urlscan.io logo urlscan.io
SecurityTrails logo

auth.tiaa.org Open in urlscan Pro
23.67.142.153  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure4.xactlycorp.com/iam/v1/initiatesso/0oa1k334moS6960KS5d7
Effective URL: https://auth.tiaa.org/idp/SSO.saml2
Submission: On January 17 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 4 domains to perform 8 HTTP transactions. The main IP is 23.67.142.153, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is auth.tiaa.org. The Cisco Umbrella rank of the primary domain is 141195.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on December 12th 2023. Valid for: a year.
This is the only time auth.tiaa.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.51.115.9 16625 (AKAMAI-AS)
1 35.71.149.114 16509 (AMAZON-02)
3 13.32.99.127 16509 (AMAZON-02)
2 23.67.142.153 16625 (AKAMAI-AS)
8 4
Apex Domain
Subdomains		 Transfer
3 oktacdn.com
ok12static.oktacdn.com — Cisco Umbrella Rank: 11450
104 KB
2 tiaa.org
auth.tiaa.org — Cisco Umbrella Rank: 141195
84 KB
2 xactlycorp.com
secure4.xactlycorp.com — Cisco Umbrella Rank: 292426
auth.xactlycorp.com — Cisco Umbrella Rank: 155670
6 KB
0 tiaa-cref.org Failed
loginsso-ha.ops.tiaa-cref.org Failed
8 4
Domain Requested by
3 ok12static.oktacdn.com auth.xactlycorp.com
2 auth.tiaa.org auth.tiaa.org
1 auth.xactlycorp.com
1 secure4.xactlycorp.com 1 redirects
0 loginsso-ha.ops.tiaa-cref.org Failed
8 5

This site contains no links.

Subject Issuer Validity Valid
*.xactlycorp.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-22 -
2024-04-16		 a year crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-15 -
2025-01-02		 a year crt.sh
www.tiaa.org
DigiCert SHA2 Extended Validation Server CA		 2023-12-12 -
2024-12-14		 a year crt.sh

This page contains 1 frames:

Frame: https://loginsso-ha.ops.tiaa-cref.org/idp/SSO.saml2
Frame ID: 083DD392CCB63AED36CBECF221919001
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://secure4.xactlycorp.com/iam/v1/initiatesso/0oa1k334moS6960KS5d7 HTTP 302
    https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y4... Page URL
  2. https://auth.tiaa.org/idp/SSO.saml2 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

75 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

2
Countries

194 kB
Transfer

524 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure4.xactlycorp.com/iam/v1/initiatesso/0oa1k334moS6960KS5d7 HTTP 302
    https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE Page URL
  2. https://auth.tiaa.org/idp/SSO.saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://secure4.xactlycorp.com/iam/v1/initiatesso/0oa1k334moS6960KS5d7 HTTP 302
  • https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
authorize
auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/
Redirect Chain
  • https://secure4.xactlycorp.com/iam/v1/initiatesso/0oa1k334moS6960KS5d7
  • https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB...
9 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
35.71.149.114 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a9fabdf042c40ac50.awsglobalaccelerator.com
Software
nginx /
Resource Hash
393716480c3ffd050dda56582c44a34b743ed86207c10577ecab01dbc140d857
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Connection
Keep-Alive
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Wed, 17 Jan 2024 18:40:04 GMT
Keep-Alive
timeout=5, max=100
Server
nginx
Strict-Transport-Security
max-age=315360000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Robots-Tag
noindex,nofollow
cache-control
no-cache, no-store
content-language
de
expires
0
p3p
CP="HONK"
pragma
no-cache
referrer-policy
no-referrer
x-content-type-options
nosniff
x-okta-request-id
ZagfBCZGOZb-g5gpXICoUQAAAHM
x-rate-limit-limit
60
x-rate-limit-remaining
59
x-rate-limit-reset
1705516864
x-xss-protection
0

