Submitted URL: https://hrportal.ehr.com/northside-hospital
Effective URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Submission: On February 15 via manual from US — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 20.75.107.49, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is northsideportal.ehr.com.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on November 14th 2022. Valid for: a year.
This is the only time northsideportal.ehr.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 3 158.82.144.42 40196 (WILLISNOR...)
9 20.75.107.49 8075 (MICROSOFT...)
12 3
Apex Domain
Subdomains
Transfer
12 ehr.com
hrportal.ehr.com — Cisco Umbrella Rank: 91045
northsideportal.ehr.com
503 KB
12 1
Domain Requested by
9 northsideportal.ehr.com northsideportal.ehr.com
3 hrportal.ehr.com 2 redirects
12 2

This site contains no links.

Subject Issuer Validity Valid
hrportal.ehr.com
GlobalSign RSA OV SSL CA 2018
2022-11-07 -
2023-12-09
a year crt.sh
northsideportal.ehr.com
GlobalSign RSA OV SSL CA 2018
2022-11-14 -
2023-12-16
a year crt.sh

This page contains 1 frames:

Primary Page: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Frame ID: 987E419B1C27CA41E610DF2158616793
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Northside Hospital

Page URL History Show full URLs

  1. https://hrportal.ehr.com/northside-hospital HTTP 302
    https://hrportal.ehr.com/northside-hospital/qa3?returnurl=%2fnorthside-hospital HTTP 302
    https://hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/?target=S... Page URL
  2. https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

83 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

3
IPs

1
Countries

499 kB
Transfer

565 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://hrportal.ehr.com/northside-hospital HTTP 302
    https://hrportal.ehr.com/northside-hospital/qa3?returnurl=%2fnorthside-hospital HTTP 302
    https://hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-Portal&relaystate=&rnd=270447861063503 Page URL
  2. https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://hrportal.ehr.com/northside-hospital HTTP 302
  • https://hrportal.ehr.com/northside-hospital/qa3?returnurl=%2fnorthside-hospital HTTP 302
  • https://hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-Portal&relaystate=&rnd=270447861063503

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/
Redirect Chain
  • https://hrportal.ehr.com/northside-hospital
  • https://hrportal.ehr.com/northside-hospital/qa3?returnurl=%2fnorthside-hospital
  • https://hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-Portal&relaystate=&rnd=270447861063503
6 KB
6 KB
Document
General
Full URL
https://hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-Portal&relaystate=&rnd=270447861063503
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
158.82.144.42 , United States, ASN40196 (WILLISNORTHAMERICA, US),
Reverse DNS
Software
/
Resource Hash
edd1aa0edc928a7a3eebf7cd9f63b8034ec0af5aa7a033584b658efff160e9c4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache
Content-Encoding
gzip
Content-Length
5251
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html
Cross-Origin-Opener-Policy
same-origin
Date
Wed, 15 Feb 2023 09:41:59 GMT
Expires
-1
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache
Content-Length
275
Content-Security-Policy
default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Date
Wed, 15 Feb 2023 09:41:59 GMT
Expires
-1
Location
https://hrportal.ehr.com/northside-hospital/desktopmodules/portal/api/saml/sendauthnrequest/?target=SelfService-Portal&relaystate=&rnd=270447861063503
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Pragma
no-cache
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-XSS-Protection
1; mode=block
Primary Request default.ashx
northsideportal.ehr.com/
4 KB
3 KB
Document
General
Full URL
https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
17bfe29fa5eb57ecdb7b7c79d990786543cb2f346da71141477665355cfe6026
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://hrportal.ehr.com
Referer
https://hrportal.ehr.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Connection
keep-alive
Content-Encoding
gzip
Content-Length
1778
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Date
Wed, 15 Feb 2023 09:42:01 GMT
Expires
Tue, 14 Feb 2023 17:02:01 GMT
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
x-frame-options
SAMEORIGIN
1140.css
northsideportal.ehr.com/css/
0
0

