets.ny.gov/ 286 B
753 B 262ms
91ms Fetch
application/json 2606:4700::6812:aca
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://alerts-cta.static-assets.ny.gov/cta.json

Requested by

Host: static-assets.ny.gov
URL: https://static-assets.ny.gov/sites/all/widgets/universal-navigation/js/dist/global-nav-bundle.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:aca , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b43335ce309fe88e51a97b38751d03b34ffd8dd8900fe8e38e6c09a93f478c32

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

cache-control: public, max-age=0, must-revalidate
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: gzip
cf-cache-status: HIT
etag: W/"ff883a2f9c281c030c9422c0f6d86420"
age: 3539
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxWUU4RbiCadzcihrjxjrZ6RsTzqB5BV6QqhZkuEl1Qno6VZeXRhJy1IWEBV6%2F6wQxd4IU0ZDsnY4GXgTq5cGg%2Fj0e1zYbLV0e01lDkYOhUimL9VO55Zn%2BHF4O7BJCTXv4rf2%2Ba0%2FMGKmsABgU3sYHHS"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
cf-ray: 8f060e76cc4b0fdb-LAX
access-control-allow-origin: *
date: Wed, 11 Dec 2024 14:10:09 GMT
content-type: application/json
vary: Accept-Encoding
server: cloudflare

GET
H/1.1 200
OK favicon.ico
hcsauth.health.ny.gov/ 894 B
1 KB 155ms
155ms Other
image/vnd.microsoft.icon 54.83.180.32
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://hcsauth.health.ny.gov/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

54.83.180.32 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-83-180-32.compute-1.amazonaws.com

Software

HCS /

Resource Hash

11f7519914318c1ea511aab5eb611f0bcaee82b2bc5abdff941da09a7215bfe5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL

Response headers

X-Backside-Transport: OK OK
Content-Encoding: gzip
ETag: "37e-465dc9089c0c0"
Expires: -1
Date: Wed, 11 Dec 2024 14:10:08 GMT
Content-Type: image/vnd.microsoft.icon
Last-Modified: Tue, 24 Mar 2009 12:31:39 GMT
Host: hcs-host
X-Frame-Options: SAMEORIGIN
Transfer-Encoding: chunked
Strict-Transport-Security: max-age=31536000
Content-Security-Policy: frame-ancestors 'self';
Cache-Control: max-age=0, no-cache, no-store
X-Global-Transaction-ID: d6bbb37167599d40a31d817d
Pragma: no-cache
Connection: keep-alive
Server: HCS

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 139ms
138ms Script
text/javascript 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T4FP6H

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

content-encoding: gzip
age: 5788
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options: nosniff
expires: Wed, 11 Dec 2024 14:33:41 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 12:33:41 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
content-type: text/javascript
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 20994
server: Golfe2

GET
H3 200 siteanalyze_6294241.js Show response
siteimproveanalytics.com/js/ 38 KB
12 KB 172ms
85ms Script
application/javascript 172.67.163.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6294241.js
Requested by: Host: commerce.health.state.ny.us
URL: https://commerce.health.state.ny.us/relogin?dest=/hcs/index.html
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.163.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52ef59fff6a2a07f93618ae9d92ed64d465c7c970b31f1aad079da7bc427a365

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: "378440e693cc73d766ebc059b1c32b60"
age: 977
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lPz19SXsmJGBcZYAvQ5I6GnG0B6jg9cbFC3xxkf9J4IDoXdynccNUsUV92QhNoNXdFwugZ3L9jrRz9aieMk3q%2BKxKm7%2FrKxPyP9eTVg0MHJvHoK3nh0KPHx3TmSmhzhINXjucqbLg7cji04%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfL4;desc="?proto=QUIC&rtt=70998&min_rtt=70872&rtt_var=26667&sent=11&recv=7&lost=0&retrans=0&sent_bytes=4146&recv_bytes=4250&delivery_rate=43877&cwnd=12000&unsent_bytes=0&cid=b6ef6ce098f4f136&ts=95&x=1", cfExtPri, cfHdrFlush;dur=0
date: Wed, 11 Dec 2024 14:10:09 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 14 Nov 2024 13:02:01 GMT
vary: Accept-Encoding
priority: u=3,i=?0
x-amz-id-2: xnhYmKvCSaxjq9lOoL4REKn3bCGb6pTKq3xq0NPYxAMhP2P91z/uiLipJ1LvKS7vuQczvrcuCy8=
cache-control: max-age=86400, no-transform
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: V0WMTA884EP0T36K
cf-ray: 8f060e77fd4d2b60-LAX
accept-ranges: bytes
content-length: 11731
server: cloudflare

