Submitted URL: https://tse-dbt-documentation.platform-apps.io/
Effective URL: https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-...
Submission: On June 12 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 4 domains to perform 6 HTTP transactions. The main IP is 34.233.17.74, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is pingfed.msd.com.
TLS certificate: Issued by Sectigo RSA Organization Validation S... on February 14th 2024. Valid for: a year.
This is the only time pingfed.msd.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 18.172.112.2 16509 (AMAZON-02)
1 1 2600:1f18:257... 14618 (AMAZON-AES)
1 7 34.233.17.74 14618 (AMAZON-AES)
6 1
Domain Requested by
6 pingfed.msd.com pingfed.msd.com
1 pingfed.merck.com 1 redirects
1 mrk-cdn-edge.auth.us-east-1.amazoncognito.com 1 redirects
1 tse-dbt-documentation.platform-apps.io 1 redirects
6 4

This site contains links to these domains. Also see Links.

Domain
www.msd.com
Subject Issuer Validity Valid
pingfed.merck.com
Sectigo RSA Organization Validation Secure Server CA
2024-02-14 -
2025-02-13
a year crt.sh

This page contains 1 frames:

Primary Page: https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4
Frame ID: 55AEA49606708667128F176C3AD49B63
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

Sign On

Page URL History Show full URLs

  1. https://tse-dbt-documentation.platform-apps.io/ HTTP 302
    https://mrk-cdn-edge.auth.us-east-1.amazoncognito.com/oauth2/authorize?client_id=r0ie5k4cnhg7l85bnt2gkeao4&response_type=code&scop... HTTP 302
    https://pingfed.merck.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fm... HTTP 307
    https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fm... Page URL

Page Statistics

6
Requests

100 %
HTTPS

33 %
IPv6

4
Domains

4
Subdomains

1
IPs

1
Countries

205 kB
Transfer

198 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://tse-dbt-documentation.platform-apps.io/ HTTP 302
    https://mrk-cdn-edge.auth.us-east-1.amazoncognito.com/oauth2/authorize?client_id=r0ie5k4cnhg7l85bnt2gkeao4&response_type=code&scope=openid+email+profile&redirect_uri=https%3A%2F%2Ftse-dbt-documentation.platform-apps.io%2Fsignin&state=eyJub25jZSI6ICJfYmIyUy5RVWZkMHBaTkFsVjVTWDNlfjZnQTZRMzRqVEcuSGwiLCAicmVxdWVzdGVkX3VyaSI6ICIvIn0&code_challenge_method=S256&code_challenge=ANhHjImYo8JAp0_776HqtvMMXGqD2gpyc3ZVCIxUX7s HTTP 302
    https://pingfed.merck.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4 HTTP 307
    https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request authorization.oauth2
pingfed.msd.com/as/
Redirect Chain
  • https://tse-dbt-documentation.platform-apps.io/
  • https://mrk-cdn-edge.auth.us-east-1.amazoncognito.com/oauth2/authorize?client_id=r0ie5k4cnhg7l85bnt2gkeao4&response_type=code&scope=openid+email+profile&redirect_uri=https%3A%2F%2Ftse-dbt-documenta...
  • https://pingfed.merck.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&...
  • https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&re...
6 KB
8 KB
Document
General
Full URL
https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
d7edb5a2e05a68855d125952e89717a17781bd05f5e6810715e69b978cc67250
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-cache, no-store
Content-Length
6443
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
Content-Type
text/html;charset=utf-8
Date
Wed, 12 Jun 2024 04:31:39 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Pragma
no-cache
Referrer-Policy
origin
X-Frame-Options
DENY

