urlscan.io logo urlscan.io
SecurityTrails logo

nycem.samaritan.com Open in urlscan Pro
15.200.101.109  Public Scan

Go To Rescan Add Verdict Report
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Submission: On July 16 via manual — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 17 HTTP transactions. The main IP is 15.200.101.109, located in Boardman, United States and belongs to AMAZON EXPANSION, IE. The main domain is nycem.samaritan.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on January 16th 2024. Valid for: a year.
This is the only time nycem.samaritan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
16 15.200.101.109 8987 (AMAZON EX...)
1 1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
1 2a02:26f0:170... 20940 (AKAMAI-ASN1)
17 2
Apex Domain
Subdomains		 Transfer
16 samaritan.com
nycem.samaritan.com
281 KB
2 nyc.gov
www1.nyc.gov — Cisco Umbrella Rank: 128692
www.nyc.gov — Cisco Umbrella Rank: 96535
5 KB
17 2
Domain Requested by
16 nycem.samaritan.com nycem.samaritan.com
1 www.nyc.gov nycem.samaritan.com
1 www1.nyc.gov 1 redirects
17 3

This site contains no links.

Subject Issuer Validity Valid
*.samaritan.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-16 -
2025-02-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Frame ID: 0BFAAD5ECA7D980926083574BDDFBBD5
Requests: 17 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Recruiter

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

17
Requests

94 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

2
IPs

2
Countries

285 kB
Transfer

886 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://www1.nyc.gov/assets/em/images/content/header/logo.png HTTP 301
  • https://www.nyc.gov/assets/em/images/content/header/logo.png

17 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
nycem.samaritan.com/recruiter/ 		14 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
9fa3ea0033044e3726d24dc7c0e1e3b00ac2fe809ef15ba2991cc88c4c3c5eb6
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
access-control-allow-methods
GET, POST
access-control-allow-origin
https://nycem.samaritan.com
cache-control
cachable,private
content-encoding
gzip
content-length
3737
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-type
text/html;charset=iso-8859-1
date
Tue, 16 Jul 2024 02:14:54 GMT
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
expires
Thu, 1 Jan 1970 00:00:00 GMT
last-modified
Tue, 16 Jul 2024 02:14:54 GMT
permissions-policy
usb=(self)
pragma
no-cache
referrer-policy
no-referrer-when-downgrade
server
serverlocation
AWS1
strict-transport-security
max-age=16000000; includeSubDomains; preload
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1
styles.css
nycem.samaritan.com/recruiter/xsl/css/cssdesign/ 		60 KB
14 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/recruiter/xsl/css/cssdesign/styles.css
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
6b03e4ea615eb87b96a466c4f411558f8284ebeab8a634eb68c99d0d11c34704
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
12839
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:42 GMT
server
etag
"0cff1f6e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
jquery-ui.custom.min.css
nycem.samaritan.com/common/xsl/js/jquery/css/ui-lightness/ 		31 KB
9 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/jquery/css/ui-lightness/jquery-ui.custom.min.css
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
1a3d0fd054dbed99fadf4a420ce948a1f0b0b85043bf95f910e45cb85bde33e4
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
7862
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
jquery.js
nycem.samaritan.com/common/xsl/js/jquery/ 		288 KB
85 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/jquery/jquery.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
fcf4473a383e3f62a03fd89937201775d152381578b9ecd619f91cbd71c954bf
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
85846
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
jquery-ui.custom.min.js
nycem.samaritan.com/common/xsl/js/jquery/ 		249 KB
67 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/jquery/jquery-ui.custom.min.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
0dfb2902ecbc151373b96396ffa8a8f59c580c2824c137cd43543b2202464889
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
67670
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
library.js
nycem.samaritan.com/common/xsl/js/ 		123 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/library.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
c85c9b94fc0e746b8e58c3ba7941a81c852bc6595cdb40c001747c28df11aa08
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
29379
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
navigation.js
nycem.samaritan.com/recruiter/xsl/js/ 		19 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/recruiter/xsl/js/navigation.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
0bef62d85a25997414b85ff3d55d4276be65065ba08eb19d6c1cb226cdd90225
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
4809
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:42 GMT
server
etag
"0cff1f6e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
md5.js
nycem.samaritan.com/common/xsl/js/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/md5.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
90c4afa68f9e94dbd40a3219d033f7c44d1e41e147ba5db3b5d8ce890eb53b45
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
2014
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
general.js
nycem.samaritan.com/common/xsl/js/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/general.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
5406504ca87d6d00922eab69ba265a1e7bd4c3b7c01c6137f4cff1a0bcc2cdbd
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
2277
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
inactivityLogout.js
nycem.samaritan.com/common/xsl/js/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/inactivityLogout.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
03a08832349625bdf5dc8debc6b787003504c9099829f3780eba80c149f86d24
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
2574
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
fastajax.js
nycem.samaritan.com/common/xsl/js/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/fastajax.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
6fba4d7ca9d502d6ffa1a82581164add825e3522d8b6568485ef4f44da2cd032
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
1681
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
JsHttpRequest.js
nycem.samaritan.com/common/xsl/js/ 		34 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/common/xsl/js/JsHttpRequest.js
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
59654f1c151987797a9e901b4e07d928c615b5c715eedfee77501be18b97bc58
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=16000000; includeSubDomains; preload
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
10018
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
application/javascript
access-control-allow-origin
https://nycem.samaritan.com
access-control-allow-methods
GET, POST
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
pixel.gif
nycem.samaritan.com/common/images// 		43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nycem.samaritan.com/common/images//pixel.gif
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
1ec8ffdcb207d20bee4ef5002a2f350898cd7f9fa94e66068e38062fff729151
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:55 GMT
strict-transport-security
max-age=16000000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
43
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:40 GMT
server
etag
"0a2c0f5e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST
content-type
image/gif
access-control-allow-origin
https://nycem.samaritan.com
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
logo.png
www.nyc.gov/assets/em/images/content/header/
Redirect Chain
  • https://www1.nyc.gov/assets/em/images/content/header/logo.png
  • https://www.nyc.gov/assets/em/images/content/header/logo.png
3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nyc.gov/assets/em/images/content/header/logo.png
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
Protocol
HTTP/1.1
Server
2a02:26f0:1700:1a6::1500 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
197e863639390de330549d642b2f5235e574fdd86b56e9da87c5c6ed4da76543

