Submitted URL: https://cp.acc.org/v7
Effective URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Submission: On September 17 via manual from US — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 3 domains to perform 14 HTTP transactions. The main IP is 199.74.213.27, located in United States and belongs to AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US. The main domain is alm.acc.org.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 17th 2021. Valid for: a year.
This is the only time alm.acc.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 13 199.74.213.27 20286 (AMER-COLL...)
1 142.250.184.234 15169 (GOOGLE)
1 142.250.185.99 15169 (GOOGLE)
14 3
Apex Domain
Subdomains
Transfer
13 acc.org
cp.acc.org
alm.acc.org
cdn.acc.org
4 MB
1 gstatic.com
fonts.gstatic.com
34 KB
1 googleapis.com
fonts.googleapis.com
1 KB
14 3
Domain Requested by
6 cdn.acc.org alm.acc.org
6 alm.acc.org alm.acc.org
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com alm.acc.org
1 cp.acc.org 1 redirects
14 5

This site contains no links.

Subject Issuer Validity Valid
*.acc.org
DigiCert TLS RSA SHA256 2020 CA1
2021-01-17 -
2022-01-25
a year crt.sh
upload.video.google.com
GTS CA 1O1
2021-08-30 -
2021-11-22
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2021-08-30 -
2021-11-22
3 months crt.sh

This page contains 1 frames:

Primary Page: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Frame ID: DA08AC5060F2D8CF9AD5FBA1ACCFEA8F
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Account Manager | ACC Accreditation Services

Page URL History Show full URLs

  1. https://cp.acc.org/v7 HTTP 302
    https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

3
Domains

5
Subdomains

3
IPs

1
Countries

4595 kB
Transfer

4712 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://cp.acc.org/v7 HTTP 302
    https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
alm.acc.org/
Redirect Chain
  • https://cp.acc.org/v7
  • https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
3 KB
5 KB
Document
General
Full URL
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
de1ffcf51fcdafd4e6a8d44ae7bdbfed10860dfabada8fd1ffbc15498aca64f5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block
X-Xss-Protection 1; mode=block