Redirect headers

Connection
Keep-Alive
Content-Length
0
Location
https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4
Server
BigIP
main.css
pingfed.msd.com/assets/css/
170 KB
171 KB
Stylesheet
General
Full URL
https://pingfed.msd.com/assets/css/main.css
Requested by
Host: pingfed.msd.com
URL: https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
a70cb484740dd0056335440ec7b1f85070a5fce3015e55aacd5bd2d806361981
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pingfed.msd.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 12 Jun 2024 04:31:39 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
Referrer-Policy
origin
Last-Modified
Tue, 26 Jul 2022 20:52:14 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
174355
Content-Type
text/css
style.css
pingfed.msd.com/assets/responsive/
3 KB
4 KB
Stylesheet
General
Full URL
https://pingfed.msd.com/assets/responsive/style.css
Requested by
Host: pingfed.msd.com
URL: https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
c1e9fee8372599c94827053ba4cf761f0e791a4f3e2f8783975dd2d8c8b9ea16
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pingfed.msd.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 12 Jun 2024 04:31:39 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
Referrer-Policy
origin
Last-Modified
Sat, 01 Feb 2020 10:11:37 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
2656
Content-Type
text/css
symbol.png
pingfed.msd.com/assets/responsive/img/
850 B
2 KB
Image
General
Full URL
https://pingfed.msd.com/assets/responsive/img/symbol.png
Requested by
Host: pingfed.msd.com
URL: https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
3cc825440f2051869ab394e72382277a1ad6c13ac9fe35e564f5ead9dbd95628
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pingfed.msd.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 12 Jun 2024 04:31:39 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
Referrer-Policy
origin
Last-Modified
Sat, 01 Feb 2020 10:11:37 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
850
Content-Type
image/png
DINOT.woff2
pingfed.msd.com/assets/responsive/fonts/
16 KB
17 KB
Font
General
Full URL
https://pingfed.msd.com/assets/responsive/fonts/DINOT.woff2
Requested by
Host: pingfed.msd.com
URL: https://pingfed.msd.com/assets/responsive/style.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
1725a9331b49c4a46cf6dccf5e4a74842e9290e65d74314654e0c91643ae34f6
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pingfed.msd.com/
Origin
https://pingfed.msd.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 12 Jun 2024 04:31:40 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
Referrer-Policy
origin
Last-Modified
Sat, 01 Feb 2020 10:11:37 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
16308
Content-Type
font/woff2
favicon.ico
pingfed.msd.com/assets/responsive/
2 KB
3 KB
Other
General
Full URL
https://pingfed.msd.com/assets/responsive/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.233.17.74 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-233-17-74.compute-1.amazonaws.com
Software
/
Resource Hash
02355dd168ef69ff603b1d17b1c093fce92ba06bf23071481c9f9e036ba65af6
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://pingfed.msd.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Wed, 12 Jun 2024 04:31:40 GMT
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
Referrer-Policy
origin
Last-Modified
Sat, 01 Feb 2020 10:11:37 GMT
Cache-Control
max-age=0, must-revalidate
Content-Length
1775
Content-Type
image/x-icon

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| removeIdentifier function| showIdentifierInputBox function| selectIdentifier function| postOk function| postCancel function| submitForm function| postOnReturn function| setFocus function| setMobile function| getScreenWidth object| bodyTag number| width

7 Cookies

Domain/Path Name / Value
tse-dbt-documentation.platform-apps.io/ Name: state_nonce
Value: _bb2S.QUfd0pZNAlV5SX3e~6gA6Q34jTG.Hl
tse-dbt-documentation.platform-apps.io/ Name: state_nonce_hmac
Value: -1ZCT0WPciseJ8Fear5RC6QkYG_BP2-TY5kAir4tXqE
tse-dbt-documentation.platform-apps.io/ Name: pkce_code_verifier
Value: Tm9HMlhRNUl2V0VZU25CNHdvSE9vfjFweVJwSG9sWm9MMXpN
mrk-cdn-edge.auth.us-east-1.amazoncognito.com/ Name: XSRF-TOKEN
Value: 6e6ca681-17ec-428a-b93e-bfa72d6be930
mrk-cdn-edge.auth.us-east-1.amazoncognito.com/ Name: csrf-state
Value: MUSm2Wsg-zx4NVSIis5gOMI1yE8XIGiTZDWwQCIjuWi3a6gOO7n77w1tdbyRt-pumr278VCvt8sg-17ugU-T0B1xZ2lzBcQTX3ZGuYpH-bUWK1oEC1YC7gdFEx4n26XDXG_s_gx7y87padgQH67-3O6UQHDdviMSpxddYpKJS6M
mrk-cdn-edge.auth.us-east-1.amazoncognito.com/ Name: csrf-state-legacy
Value: MUSm2Wsg-zx4NVSIis5gOMI1yE8XIGiTZDWwQCIjuWi3a6gOO7n77w1tdbyRt-pumr278VCvt8sg-17ugU-T0B1xZ2lzBcQTX3ZGuYpH-bUWK1oEC1YC7gdFEx4n26XDXG_s_gx7y87padgQH67-3O6UQHDdviMSpxddYpKJS6M
pingfed.msd.com/ Name: PF
Value: 8rdQV1Igkt2m60AfnIVwCM

