urlscan.io logo urlscan.io
SecurityTrails logo

twhr.sc-oasys.com Open in urlscan Pro
51.4.151.194  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://twhr.sc-oasys.com/
Effective URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Submission: On April 30 via manual from IN
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 3 countries across 2 domains to perform 13 HTTP transactions. The main IP is 51.4.151.194, located in Frankfurt am Main, Germany and belongs to MS-DEUTSCHLAND, DE. The main domain is twhr.sc-oasys.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 14th 2017. Valid for: 3 years.
This is the only time twhr.sc-oasys.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
5 16 51.4.151.194 200517 (MS-DEUTSC...)
1 2 40.113.71.148 8075 (MICROSOFT...)
1 51.140.6.23 8075 (MICROSOFT...)
13 3
Apex Domain
Subdomains		 Transfer
18 sc-oasys.com
twhr.sc-oasys.com
browserdetect.sc-oasys.com
179 KB
1 visualstudio.com
dc.services.visualstudio.com
519 B
13 2
Domain Requested by
16 twhr.sc-oasys.com 5 redirects browserdetect.sc-oasys.com
twhr.sc-oasys.com
2 browserdetect.sc-oasys.com 1 redirects
1 dc.services.visualstudio.com twhr.sc-oasys.com
13 3

This site contains no links.

Subject Issuer Validity Valid
*.sc-oasys.com
DigiCert SHA2 Secure Server CA		 2017-08-14 -
2020-08-14		 3 years crt.sh
dc.services.visualstudio.com
Microsoft IT TLS CA 5		 2020-03-17 -
2022-03-17		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://twhr.sc-oasys.com/sites/auth/Account/Login
Frame ID: F347AF93B3D6586351D5599AA04A8BB0
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://twhr.sc-oasys.com/ HTTP 301
    https://twhr.sc-oasys.com/sites/auth/Account/Login HTTP 302
    https://twhr.sc-oasys.com/sites/auth/DetectBrowser?ReturnURL=%2fsites%2fauth%2fAccount%2fLogin HTTP 302
    https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%... Page URL
  2. https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%... HTTP 302
    https://twhr.sc-oasys.com/sites/auth/DetectBrowserResult?rUrl=L3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%3D%3D... HTTP 302
    https://twhr.sc-oasys.com/sites/auth/Account/Login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

3
Subdomains

3
IPs

3
Countries

177 kB
Transfer

503 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://twhr.sc-oasys.com/ HTTP 301
    https://twhr.sc-oasys.com/sites/auth/Account/Login HTTP 302
    https://twhr.sc-oasys.com/sites/auth/DetectBrowser?ReturnURL=%2fsites%2fauth%2fAccount%2fLogin HTTP 302
    https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D Page URL
  2. https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D&bhcp=1 HTTP 302
    https://twhr.sc-oasys.com/sites/auth/DetectBrowserResult?rUrl=L3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%3D%3D&JavaScriptEnabled=True&FlashVersion=0&ScreenHeight=1200&ScreenWidth=1600&AvailableWidth=1600&AvailableHeight=1200&CookiesEnabled=True&AdobeAcrobatVersion=&ColorDepth=-1&AOLVersion=0&BrowserName=Chrome&BrowserVersion=74.0.3729.169&OSDetails=OS%20X%20Puma&OSName=OS%20X&OSVersion=10.14.5&Proxy=False&AdobeFlashVersion=&MobileDevice=False&DeviceType=&DeviceName= HTTP 302
    https://twhr.sc-oasys.com/sites/auth/Account/Login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://twhr.sc-oasys.com/ HTTP 301
  • https://twhr.sc-oasys.com/sites/auth/Account/Login HTTP 302
  • https://twhr.sc-oasys.com/sites/auth/DetectBrowser?ReturnURL=%2fsites%2fauth%2fAccount%2fLogin HTTP 302
  • https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D
Request Chain 5
  • https://twhr.sc-oasys.com/App_Themes/WillisTowersWatson/Images/logo.png HTTP 301
  • https://twhr.sc-oasys.com/sites/candidate/App_Themes/WillisTowersWatson/Images/logo.png