Redirect headers

content-length
0
date
Wed, 17 Jan 2024 18:40:04 GMT
front-end-https
on
location
https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE
server
nginx
strict-transport-security
max-age=16000000; includeSubDomains; always;
vary
Origin Access-Control-Request-Method Access-Control-Request-Headers
jquery-1.12.4.2ef93d9aedc4198ec425a799a371292d.js
ok12static.oktacdn.com/assets/js/ 		289 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ok12static.oktacdn.com/assets/js/jquery-1.12.4.2ef93d9aedc4198ec425a799a371292d.js
Requested by
Host: auth.xactlycorp.com
URL: https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-127.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
Origin
https://auth.xactlycorp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-amz-meta-sha1sum
26667ee897b9e91a9b54c3d4aa445649aa92543d
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
date
Wed, 10 Jan 2024 05:33:36 GMT
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
651988
x-cache
Hit from cloudfront
last-modified
Tue, 06 Dec 2022 22:05:25 GMT
server
nginx
etag
W/"2ef93d9aedc4198ec425a799a371292d"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
BlLcw6YwYb-ZZsI8ydIeVFhmbgySjRxqObSGbh7wVM9BNJPRlOQGKg==
expires
Thu, 09 Jan 2025 05:33:36 GMT
interstitial.c280c95e9e8c971dad6d6dd597ab23f8.css
ok12static.oktacdn.com/assets/css/sections/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://ok12static.oktacdn.com/assets/css/sections/interstitial.c280c95e9e8c971dad6d6dd597ab23f8.css
Requested by
Host: auth.xactlycorp.com
URL: https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-127.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
d952fafe2ace405711d16dd5b78225162c199fffc0132fb1d85b612b629c5e22
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 10 Jan 2024 20:52:17 GMT
x-amz-meta-sha1sum
254ba22d6a26decbf68aac1f9710e47a39cc4bfa
content-encoding
gzip
strict-transport-security
max-age=315360000; includeSubDomains
via
1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
596868
x-cache
Hit from cloudfront
last-modified
Tue, 05 Dec 2023 22:50:36 GMT
server
nginx
etag
W/"c280c95e9e8c971dad6d6dd597ab23f8"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
aaFFWZ3r7Cd0JimAjw9GD-MUjJx8Xum701ToVEIswG-uOz79GTA4tQ==
expires
Thu, 09 Jan 2025 20:52:17 GMT
interstitial.474dce61acfac4a4d016921943cf2a68.js
ok12static.oktacdn.com/assets/js/app/sso/ 		678 B
862 B 		Script
General
Check archive.org
Download Go to
Full URL
https://ok12static.oktacdn.com/assets/js/app/sso/interstitial.474dce61acfac4a4d016921943cf2a68.js
Requested by
Host: auth.xactlycorp.com
URL: https://auth.xactlycorp.com/oauth2/ausps20ouOkjV06lo5d6/v1/authorize?response_type=code&client_id=0oa4y499qr6BJtc845d7&scope=openid%20email%20profile%20offline_access&state=B0E2E15C3F839902B61D6FDB7FE323003042E46FCE5F9C698411D0EBDE9964F12154C9D0617EC93148309C1061EE1D3108F53955421F739FC7999CA13ADC8CF7A8C90D3EA0F4DE5E16DB9B5F7988E2909D90841EBF5E497567BD8E5DD3B5F7BB3789F8D7AAB748B3D981996FFFB232471D4738D3F37D8FAE9C9317EE52F0EE9D350D071E8D43AC2C3B2AFCFF18754FBD&idp=0oa1k334moS6960KS5d7&redirect_uri=https://secure4.xactlycorp.com/iam/saml/auth/INCENT_LOGIN_PAGE&nonce=2D489ADAC472B2EF5563FAFE
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.99.127 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-99-127.fra60.r.cloudfront.net
Software
nginx /
Resource Hash
77b5ff765ff7653b7756896e3951eb246f500edea52c79e0c64a6ef085e4c14e
Security Headers
Name Value
Strict-Transport-Security max-age=315360000; includeSubDomains