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date
Tue, 16 Jul 2024 02:14:54 GMT
Application-Control-Allow-Origin
*
Last-Modified
Fri, 05 Jan 2024 00:00:06 GMT
Server
nginx
ETag
"65974686-ca0"
Content-Type
image/png
Access-Control-Allow-Origin
*
Cache-Control
max-age=1800
Connection
keep-alive
Accept-Ranges
bytes
Access-Control-Allow-Headers
Origin, Authorization, X-Requested-With, Content-Type, Accept
Content-Length
3232
Server-Timing
cdn-cache; desc=REVALIDATE, edge; dur=19, origin; dur=98, ak_p; desc="1721096094669_1551592296_51191882_11688_8368_6_17_-";dur=1
Expires
Tue, 16 Jul 2024 02:44:54 GMT

Redirect headers

Date
Tue, 16 Jul 2024 02:14:54 GMT
Server
awselb/2.0
Content-Type
text/html
Location
https://www.nyc.gov:443/assets/em/images/content/header/logo.png
Cache-Control
max-age=1800
Connection
keep-alive
Server-Timing
cdn-cache; desc=HIT, edge; dur=12, origin; dur=0, ak_p; desc="1721096094518_1551592305_89643119_1190_8358_6_15_-";dur=1
Content-Length
134
Expires
Tue, 16 Jul 2024 02:44:54 GMT
gradopen.png
nycem.samaritan.com/recruiter/xsl/css/cssdesign/ 		921 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://nycem.samaritan.com/recruiter/xsl/css/cssdesign/gradopen.png
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/recruiter/xsl/css/cssdesign/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
df390d80d39ea14c5ee32498ef7a9558aacf58689b541eef90aeba86846828d6
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/xsl/css/cssdesign/styles.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:55 GMT
strict-transport-security
max-age=16000000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
921
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:42 GMT
server
etag
"0cff1f6e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST
content-type
image/png
access-control-allow-origin
https://nycem.samaritan.com
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
session_validation.php
nycem.samaritan.com/recruiter/ 		1 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/recruiter/session_validation.php?dnc=433
Requested by
Host: nycem.samaritan.com
URL: https://nycem.samaritan.com/common/xsl/js/fastajax.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
5feceb66ffc86f38d952786c6d696c79c2dbc239dd4e91b46729d73a27fb57e9
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Tue, 16 Jul 2024 02:14:55 GMT
strict-transport-security
max-age=16000000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
1
x-xss-protection
1
serverlocation
AWS1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:42 GMT
server
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST
content-type
text/html; charset=iso-8859-1
access-control-allow-origin
https://nycem.samaritan.com
cache-control
private, max-age=10800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control
expires
Thu, 19 Nov 1981 08:52:00 GMT
favicon.ico
nycem.samaritan.com/ 		34 KB
35 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://nycem.samaritan.com/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
15.200.101.109 Boardman, United States, ASN8987 (AMAZON EXPANSION, IE),
Reverse DNS
ec2-15-200-101-109.us-gov-west-1.compute.amazonaws.com
Software
/
Resource Hash
e58a012f0ecb4c7d51007c3ef393cd2085513969bcf8383db0b488566159830c
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://nycem.samaritan.com/recruiter/index.php?crc=c2c1c6e36aa5e6fc136aafeaaf9248c6
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date
Tue, 16 Jul 2024 02:14:55 GMT
strict-transport-security
max-age=16000000; includeSubDomains; preload
x-content-type-options
nosniff
content-security-policy
default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
content-security-policy-report-only
report-uri https://tools.samaritan.com/http_report/;
content-length
34494
x-xss-protection
1
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Jul 2024 08:05:42 GMT
server
etag
"0cff1f6e8cdda1:0"
expect-ct
max-age=0, report-uri https://tools.samaritan.com/http_report/;
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST
content-type
image/x-icon
access-control-allow-origin
https://nycem.samaritan.com
cache-control
max-age=28800,private
access-control-allow-credentials
true
permissions-policy
usb=(self)
accept-ranges
bytes
access-control-allow-headers
Content-Type, Depth, User-Agent, X-File-Size, X-Requested-With, If-Modified-Since, X-File-Name, Cache-Control