POST
H2 200 collect Show response
www.google-analytics.com/j/ 3 B
306 B 153ms
152ms XHR
text/plain 2607:f8b0:4006:80b::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=534859902&t=pageview&_s=1&dl=https%3A%2F%2Fhcsauth.health.ny.gov%2Fauthenticationendpoint%2Flogin.do%3FRelayState%3D%25252Fhcs%25252Findex.html%26commonAuthCallerPath%3D%252Fsamlsso%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D875e59f0-039c-48e2-b9fd-a4349fc78dc7%26relyingParty%3Dhcs%26type%3Dsamlsso%26sp%3Dhcs%26isSaaSApp%3Dfalse%26authenticators%3DHCSCustomAuthenticator%253ALOCAL&dr=https%3A%2F%2Fcommerce.health.state.ny.us%2F&ul=en-us&de=UTF-8&dt=Log%20on%20to%20the%20Health%20Commerce%20System&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=611976596&gjid=2125902473&cid=1747312315.1733926209&tid=UA-46452137-3&_gid=2070098929.1733926209&_r=1&_slc=1&gtm=45He4ca0n71T4FP6Hv6757970za200&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485&z=1408414378

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://hcsauth.health.ny.gov/

Response headers

report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 11 Dec 2024 14:10:09 GMT
last-modified: Sun, 17 May 1998 03:00:00 GMT
content-type: text/plain
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin: https://hcsauth.health.ny.gov
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 3
server: Golfe2

GET
H2 200 image.aspx
6294241.global.r2.siteimproveanalytics.io/ 34 B
149 B 426ms
126ms Image
image/gif 3.129.32.16
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6294241.global.r2.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fhcsauth.health.ny.gov%2Fauthenticationendpoint%2Flogin.do%3FRelayState%3D%25252Fhcs%25252Findex.html%26commonAuthCallerPath%3D%252Fsamlsso%26forceAuth%3Dfalse%26passiveAuth%3Dfalse%26tenantDomain%3Dcarbon.super%26sessionDataKey%3D875e59f0-039c-48e2-b9fd-a4349fc78dc7%26relyingParty%3Dhcs%26type%3Dsamlsso%26sp%3Dhcs%26isSaaSApp%3Dfalse%26authenticators%3DHCSCustomAuthenticator%253ALOCAL&ref=https%3A%2F%2Fcommerce.health.state.ny.us%2F&title=Log%20on%20to%20the%20Health%20Commerce%20System&res=1600x1200&accountid=6294241&rt=2874&prev=0513f854-2151-5426-f378-5c0b04338f36&luid=eeb9c213-bc9b-4a5f-72a7-555399dd51dd&rnd=4391
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.129.32.16 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-129-32-16.us-east-2.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://hcsauth.health.ny.gov/

Response headers

expires: Wed, 11 Dec 2024 14:10:09 UTC
cache-control: max-age=0
content-length: 34
date: Wed, 11 Dec 2024 14:10:09 GMT
content-type: image/gif

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

13 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
hcsauth.health.ny.gov/authenticationendpoint	1969-12-31 23:59:59	Name: JSESSIONID Value: 2D8DE76B93DE971C56FC9508F21F800D22ED52C47D75CE4FA49595FEFB3A79ADEB002D35CE3E9363365548D1A5292D06093AA998BF21F883D6A761C19845618511DE81CED0527FB071F9E6CA0692E349CE1A38EE512CE1C65BD4B6F3F71327DE3B9E73B37C96294E4141AD8B25D3E2234230137F7A94A9F0908304BE6BA248D7
hcsauth.health.ny.gov/	1970-01-21 01:38:49	Name: sessionNonceCookie-875e59f0-039c-48e2-b9fd-a4349fc78dc7 Value: 73b7f395-75d0-4d91-a742-152be51078f8
hcsauth.health.ny.gov/	1969-12-31 23:59:59	Name: KempActive Value: 3502528522.1.3776764240.3206750720
.ny.gov/	1969-12-31 23:59:59	Name: dtCookie Value: v_4_srv_-2D66_sn_89FDT0CDPAEDCUEN4ARBHVF11VI22I38
.ny.gov/	1970-01-21 11:14:46	Name: rxVisitor Value: 1733926207374FTGNVN8IEEDSG5I8BM6CD8NDNR9US7RJ
.ny.gov/	1969-12-31 23:59:59	Name: rxvt Value: 1733928007375\|1733926207375
.ny.gov/	1969-12-31 23:59:59	Name: dtPC Value: -66$526207370_741h1vBIHUVGQBHOUNUMCRUHVMHLALQPRPTRWP-0e0
.ny.gov/	1970-01-21 11:14:46	Name: _ga Value: GA1.1.1747312315.1733926209
.ny.gov/	1970-01-21 11:14:46	Name: _ga_TRGEV3GTJ1 Value: GS1.1.1733926208.1.1.1733926208.0.0.0
.hcsauth.health.ny.gov/	1970-01-21 11:14:46	Name: _ga Value: GA1.4.1747312315.1733926209
.hcsauth.health.ny.gov/	1970-01-21 01:40:12	Name: _gid Value: GA1.4.2070098929.1733926209
.hcsauth.health.ny.gov/	1970-01-21 01:38:46	Name: _gat_UA-46452137-3 Value: 1
.ny.gov/	1970-01-21 11:14:46	Name: nmstat Value: 0513f854-2151-5426-f378-5c0b04338f36