1 Console Messages

Source Level URL
Text
security error URL: https://pingfed.msd.com/as/authorization.oauth2?client_id=AWSMrkCdnEdge&redirect_uri=https%3A%2F%2Fmrk-cdn-edge.auth.us-east-1.amazoncognito.com%2Foauth2%2Fidpresponse&scope=email+openid+profile&response_type=code&state=H4sIAAAAAAAAAD1SUY-iMBj8LzxbFRDK-uaiq7jHGkUBuVxMoaVWoO1KccHL_ffrXS731Mk3nZkvme-ngYy50bWAoFYB8-LYXW06tbMwRkaumeZeAck4LQkG8i6wHhd6fJ8y4lSzgl8prD0n58qiFUFipnms-atSsp1PJqolAOcKYFF0DeEKKSb4WNZIleLeACRlO2Zi0jLKGddaorWFwETDUsNdsPQ1pMb8uyEk4exPPmkQq_Wr1ylZTYwfI-Oq_5Jh2-WWc8uiwA38bXluguE0OIc4yapw84qO1Vsb3-Jjsvyoy1vG98fsED4Pn_Gq6KL1F_vmL1jRxD1O4idex1VqxwP66xU8Aj7VgUynLD6um1vQnIW3XcjpBUJ386keYZiuP5cWlUNhZ7Ef9KcUtlpx04rIclwNKw3DU9RYSUvBs599xFHAWofuwsAcVl4arNkxWyZfez-4dQmzkUt3O8gh_DIVzoeDArJr7hb0Yv-hPO1hwo6ewHH6avaZVT9fi_0xtbN1d5YbkJ-Sd1OsfPPsQ4rfVv2MW266TNeX9kJ7OHhQIkz3GxcCe-ee9pslfrAwkj3GZ_m-jdxQb1z_q7_AHBBMyRh16jr-fypj1KCn4IXQ1SkxLkSjNY0xN6Hpma7rvni6ImNeorolI-OuzSyIzQKVOShdxwEze2aDHBIbeNg1yxdEHK_Axq_feuo4fpICAAA.H4sIAAAAAAAAAPO3myjhnnBeNmaBarWqefUrXQ8LoYtqey5nHkvzXiKsXwEAe4zqBSAAAAA.4(Line 14)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com". Either the 'unsafe-inline' keyword, a hash ('sha256-ikDw2UbBjgf/mTzhMT8WBwvKrWcqv0g/K03N6zhAxbc='), or a nonce ('nonce-...') is required to enable inline execution.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; style-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; base-uri 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; object-src 'self' https://*.merck.com http://*.merck.com http://*.msd.com https://*.msd.com; frame-ancestors 'self' http://*.merck.com https://*.merck.com https://*.kneatgx.com https://*.kneatgxtest.com https://*.jaggaer.com https://merck-promomats-ghh.veevavault.com http://*.ariba.com https://*.ariba.com https://msd-promomats-ghh.veevavault.com https://*.service-now.com https://*.merck.com:8443 http://*.msd.com https://*.msd.com https://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms http://external-qastg.srpstg4uf2.revvitycloud.com.mcas.ms https://*.revvitycloud.com.mcas.ms http://*.revvitycloud.com.mcas.ms;
X-Frame-Options DENY