default.ashx
northsideportal.ehr.com/
12 KB
5 KB
Stylesheet
General
Full URL
https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f4b02e6daf1163c6e406cbdea1d521a8cee283dab3a38fd9ac41200c4c6dcf3f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Transfer-Encoding
chunked
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Disposition
attachment; filename=screen.css
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Fri, 29 Aug 2014 08:47:50 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
V5G/NRSCWj56OEI+uMFYrAJh2ux4m3A=
Vary
Accept-Encoding
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
text/css
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Tue, 14 Feb 2023 17:02:01 GMT
password-meter.css
northsideportal.ehr.com/styles/
1 KB
2 KB
Stylesheet
General
Full URL
https://northsideportal.ehr.com/styles/password-meter.css
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
210ec56305187d6370bf0734e1c8a78e698234867e436a9ecf30fbdf7498b5f0
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Connection
keep-alive
Content-Length
621
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 17 Jan 2023 21:11:36 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"0b45448b82ad91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
respond.min.js
northsideportal.ehr.com/js/
0
0
Script
General
Full URL
https://northsideportal.ehr.com/js/respond.min.js
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Cross-Origin-Opener-Policy
same-origin
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Connection
keep-alive
Content-Length
1245
X-XSS-Protection
1; mode=block
jquery.js
northsideportal.ehr.com/Base/Script/
105 KB
44 KB
Script
General
Full URL
https://northsideportal.ehr.com/Base/Script/jquery.js
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ebf22112a34691501e8ebc0d0b6163cfe5fe31a6a2b3171510777a5b6dfea07a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Connection
keep-alive
Content-Length
43516
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Tue, 17 Jan 2023 21:11:26 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
"0d35e42b82ad91:0"
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Accept-Ranges
bytes
password_strength_plugin.js
northsideportal.ehr.com/scripts/
0
0
Script
General
Full URL
https://northsideportal.ehr.com/scripts/password_strength_plugin.js
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Referrer-Policy
no-referrer
Cross-Origin-Opener-Policy
same-origin
X-Frame-Options
SAMEORIGIN
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Type
text/html
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Connection
keep-alive
Content-Length
1245
X-XSS-Protection
1; mode=block
medianew.css
northsideportal.ehr.com/
0
0

default.ashx
northsideportal.ehr.com/
436 KB
437 KB
Image
General
Full URL
https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&FNAME=login-image.jpg
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c2e0a5965dac1f684aef3813f430d198cff37975965b6e143dbd2fed6359ee40
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Disposition
attachment; filename=login-image.jpg
Connection
keep-alive
Content-Length
446700
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 01 Oct 2020 11:43:25 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
aiBJujX9Egz5kIUMALl8ksh/SpPb
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Tue, 14 Feb 2023 17:02:01 GMT
default.ashx
northsideportal.ehr.com/
131 B
1 KB
Image
General
Full URL
https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&FNAME=form-background.png
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
82e1313baf620e0835a936c28299a8a19dca9646629cc7fc0b180c1be4f36789
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Disposition
attachment; filename=form-background.png
Connection
keep-alive
Content-Length
131
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 28 Aug 2014 11:23:26 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
e33nruBMSkRHJq4f1e8mPxgm+901Ukk=
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Tue, 14 Feb 2023 17:02:01 GMT
default.ashx
northsideportal.ehr.com/
248 B
1 KB
Image
General
Full URL
https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&FNAME=navigator-arrow.png
Requested by
Host: northsideportal.ehr.com
URL: https://northsideportal.ehr.com/default.ashx?CLASSNAME=RESOURCEHANDLER&ID=%25f9%255cye%2501%2519!%2588%253f%25eaD%2588%2508%25bc%255b%25f5
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.75.107.49 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
95d1f20a3765b9295110a94ee0b53a6ce9ab8a1925ef011324e4552478e88968
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/110.0.5481.96 Safari/537.36