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
DetectBrowser.ashx
browserdetect.sc-oasys.com/
Redirect Chain
  • https://twhr.sc-oasys.com/
  • https://twhr.sc-oasys.com/sites/auth/Account/Login
  • https://twhr.sc-oasys.com/sites/auth/DetectBrowser?ReturnURL=%2fsites%2fauth%2fAccount%2fLogin
  • https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D
4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.113.71.148 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fdc455b2193b91a92a9903cc55059b2c9160332f3e8e5a56a6c236e6e678a3e2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'self'; style-src 'unsafe-inline' 'self'; report-uri https://oasys.report-uri.com/r/t/csp/enforce
X-Frame-Options ALLOW

Request headers

:method
GET
:authority
browserdetect.sc-oasys.com
:scheme
https
:path
/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
cache-control
no-store, no-cache, must-revalidate,post-check=0, pre-check=0
pragma
no-cache
content-length
1886
content-type
text/html; charset=utf-8
content-encoding
gzip
expires
Sat, 6 May 1995 12:00:00 GMT
vary
Accept-Encoding
server
Microsoft-IIS/10.0
set-cookie
bhCookieSess=1; path=/; secure
x-aspnet-version
4.0.30319
x-powered-by
ASP.NET
content-security-policy
default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'self'; style-src 'unsafe-inline' 'self'; report-uri https://oasys.report-uri.com/r/t/csp/enforce
x-frame-options
ALLOW
date
Thu, 30 Apr 2020 12:09:05 GMT

Redirect headers

status
302
cache-control
no-cache, no-store
pragma
no-cache
content-length
303
content-type
text/html; charset=utf-8
expires
-1
location
https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
x-frame-options
DENY
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
access-control-expose-headers
Request-Context
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Thu, 30 Apr 2020 12:09:04 GMT
Primary Request Login
twhr.sc-oasys.com/sites/auth/Account/
Redirect Chain
  • https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D&bhcp=1
  • https://twhr.sc-oasys.com/sites/auth/DetectBrowserResult?rUrl=L3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%3D%3D&JavaScriptEnabled=True&FlashVersion=0&ScreenHeight=1200&ScreenWidth=1600&AvailableWidth=1600&A...
  • https://twhr.sc-oasys.com/sites/auth/Account/Login
8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/Account/Login
Requested by
Host: browserdetect.sc-oasys.com
URL: https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
b30cb14f78dc760b8217c091fa78ffee2e2f6e11ea75572a8d1cc6a0d8d2710c
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
twhr.sc-oasys.com
:scheme
https
:path
/sites/auth/Account/Login
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
same-site
sec-fetch-mode
navigate
sec-fetch-dest
document
referer
https://browserdetect.sc-oasys.com/
accept-encoding
gzip, deflate, br
accept-language
en-US
cookie
sc=4jctmejjylp4ytonwae1v2ug
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer
https://browserdetect.sc-oasys.com/DetectBrowser.ashx?returnUrl=https%3a%2f%2ftwhr.sc-oasys.com%2fsites%2fauth%2fDetectBrowserResult%3frUrl%3dL3NpdGVzL2F1dGgvQWNjb3VudC9Mb2dpbg%253D%253D

Response headers

status
200
cache-control
no-cache, no-store
pragma
no-cache
content-length
3373
content-type
text/html; charset=utf-8
content-encoding
gzip
content-language
en-US
expires
-1
vary
Accept-Encoding
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
set-cookie
__RequestVerificationToken_L3NpdGVzL2F1dGg1=3r5D0W6uio4B6hS8E_3gtxmVPoRJWFSLC-e2tdU2t3wEuDU5s3RtwPew1gWiyxt1Wjrb5YzFIS_sm5hhSBe1K798rV01; path=/; secure; HttpOnly; SameSite=None
x-frame-options
DENY
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
access-control-expose-headers
Request-Context
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Thu, 30 Apr 2020 12:09:05 GMT