Request headers

Host
alm.acc.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Server
ACC
Set-Cookie
ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; domain=.acc.org; path=/; HttpOnly; SameSite=Lax ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; domain=.acc.org; path=/; HttpOnly; SameSite=Lax __RequestVerificationToken=dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1; domain=.acc.org; path=/; HttpOnly BIGipServer~Production~ACC_acrsites.acc.org-pool=1115884042.20480.0000; path=/; Httponly; Secure
Content-Security-Policy
frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Frame-Options
DENY SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff nosniff
Date
Fri, 17 Sep 2021 13:34:47 GMT
Content-Length
3408
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Location
https://alm.acc.org?ReturnUrl=http://cp.acc.org/v7
Server
ACC
Set-Cookie
authKey=; domain=.acc.org; expires=Tue, 12-Oct-1999 04:00:00 GMT; path=/; HttpOnly; SameSite=Lax BIGipServer~Production~ACC_acrsites.acc.org-pool=1099106826.20480.0000; path=/; Httponly; Secure
Content-Security-Policy
frame-ancestors 'self'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval' https://kendo.cdn.telerik.com/ https://www.youtube.com https://s.ytimg.com; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/; img-src 'self' https://cdn.acc.org/ https://kendo.cdn.telerik.com/; child-src 'self' https://www.youtube.com default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Frame-Options
SAMEORIGIN SAMEORIGIN
X-Xss-Protection
1; mode=block
X-Content-Type-Options
nosniff nosniff
Date
Fri, 17 Sep 2021 13:34:47 GMT
Content-Length
167
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-XSS-Protection
1; mode=block
css
fonts.googleapis.com/
3 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Ubuntu:300,400
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.184.234 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s12-in-f10.1e100.net
Software
ESF /
Resource Hash
deb2b8b0fe6a3fa0a6b205b5a22435f14530e5eb7dc1888b5838bb0d14c4a5d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 17 Sep 2021 13:34:48 GMT
server
ESF
date
Fri, 17 Sep 2021 13:34:48 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 17 Sep 2021 13:34:48 GMT
jquery-3.1.1.min.js
cdn.acc.org/jQuery/
85 KB
30 KB
Script
General
Full URL
https://cdn.acc.org/jQuery/jquery-3.1.1.min.js
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
85556761a8800d14ced8fcd41a6b8b26bf012d44a318866c0d81a62092efd9bf
Security Headers
Name Value
Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 13:34:47 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 05 Feb 2018 19:26:16 GMT
Server
ACC
ETag
"0fcde30b79ed31:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
30164
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
jszip.min.js
cdn.acc.org/Kendo/2021.2.511/js/
80 KB
25 KB
Script
General
Full URL
https://cdn.acc.org/Kendo/2021.2.511/js/jszip.min.js
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
f27c4985d6904e2f56b320ed15654e328377044286f96fe4621d35b56f015443
Security Headers
Name Value
Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 13:34:48 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 May 2021 17:16:24 GMT
Server
ACC
ETag
"064765e8946d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
24962
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
kendo.all.min.js
cdn.acc.org/Kendo/2021.2.511/js/
4 MB
4 MB
Script
General
Full URL
https://cdn.acc.org/Kendo/2021.2.511/js/kendo.all.min.js
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
4de61f9d6004dc93201f50d37fc6f561ddb3d28aec06d653ab5ddc4771479119
Security Headers
Name Value
Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 13:34:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 May 2021 17:16:24 GMT
Server
ACC
ETag
"064765e8946d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Accept-Ranges
bytes
Content-Length
4016609
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
kendo.aspnetmvc.min.js
cdn.acc.org/Kendo/2021.2.511/js/
18 KB
5 KB
Script
General
Full URL
https://cdn.acc.org/Kendo/2021.2.511/js/kendo.aspnetmvc.min.js
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
ac4379a3ad52e892819777c15b6fb293005064a6513a995e252c34bec3d6713a
Security Headers
Name Value
Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 13:34:48 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 May 2021 17:16:24 GMT
Server
ACC
ETag
"064765e8946d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
4410
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
kendo.common.min.css
cdn.acc.org/Kendo/2021.2.511/styles/
384 KB
385 KB
Stylesheet
General
Full URL
https://cdn.acc.org/Kendo/2021.2.511/styles/kendo.common.min.css
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
da846bae3289795694acda4347b71b22f57cbff227b444443cbbede014520855
Security Headers
Name Value
Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 13:34:47 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 11 May 2021 17:16:24 GMT
Server
ACC
ETag
"064765e8946d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
*
Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Accept-Ranges
bytes
Content-Length
393630
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
kendo.custom.css
cdn.acc.org/Kendo/2021.2.511/
111 KB
112 KB
Stylesheet
General
Full URL
https://cdn.acc.org/Kendo/2021.2.511/kendo.custom.css
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
9557bc7e06b374fb58571ff607e849458726cbd94b920c7ff52a2d04042736ef
Security Headers
Name Value
Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Fri, 17 Sep 2021 13:34:48 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 14 May 2021 10:40:01 GMT
Server
ACC
ETag
"de79f57dad48d71:0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Access-Control-Allow-Origin
*
Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Accept-Ranges
bytes
Content-Length
113740
X-XSS-Protection
1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
scpcoverrides.min.css
alm.acc.org/Content/Scpc/
2 KB
2 KB
Stylesheet
General
Full URL
https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
0fee0eb6cc20c07b60fba141452f1f517467562869649a0c8e8d2647acd4fc29
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
alm.acc.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Cookie
ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; __RequestVerificationToken=dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1; BIGipServer~Production~ACC_acrsites.acc.org-pool=1115884042.20480.0000
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options
nosniff nosniff
Last-Modified
Wed, 15 Sep 2021 13:56:47 GMT
Server
ACC
ETag
"15ae418639aad71:0"
X-Frame-Options
DENY SAMEORIGIN
Content-Type
text/css
Date
Fri, 17 Sep 2021 13:34:47 GMT
Accept-Ranges
bytes
Content-Length
1621
X-Xss-Protection
1; mode=block 1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Site.min.css
alm.acc.org/Content/
609 B
1 KB
Stylesheet
General
Full URL
https://alm.acc.org/Content/Site.min.css?v=637672966073340640
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
2e174b4e9f70dde0f79dd68e2b0e796304ba0bd4aade4bb7c38eda56adc1f213
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
alm.acc.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Cookie
ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; __RequestVerificationToken=dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1; BIGipServer~Production~ACC_acrsites.acc.org-pool=1115884042.20480.0000
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options
nosniff nosniff
Last-Modified
Wed, 15 Sep 2021 13:56:47 GMT
Server
ACC
ETag
"e072468639aad71:0"
X-Frame-Options
DENY SAMEORIGIN
Content-Type
text/css
Date
Fri, 17 Sep 2021 13:34:47 GMT
Accept-Ranges
bytes
Content-Length
609
X-Xss-Protection
1; mode=block 1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
Spinner2.gif
alm.acc.org/Content/images/
10 KB
11 KB
Image
General
Full URL
https://alm.acc.org/Content/images/Spinner2.gif
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
e586419c1474e5f021be35b77a5f17740538fa60d6ed63c8a93b1a8fd98c38fc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
alm.acc.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
Cookie
ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; __RequestVerificationToken=dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1; BIGipServer~Production~ACC_acrsites.acc.org-pool=1115884042.20480.0000
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/?ReturnUrl=http://cp.acc.org/v7
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options
nosniff nosniff
Last-Modified
Wed, 15 Sep 2021 13:56:47 GMT
Server
ACC
ETag
"9911258639aad71:0"
X-Frame-Options
DENY SAMEORIGIN
Content-Type
image/gif
Date
Fri, 17 Sep 2021 13:34:49 GMT
Accept-Ranges
bytes
Content-Length
10108
X-Xss-Protection
1; mode=block 1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
BG2.jpg
alm.acc.org/Content/Scpc/images/
37 KB
38 KB
Image
General
Full URL
https://alm.acc.org/Content/Scpc/images/BG2.jpg
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
1fb057bb4212117e73b152e5c2d0a3b0dc067ea3c74e5c04ba7b59cddd7e219a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
alm.acc.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
Cookie
ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; __RequestVerificationToken=dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1; BIGipServer~Production~ACC_acrsites.acc.org-pool=1115884042.20480.0000
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options
nosniff nosniff
Last-Modified
Wed, 15 Sep 2021 13:56:47 GMT
Server
ACC
ETag
"b124388639aad71:0"
X-Frame-Options
DENY SAMEORIGIN
Content-Type
image/jpeg
Date
Fri, 17 Sep 2021 13:34:51 GMT
Accept-Ranges
bytes
Content-Length
37533
X-Xss-Protection
1; mode=block 1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
acc-logo-370x127.png
alm.acc.org/Content/images/
23 KB
24 KB
Image
General
Full URL
https://alm.acc.org/Content/images/acc-logo-370x127.png
Requested by
Host: alm.acc.org
URL: https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
199.74.213.27 , United States, ASN20286 (AMER-COLLEGE-OF-CARDIOLOGY-WASHINGTONDC, US),
Reverse DNS
acrsites.acc.org
Software
ACC /
Resource Hash
e0db1d8538eb38f74333f7b40a6fcf8f7bf4ba34f43f55b2b7d5ce46bbedd034
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
alm.acc.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
Cookie
ASP.NET_SessionId=sxiju4xljhgpnyw2ey1b0kd3; __RequestVerificationToken=dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1; BIGipServer~Production~ACC_acrsites.acc.org-pool=1115884042.20480.0000
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://alm.acc.org/Content/Scpc/scpcoverrides.min.css?v=637672966073028117
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options
nosniff nosniff
Last-Modified
Wed, 15 Sep 2021 13:56:46 GMT
Server
ACC
ETag
"493ad8639aad71:0"
X-Frame-Options
DENY SAMEORIGIN
Content-Type
image/png
Date
Fri, 17 Sep 2021 13:34:51 GMT
Accept-Ranges
bytes
Content-Length
23215
X-Xss-Protection
1; mode=block 1; mode=block
X-Content-Security-Policy
default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
4iCs6KVjbNBYlgoKfw72.woff2
fonts.gstatic.com/s/ubuntu/v15/
33 KB
34 KB
Font
General
Full URL
https://fonts.gstatic.com/s/ubuntu/v15/4iCs6KVjbNBYlgoKfw72.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Ubuntu:300,400
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.99 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s49-in-f3.1e100.net
Software
sffe /
Resource Hash
4f4524f7e1a87079bc50a64681f880ccf3e6f5db1ec5fc27949377532a3881da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://alm.acc.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