Verdicts & Comments Add Verdict or Comment

201 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| caretPos function| isInt boolean| enableSecurityVulnerability function| old_goToToday function| insertText function| storeCaret function| getFormElementSelectedIDs object| theForm_elements_cache function| disableFormElement function| lib_contains function| lib_getKeys object| mBrowser function| hideShowCovered function| lib_getAbsolutePos function| getAbsolutePos function| checkPasswordStrong object| bounds_cache function| lib_resetBounds function| lib_getBounds function| lib_getObjectParams object| lib_sendAjaxQueue function| lib_sendAjaxRequest function| lib_getAjaxLoadingIndicatorID function| lib_getAjaxLoadingHtml function| lib_showAjaxLoadingIndicator function| lib_hideAjaxLoadingIndicator function| lib_getElementsByAttribute function| lib_prepareEreg function| lib_getElementsByClassName function| lib_switchTab function| lib_expand function| lib_alignTables function| lib_findStyleRule function| lib_checkCssRule function| lib_getStyleProperty function| lib_getCssProperty object| _lib_objCache function| lib_getElementById function| lib_clearObjectCache function| lib_putObjectCache function| lib_addressInfoChange object| _addInfoCache function| lib_loadAddressInfo function| lib_clearDropDown function| lib_fillAddressInfo function| lib_fillDropDown function| __debug function| lib_getPHPSessionID object| lib_sendFastAjaxQueue function| lib_sendFastAjaxRequest function| lib_evalScript function| lib_getTableBody function| lib_clickOnSingleSelectCheckboxList function| lib_isVisible function| lib_sessionValidation function| lib_sessionValidationCallback function| lib_showBlurCover function| lib_showBackDiv function| lib_showResetPasswordDiv function| lib_showSessionLockDiv function| lib_attachFilePreview function| lib_getParamFromUrl function| lib_showFilePreview function| lib_resizeBackDiv function| lib_showHide function| lib_getHash object| lib_funcHandlerHashes object| lib_funcHandlers function| lib_objAttachHandler function| lib_addClass function| lib_removeClass function| lib_addLoadEvent object| lib_onunloadListeners function| lib_addUnLoadEvent function| lib_pageProtection function| lib_escapeRegExp function| lib_escapeSelector function| lib_doSessionLock function| lib_doSessionUnlock function| lib_parseJSON function| lib_getElementsByName function| lib_initializeTinyMCE function| lib_initGoogleMaps function| lib_checkEmail function| lib_showModalDialog function| lib_showAlertDialog function| lib_showConfirmDialog function| lib_showDialog function| lib_getRandomInt function| lib_getElemText function| lib_setElemText function| lib_showModalDialogWithCallback function| lib_initTooltips function| oldWindowClose boolean| lib_eventCatcherAssigned function| lib_appendFormLastClick function| lib_resizeToContent function| lib_resizeProfileTabContent function| initDatepickers function| lib_escapeJqSelector function| lib_getFieldLabel function| lib_getCookie function| lib_setCookie function| lib_deleteCookie function| lib_copyTextToClipboard function| __copySelectionText function| lib_getGeoLocation function| lib_isMacOs function| lib_getBrowser function| lib_downloadURL