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
recommendation	verbose	URL: https://hcsauth.health.ny.gov/authenticationendpoint/login.do?RelayState=%252Fhcs%252Findex.html&commonAuthCallerPath=%2Fsamlsso&forceAuth=false&passiveAuth=false&tenantDomain=carbon.super&sessionDataKey=875e59f0-039c-48e2-b9fd-a4349fc78dc7&relyingParty=hcs&type=samlsso&sp=hcs&isSaaSApp=false&authenticators=HCSCustomAuthenticator%3ALOCAL Message: [DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self';
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6294241.global.r2.siteimproveanalytics.io
alerts-cta.static-assets.ny.gov
commerce.health.state.ny.us
hcsauth.health.ny.gov
siteimproveanalytics.com
static-assets.ny.gov
www.google-analytics.com
www.googletagmanager.com
172.67.163.237
2606:4700::6812:aca
2606:4700::6812:bca
2607:f8b0:4006:80b::200e
2607:f8b0:4006:81d::2008
3.129.32.16
54.83.180.32
11f7519914318c1ea511aab5eb611f0bcaee82b2bc5abdff941da09a7215bfe5
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
2b42bfe485ae7b8f881f7e528464ac82951aec4abdd18b40b70f3ced4cb3ad27
32cc4a47b370e278072a6440249872e681efa1d992600420c03a9631da885d70
36f130a58367bf43a65280c92952a0db1bd35696f1bb8c115b89daea9c971b22
39da245829690e52d80b6ec61e9287dc4f3b50f3f3631a235b2813bcd897f990
3b57f5c9b338f4e143e2fd2d286e9e4e10b1fe4e389037a200bfa35b29cedceb
49d016089a67dcb52211f4ada60c743b801cd29053ebe57dfe0cb318fa614413
4d5b1e37f1770186e58e27b4683723f31c07e58e5f685eb69caaa5e900752202
52ef59fff6a2a07f93618ae9d92ed64d465c7c970b31f1aad079da7bc427a365
5511a1f4edd5fb347914bfe88614a4fb593f697c291e8697347349f0cc0be07c
5583858f93e086cae423aca0dcff6e69c276c687435d36b4b93653cfc16d4789
5b1420c026be6b521f0f214a68067581eb82bdf5c08487c4804578f13006e2d8
69ad833a80b4a129d8e22ff84f6b3afabcab615d76761895b2820dfe38815805
69dfa0c82812565efd3231b2e5b6015fe36616291d5915ff402ad5e2ef6ce4fb
6d92dfc1700fd38cd130ad818e23bc8aef697f815b2ea5face2b5dfad22f2e11
73a2798d34b029418ba81f7bf6538e568398d3dad3333c99057d05c7517b6e9e
73eb2978f157a1e4a7d3c5127707f6a59d652ba612ea9c7487e9a9409586cddd
8300dc71c98a8eb5d6eb0c453c4150efabf4b8d6e5a1fe55fe27ecc144449e50
83b44a805ca9a932cf2634ab1904c4061df24230353913296c15adca0cf429fb
855cbaac4b7ac75db8469429a7ba61dc963328f1e8456c8898c03595b08fe02d
912d0c07da7bdb22cdae025b96da26d01523aaab7362edb28544e3949deb369d
95fc62b57647a7e8f77e4287794f7df68ed74037c51995707901aecb44dbeed5
9ee2fcff6709e4d0d24b09ca0fc56aade12b4961ed9c43fd13b03248bfb57afe
b215228485eff02c1758e1bf31130ced225c4866a639856104d79404a466656a
b43335ce309fe88e51a97b38751d03b34ffd8dd8900fe8e38e6c09a93f478c32
b71afc64f39fcfe66c8f3fc5c5f8b67e04132bc6ab4f0b9ffcbfacf31b040c71
d19bb15c193e611fff30d8cd041f9a89ccd5aeedb471c85cdb7627cdbdc45c92
da671706343dbf38c8f7f9986f3ae9b51d643356a0216c19a611cd1f96cd9bd1
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f842f5a14be0574af9306fa5d25905090c2910d2bb918d580111ee8c8505fa3b

hcsauth.health.ny.gov Open in urlscan Pro 54.83.180.32 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

37 Requests

89 %HTTPS

57 %IPv6

6 Domains

8 Subdomains

7 IPs

1 Countries

822 kBTransfer

1784 kBSize

13 Cookies

9 Outgoing links

Page URL History

Redirected requests

37 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

hcsauth.health.ny.gov Open in urlscan Pro
54.83.180.32 Public Scan

Screenshot
Live screenshot

Full Image

37
Requests

89 %
HTTPS

57 %
IPv6

6
Domains

8
Subdomains

7
IPs

1
Countries

822 kB
Transfer

1784 kB
Size

13
Cookies

37 HTTP transactions
0 data transactions