date
Tue, 14 Sep 2021 09:05:03 GMT
x-content-type-options
nosniff
age
275389
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34260
x-xss-protection
0
last-modified
Thu, 10 Sep 2020 17:02:57 GMT
server
sffe
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 14 Sep 2022 09:05:03 GMT

Verdicts & Comments Add Verdict or Comment

6 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| $ function| jQuery function| JSZip object| kendo

5 Cookies

Domain/Path Name / Value
cp.acc.org/ Name: BIGipServer~Production~ACC_acrsites.acc.org-pool
Value: 1099106826.20480.0000
.acc.org/ Name: ASP.NET_SessionId
Value: sxiju4xljhgpnyw2ey1b0kd3
.acc.org/ Name: __RequestVerificationToken
Value: dLP0rwccOq88ZsXncX5OR_DohZIpMsLjVLHBFsK2qgXcQcMkwfy9-b5cfZcMA5RtUeg6NWOI62XsySzD2MNRYfhVTQI1
alm.acc.org/ Name: BIGipServer~Production~ACC_acrsites.acc.org-pool
Value: 1115884042.20480.0000
cdn.acc.org/ Name: BIGipServer~Production~ACC_acrsites.acc.org-pool
Value: 1099106826.20480.0000

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'none'; default-src 'self' https://cdn.acc.org/; script-src 'self' https://cdn.acc.org/ 'unsafe-inline' 'unsafe-eval'; style-src 'self' https://cdn.acc.org/ 'unsafe-inline' https://fonts.googleapis.com/; font-src 'self' https://cdn.acc.org/ https://fonts.gstatic.com/ default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Security-Policy default-src https: http: 'unsafe-inline' 'unsafe-eval' 'self' data:
X-Content-Type-Options nosniff nosniff
X-Frame-Options DENY SAMEORIGIN
X-Xss-Protection 1; mode=block
X-Xss-Protection 1; mode=block