Redirect headers

status
302
cache-control
no-cache, no-store
pragma
no-cache
content-length
142
content-type
text/html; charset=utf-8
expires
-1
location
/sites/auth/Account/Login
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
x-frame-options
DENY
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
access-control-expose-headers
Request-Context
x-xss-protection
1; mode=block
x-content-type-options
nosniff
referrer-policy
strict-origin-when-cross-origin
content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
strict-transport-security
max-age=63072000; includeSubDomains; preload
date
Thu, 30 Apr 2020 12:09:05 GMT
css-ltr
twhr.sc-oasys.com/sites/auth/Content/ 		171 KB
38 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/Content/css-ltr?v=xZBa-zQJobvrYWD3wemmdpBFNPJXhHY0vrsYnb6lXnY1
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
2f0cb79ea73037fce08a8b8922e0a37b7f53947b8df92a73ad4db819f72c3abd
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
38938
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:05 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/css; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:05 GMT
ai
twhr.sc-oasys.com/sites/auth/bundles/ 		94 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/bundles/ai?v=QatcX2BC8XMDhNwBa9vRTVncpl7cmom0BdwWPKs5Sp41
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
0b72fa9af1a657f7613f1659e9a35df52a24b2af0745a15957800000ddb22115
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
29086
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:05 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:05 GMT
ai
twhr.sc-oasys.com/sites/auth/ 		253 B
437 B 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/ai
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
c9beac3b886c8559ca33fc16173028b709b0ad9d8bdfad32ad6dde74901375ea
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
*
content-length
294
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 11:25:16 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public, max-age=83770
expires
Fri, 01 May 2020 11:25:16 GMT
css
twhr.sc-oasys.com/sites/auth/theme/ 		1 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/theme/css
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
476e323890af6e3aac1139a1ae2ea4af98e9405c6073984e96dbb2c79457dd13
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
Accept-Encoding
content-length
389
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:05 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-language
en-US
access-control-expose-headers
Request-Context
cache-control
private, max-age=3600
content-type
text/css; charset=utf-8
expires
Thu, 30 Apr 2020 13:09:05 GMT
logo.png
twhr.sc-oasys.com/sites/candidate/App_Themes/WillisTowersWatson/Images/
Redirect Chain
  • https://twhr.sc-oasys.com/App_Themes/WillisTowersWatson/Images/logo.png
  • https://twhr.sc-oasys.com/sites/candidate/App_Themes/WillisTowersWatson/Images/logo.png
12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://twhr.sc-oasys.com/sites/candidate/App_Themes/WillisTowersWatson/Images/logo.png
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
d3eb9cfac59ea0197232f5bdc798e42e2bcaade50159469bb70107cc0778dfdc
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
content-length
12616
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 03 Sep 2019 09:12:12 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
access-control-expose-headers
Request-Context
cache-control
max-age=604800
etag
"1d56237aba8cf48"

Redirect headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
referrer-policy
strict-origin-when-cross-origin
date
Thu, 30 Apr 2020 12:09:05 GMT
status
301
content-type
text/html; charset=UTF-8
location
https://twhr.sc-oasys.com/sites/candidate/App_Themes/WillisTowersWatson/Images/logo.png
x-xss-protection
1; mode=block
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
210
x-content-type-options
nosniff
jquery
twhr.sc-oasys.com/sites/auth/bundles/ 		86 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/bundles/jquery?v=8Oos0avDZyPg-cbyVzvkIfERIE1DGSe3sRQdCSYrgEQ1
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
c6c9c55306e0cc0fbd50b3488121de96630e66f6744a6538e97e982d64144889
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
40204
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:06 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:06 GMT
bootstrap
twhr.sc-oasys.com/sites/auth/bundles/ 		76 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/bundles/bootstrap?v=zIHjs4uVWdUgGmkeH3gNlvsNrQKWnEBbSeCf2M7VU1Y1
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
ba8162d2aae7d884815223da1676de153f0c9b77ae13de35401099c461523b89
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
30120
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:06 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:06 GMT
cssvars
twhr.sc-oasys.com/sites/auth/bundles/ 		20 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/bundles/cssvars?v=--T-o5vfZORxrD4R0d9TFVZj9fWVAqzgNph4FwwWO7M1
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
6539e4fb2696b0b529b997f72532bbf1707ac973a1d1f5836efa6a7580eb87b2
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
8927
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:06 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:06 GMT
IEThemeing
twhr.sc-oasys.com/sites/auth/bundles/ 		1 KB
721 B 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/bundles/IEThemeing?v=XReRKKKmf_W-bdAyhbQ8CC611M6tXc6l6IXhRn3fekM1
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
fc031095d8d1e8bbf180bf1ee02628f68837fa863cc732aa1aa4879c638c6085
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
672
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:06 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:06 GMT
jqueryval
twhr.sc-oasys.com/sites/auth/bundles/ 		28 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://twhr.sc-oasys.com/sites/auth/bundles/jqueryval?v=ewwbEwxCzNIunbw9c2Y5X5_ldbOkIBIkUo-LvchX7I81
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/Account/Login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.4.151.194 Frankfurt am Main, Germany, ASN200517 (MS-DEUTSCHLAND, DE),
Reverse DNS
Software
/
Resource Hash
bbac52df514e2fe1d036cd5e7f7f3f5da06801ebf367b9e1c511454c36e410cb
Security Headers
Name Value
Content-Security-Policy object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://twhr.sc-oasys.com/sites/auth/Account/Login
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