Request headers

Referer
Origin
https://auth.xactlycorp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Fri, 29 Dec 2023 22:04:02 GMT
strict-transport-security
max-age=315360000; includeSubDomains
content-encoding
gzip
via
1.1 74c5b19a4695b76162adbf07ed9ef370.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA60-P3
age
1629363
x-cache
Hit from cloudfront
last-modified
Mon, 17 Aug 2020 19:14:04 GMT
server
nginx
etag
W/"474dce61acfac4a4d016921943cf2a68"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
x-amz-cf-id
QNnAD97BHEjO1I7RXtqqq3eYMiiZYMHfMtmvsClgZIva4SFnFusioQ==
expires
Sat, 28 Dec 2024 22:04:02 GMT
Primary Request SSO.saml2
auth.tiaa.org/idp/ 		3 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.tiaa.org/idp/SSO.saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.142.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-142-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
07b3a78b9dbf7d1133733164c7e5c4b2c56a902b16e64b60ec3181018203a94b

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
null
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-length
1787
content-type
text/html;charset=utf-8
date
Wed, 17 Jan 2024 18:40:06 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
pragma
no-cache
referrer-policy
origin
vary
Accept-Encoding
x-akamai-transformed
9 2084 0 pmb=mTOE,1
JLVs
auth.tiaa.org/JTDV8_x7X2liK2MLgk9TXQhZQvU/awEphJVwLNwE/VTAgAUEB/b1JZTj9/ 		215 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.tiaa.org/JTDV8_x7X2liK2MLgk9TXQhZQvU/awEphJVwLNwE/VTAgAUEB/b1JZTj9/JLVs
Requested by
Host: auth.tiaa.org
URL: https://auth.tiaa.org/idp/SSO.saml2
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.67.142.153 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-67-142-153.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.tiaa.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 18:40:06 GMT
content-encoding
br
last-modified
Wed, 02 Aug 2023 16:13:23 GMT
etag
"847e9eb0c2aa602fdeb05a53243d9ead2556b01a549758f95361f3ed5ae3cfaa"
stored-attribute-sha-checksum
8f1c4322ca7cec46bb7729dccc9b2a7544be8cc6da77b59731807cdfb936770c
content-type
application/javascript
cache-control
max-age=21600
content-length
81418
expires
Wed, 14 Feb 2024 10:48:38 GMT
JLVs
auth.tiaa.org/JTDV8_x7X2liK2MLgk9TXQhZQvU/awEphJVwLNwE/VTAgAUEB/b1JZTj9/ 		0
0
SSO.saml2
loginsso-ha.ops.tiaa-cref.org/idp/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
auth.tiaa.org
URL
https://auth.tiaa.org/JTDV8_x7X2liK2MLgk9TXQhZQvU/awEphJVwLNwE/VTAgAUEB/b1JZTj9/JLVs
Domain
loginsso-ha.ops.tiaa-cref.org
URL
https://loginsso-ha.ops.tiaa-cref.org/idp/SSO.saml2