Response headers

Date
Wed, 15 Feb 2023 09:42:01 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Content-Security-Policy-Report-Only
default-src 'self' https: https://www.google-analytics.com ; font-src * data:; connect-src 'self' cdn.cookielaw.org; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data:
Content-Disposition
attachment; filename=navigator-arrow.png
Connection
keep-alive
Content-Length
248
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Thu, 28 Aug 2014 12:58:47 GMT
Cross-Origin-Opener-Policy
same-origin
ETag
vspNljbS0oxzRwJctwqQD6jhqsQz
x-frame-options
SAMEORIGIN, SAMEORIGIN
Content-Type
image/png
Cache-Control
public
Permissions-Policy
accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()
Expires
Tue, 14 Feb 2023 17:02:01 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
northsideportal.ehr.com
URL
https://northsideportal.ehr.com/css/1140.css
Domain
northsideportal.ehr.com
URL
https://northsideportal.ehr.com/medianew.css

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless object| oncontentvisibilityautostatechange function| $ function| jQuery

13 Cookies

Domain/Path Name / Value
hrportal.ehr.com/ Name: dnn_IsMobile
Value: False
hrportal.ehr.com/ Name: language
Value: en-US
hrportal.ehr.com/ Name: Analytics_VisitorId
Value: c3f5c7c6-1e34-4ef6-9e49-12360f7cea80
hrportal.ehr.com/ Name: f5-cookie
Value: !WNvtdo5Q+FWaw6RRj9+ylgEfX4CmCQUa5eszgdIXT0KQpc9EkN95BK1mVPeqF2mx9Q24uYs8E/EzXMY=
hrportal.ehr.com/ Name: Analytics
Value: SessionId=e906956c-36a1-4032-8ddd-6502e43723de&TabId=20367&ContentItemId=-1
hrportal.ehr.com/ Name: ASP.NET_SessionId
Value: n25g2gj2pz5u1j0scpfki1mr
hrportal.ehr.com/ Name: authentication
Value: HRT.Portal.DNNModules.HRPortalAuth
northsideportal.ehr.com/ Name: ApplicationGatewayAffinityCORS
Value: 9695aa08aeef9c6d3c056d17ebd6bea9
northsideportal.ehr.com/ Name: ApplicationGatewayAffinity
Value: 9695aa08aeef9c6d3c056d17ebd6bea9
northsideportal.ehr.com/ Name: NHTCSApp
Value: %ccB%8f%8aqj%24I%dc%7bLF%e4_%cd%04%d4%98N%e2%de%d9%f25%9fa%9ef%b0n%18!w%14%60%ec%81U%7e%b2%ca%85%04%c1%1f%09%b1%ab
northsideportal.ehr.com/ Name: NHTCSSessionHistory_Insert
Value: False
northsideportal.ehr.com/ Name: NHTCSSessionHistory_Key
Value: fd1462ce-fa1b-41ef-a980-844bb907d05a
northsideportal.ehr.com/ Name: NHTCSSessionHistory_Id
Value: 6100837

7 Console Messages

Source Level URL
Text
security error URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal(Line 4)
Message:
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside <meta>.
security error URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Message:
Refused to apply style from 'https://northsideportal.ehr.com/css/1140.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://northsideportal.ehr.com/scripts/password_strength_plugin.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://northsideportal.ehr.com/js/respond.min.js
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
security error URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Message:
Refused to execute script from 'https://northsideportal.ehr.com/js/respond.min.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Message:
Refused to apply style from 'https://northsideportal.ehr.com/medianew.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://northsideportal.ehr.com/default.ashx?classname=idplogin&target=SelfService-Portal
Message:
Refused to execute script from 'https://northsideportal.ehr.com/scripts/password_strength_plugin.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: https://ajax.googleapis.com https://cdn.jsdelivr.net https://kendo.cdn.telerik.com https://dnnapi.com https://cdnjs.cloudflare.com; font-src * data:; connect-src 'self' https: https://wtwdevcbot-bot.azurewebsites.net wss://directline.botframework.com; script-src 'self' https: 'unsafe-inline' 'unsafe-eval' blob:; style-src * 'unsafe-inline' 'unsafe-eval' blob:; media-src 'self' https: 'unsafe-inline' 'unsafe-eval'; img-src 'self' https: 'unsafe-inline' 'unsafe-eval' data: blob:
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block