object| lib_activeToasts function| lib_showToastWithActions function| lib_hideToastWithActions function| lib_propogateToastWithActions function| lib_getUniqueID function| lib_saveVueComponents function| lib_downloadDataWithName function| lib_getFileNameFromHeader function| lib_formatUsedObjectsList function| lib_performanceMonitorCheck function| lib_performanceMonitorConnectionSpeedCheck function| lib_performanceMonitorSendError object| performanceMonitorAvgTimeReport function| lib_performanceMonitorSendAvgTimeReport function| lib_clearAutocompleteValue function| lib_resizeWindowFullScreen function| lib_AttachDocumentEvent string| messageLoad string| messageUpdate number| submitted boolean| nav4 number| woPopupCheck function| nav_contains function| get_correct_form_number function| popWindow function| pushWindow function| processSubmit function| processReturn function| _forNav8 function| addChildWindowLocal function| closeWindowLocal function| checkSessionExist function| handleCheckSessionError function| onCloseHandler function| setOnCloseUserHandler boolean| isBaseWindow object| topObj function| _getTopWindow function| _getParentWindowByName function| _getBaseWindow function| _isBaseWindow object| openedWindows object| closedWindows object| openedWindowObjs function| addChildWindow function| openWindow function| closeWindow function| closeChildWindows function| printArray function| printSimpleArray function| handleProcessSubmitError function| handleAccessDeniedError function| getWindowObj number| isInactivityAlreadySet function| showLoadingMsg function| waitingDialog function| closeWaitingDialog boolean| result function| tryInactivityLogoutReset_oldLoadHandler function| MD5 function| submitInWindow function| getOffsetByID function| changeFrameSize function| viewHelp function| general_checkVerifyPassword function| general_resizeToContent function| general_onloadHandler object| jQuery11120013452659344752593 function| general_oldLoadHandler function| InactivityLogout function| FastAjax function| JsHttpRequest function| doAction function| VolEmailPreferences_onLoadHandler string| baseWindow string| sid string| baseUrl string| COMMON_URL function| doLogout function| doSessionUnlock function| doSessionLock function| oldkeydown function| listenSessionLock function| announcementMessage function| common_resetPassword boolean| inactivityLogoutObjDefined function| inactivityLogout_onloadHandler function| inactivityLogout_oldLoadHandler string| fUrl

4 Cookies

Domain/Path Name / Value
nycem.samaritan.com/ Name: PHPSESSID
Value: lvig7813of83mjbuk1c5m8j0k3
www.nyc.gov/ Name: AWSALBCORS
Value: hVlxD9qcBgGY17p2oyzpnUAva6dLmdZ/fnPicGw2UyvmEkgnfI+F9Z08iPgFiU237eZtIIscQpaSRrh6pTtPy4y9ELa2E102RHM5wTcJMrRDGKZwCB7WaFbZ5q28
nycem.samaritan.com/ Name: AWSALB
Value: qD8xsIWL6qfQYNozeRnbia9+thqC7K5wPMLCkEi/TkRcMsd3C2thc0q+BHchtpn7EIzcNapQnJD/qIuPYQN5Bvz6zCRGmbDuCRCU76hugBofLxAvc8InB3C+G1o7
nycem.samaritan.com/ Name: AWSALBCORS
Value: qD8xsIWL6qfQYNozeRnbia9+thqC7K5wPMLCkEi/TkRcMsd3C2thc0q+BHchtpn7EIzcNapQnJD/qIuPYQN5Bvz6zCRGmbDuCRCU76hugBofLxAvc8InB3C+G1o7

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';
Strict-Transport-Security max-age=16000000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1