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

12 Cookies

Domain/Path Name / Value
auth.xactlycorp.com/ Name: JSESSIONID
Value: A0F1F10C6696EC26D768B38F5031AC7F
auth.xactlycorp.com/ Name: t
Value: default
auth.xactlycorp.com/ Name: DT
Value: DI1TupqxXkXRkm1i8KEVu6q0Q
auth.tiaa.org/ Name: PF
Value: GGk4OVMxJ8UwKlb9MBXlbj
auth.tiaa.org/ Name: BIGipServerpool_publictools-ha-federation_9030_prod-dr
Value: 1981865738.17955.0000
auth.tiaa.org/ Name: BIGipServerpool_origin-auth-ha_7700_prod-dr
Value: 788848394.5150.0000
auth.tiaa.org/ Name: tiaa_dc
Value: cobm
auth.tiaa.org/ Name: TS010984ce
Value: 010cea11901addef2cc8b8515b4be464edf37eacfee700d30bdc6bade0c26362cf2f490a61acf4448f4017dcf7d873d423b6ad33cacd29a2bd6e6197b5289104f43311e1737d166d764013ce0af0cbdedbcd0908a3990cb5d7d9c82f12ac5348864568723dfdbe054b361c724d816b0d39ca18e1d6
auth.tiaa.org/ Name: TS43acb533027
Value: 08cfd787d1ab2000823b08139acd3540bd65a187262d8466c5d3f781102c94f6b9194c72d7fd4ef50847f6b10e11300051aba9408e2928988d41ccfe85cef76bddd0b88916881eb4eb36b68bd1ef8b1189cfad30ed826bd7e1a2746ed47d5dd2
.tiaa.org/ Name: ak_bmsc
Value: E6A6D4C9341DB6A2609A8FBBCA5DC445~000000000000000000000000000000~YAAQBChDF7RrXhCNAQAAGzG5GBa32y2YUpL2DlYwIL60dYw8L25jSh9xyuiBi7UcMCdBhKyUUUUoZMCNNh8f2i9k6SWPKqlMv3XRD9Bu6JHeGZLF04cvwvd+uMOaQ/LS8SAXE0KQwULIuTdkTJ9NnyutyWz1nGnvoi3HD8AdTZeBOoms7VgaJfCt63aT/FWrStZP9Q+k8S9ODwSOpF/eXl/4PUWWN4hFizIU5SAS207Fh83+wba5UthAhNZ6He5jQOnaH+YS0Td3/EWL0zaSA0x7jZFFySmYzGT8w+zy4ura28JRiE7JFP6bhvPvZVQl90PAoH1Nkwja/NTnh4NwRe8/qtS3abWDIER7Ws/yanwxZp2zKkJTL8Ci2nWk0wMh/U/ayQCkbA==
.tiaa.org/ Name: bm_sz
Value: E18F7AE954BF7FA6E177CFA798BE9AE8~YAAQBChDF7VrXhCNAQAAGzG5GBaob9s0L6ViFhkSe95wUwHwJEVQxmVeEEKDO5ei1IKqMvdXrpJq6FColC4nUX6dxgsuYV4zO55/noWIZmuekOxl9nCoC2JyPXqkDXPMOmuoD+/GdnCSqAYCAOw4QgVfq5Qckyg6TKZMVH6IfaUFqw+q2u8+D6dbTa6P+rq5ocaZd7Z+Us3xeMiDlqiWL3i0qZSr6MP0/j7yE+YuqPkj3F0ITuoxsxJ/G+8sbo7gvI7uC5gCGJLcVG06m5QrFjBvEpncU5lxGU6+BPFH5tEO~3160121~3553584
.tiaa.org/ Name: _abck
Value: 162CE14841857110CA46AD2D3E7E1579~-1~YAAQBChDF8BrXhCNAQAAdjG5GAsE6nKUhcIW8IsFERZ80t+bR1rZYdPiEEuK+nBFOfD8tA5EO7jZBW/l4dvY1+BVH3ZlGtFJHXmnn6JTDB4qT4LXMacPgvg71mRFUU1UpOMtBerfM4//DLWKpCj88SkD7F/9l52RgwoghNpOWG/P+moZAne8Gm2qFkQbPa0wJatoHKVPFw2ADQxGUufEYChztDoPGXkNAYyXNghztBjQgP/epk0Pzx2UDw0GcbCmiIhDHt1vyzMrYtdZIOdlCfBpIeJPRgOT9wNBVwkxNMpuj4DtGMrHiF5YgGmASDdSayexP0yb1TKmSDeD1SqsKUxmsWDHhgnYSNuzItdLUh6BXv8AXaJiEszm/DDfcA8sFkWnmcA18lg=~-1~-1~-1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=315360000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 0