content-security-policy
object-src 'none'; default-src 'self' https://static.zdassets.com https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com https://amp.azure.net blob:; script-src 'unsafe-inline' 'unsafe-eval' 'self' https://savilleassessment.zendesk.com https://dc.services.visualstudio.com https://ekr.zdassets.com/ https://assets.zendesk.com https://static.zdassets.com https://v2.zopim.com https://az416426.vo.msecnd.net https://cdn.raygun.io https://sc-oasys.azureedge.net https://amp.azure.net blob:; style-src 'unsafe-inline' 'self' https://sc-oasys.azureedge.net https://amp.azure.net; connect-src 'self' wss://widget-mediator.zopim.com/ https://widget-mediator.zopim.com/ https://savilleassessment.zendesk.com/ https://ekr.zdassets.com/ https://dc.services.visualstudio.com/v2/track https://sc-oasys.azureedge.net https://inventory-streaming.sc-oasys.com; img-src 'self' data: https://sc-oasys.azureedge.net https://amp.azure.net; report-uri https://oasys.report-uri.com/r/t/csp/enforce
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="NOI CURa ADMa DEVa OUR DELa NOR BUS IND PHY ONL UNI COM NAV DEM STA"
status
200
vary
User-Agent,Accept-Encoding
content-length
11513
x-xss-protection
1; mode=block
request-context
appId=cid-v1:200ccf6e-2052-42f2-95ca-ad62bf0daf03
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 30 Apr 2020 12:09:06 GMT
x-frame-options
DENY
date
Thu, 30 Apr 2020 12:09:05 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/javascript; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
public
expires
Fri, 30 Apr 2021 12:09:06 GMT
track
dc.services.visualstudio.com/v2/ 		96 B
519 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: twhr.sc-oasys.com
URL: https://twhr.sc-oasys.com/sites/auth/bundles/ai?v=QatcX2BC8XMDhNwBa9vRTVncpl7cmom0BdwWPKs5Sp41
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_CBC
Server
51.140.6.23 London, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
0491d57c3cc91196e9d1f9aea5d7cd2e28ba07b42de6434c884f1c5d7d9adc1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://twhr.sc-oasys.com/
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-type
application/json

Response headers

x-ms-session-id
B6F487D5-866A-4440-842F-DC6D0313D47A
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Date
Thu, 30 Apr 2020 12:09:06 GMT
Access-Control-Max-Age
3600
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Name, Content-Type, Accept, Sdk-Context
Content-Length
96

Verdicts & Comments Add Verdict or Comment

15 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| __extends object| AI object| Microsoft object| snippet object| init object| appInsights function| $ function| jQuery object| bootstrap function| cssVars function| isIE function| applyThemeing string| ua

3 Cookies

Domain/Path Name / Value
twhr.sc-oasys.com/ Name: __RequestVerificationToken_L3NpdGVzL2F1dGg1
Value: 3r5D0W6uio4B6hS8E_3gtxmVPoRJWFSLC-e2tdU2t3wEuDU5s3RtwPew1gWiyxt1Wjrb5YzFIS_sm5hhSBe1K798rV01
twhr.sc-oasys.com/ Name: ai_user
Value: xbqxh|2020-04-30T12:09:06.085Z
twhr.sc-oasys.com/ Name: sc
Value: 4jctmejjylp4ytonwae1v2ug

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; object-src 'self'; style-src 'unsafe-inline' 'self'; report-uri https://oasys.report-uri.com/r/t/csp/enforce
X-Frame-Options ALLOW