urlscan.io logo urlscan.io
SecurityTrails logo

www.stb.gov Open in urlscan Pro
2a04:fa87:fffd::c000:42bf  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.stb.gov//vulnerability/-disclosure/-policy//
Effective URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Submission: On August 29 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 2 countries across 5 domains to perform 20 HTTP transactions. The main IP is 2a04:fa87:fffd::c000:42bf, located in Ireland and belongs to AUTOMATTIC, US. The main domain is www.stb.gov.
TLS certificate: Issued by Entrust Certification Authority - L1K on January 30th 2024. Valid for: a year.
This is the only time www.stb.gov was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 2a04:fa87:fff... 2635 (AUTOMATTIC)
1 2600:9000:251... 16509 (AMAZON-02)
3 2607:f8b0:400... 15169 (GOOGLE)
1 146.75.36.157 54113 (FASTLY)
1 72.21.91.66 15133 (EDGECAST)
2 2607:f8b0:400... 15169 (GOOGLE)
20 7
12    2a04:fa87:fffd::c000:42bf (Ireland)

ASN2635 (AUTOMATTIC, US)
www.stb.gov
1    2600:9000:2514:5200:5:83ea:ba80:93a1 (United States)

ASN16509 (AMAZON-02, US)
dap.digitalgov.gov
3    2607:f8b0:4006:80d::2008 (United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)
platform.twitter.com
1    72.21.91.66 (United States)

ASN15133 (EDGECAST, US)
platform.twitter.com
2    2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
Apex Domain
Subdomains		 Transfer
12 stb.gov
www.stb.gov
302 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
281 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
2 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1868
27 KB
1 digitalgov.gov
dap.digitalgov.gov — Cisco Umbrella Rank: 8125
8 KB
20 5
Domain Requested by
12 www.stb.gov 1 redirects www.stb.gov
3 www.googletagmanager.com www.stb.gov
dap.digitalgov.gov
www.googletagmanager.com
2 www.google-analytics.com www.googletagmanager.com
2 platform.twitter.com www.stb.gov
platform.twitter.com
1 dap.digitalgov.gov www.stb.gov
20 5

This site contains links to these domains. Also see Links.

Domain
www.whitehouse.gov
www.usa.gov
www.oig.dot.gov
Subject Issuer Validity Valid
www.stb.gov
Entrust Certification Authority - L1K		 2024-01-30 -
2025-01-31		 a year crt.sh
dap.digitalgov.gov
Amazon RSA 2048 M03		 2024-06-06 -
2025-07-05		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-06-24 -
2025-07-25		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.stb.gov/vulnerability/-disclosure/-policy/
Frame ID: F8D27C1667D912783EEE0735EC7CC0F2
Requests: 18 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.stb.gov
Frame ID: 4AD18A7B510F085C7E7FDCB97042FFEE
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Surface Transportation Board

Page URL History Show full URLs

  1. http://www.stb.gov//vulnerability/-disclosure/-policy// HTTP 307
    https://www.stb.gov//vulnerability/-disclosure/-policy// HTTP 301
    https://www.stb.gov/vulnerability/-disclosure/-policy/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 100%
Detected patterns
  • <!-- This site is optimized with the Yoast (?:WordPress )?SEO plugin v([\d.]+) -
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Page Statistics

20
Requests

95 %
HTTPS

67 %
IPv6

5
Domains

5
Subdomains

7
IPs

2
Countries

619 kB
Transfer

2522 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.stb.gov//vulnerability/-disclosure/-policy// HTTP 307
    https://www.stb.gov//vulnerability/-disclosure/-policy// HTTP 301
    https://www.stb.gov/vulnerability/-disclosure/-policy/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

20 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.stb.gov/vulnerability/-disclosure/-policy/
Redirect Chain
  • http://www.stb.gov//vulnerability/-disclosure/-policy//
  • https://www.stb.gov//vulnerability/-disclosure/-policy//
  • https://www.stb.gov/vulnerability/-disclosure/-policy/
62 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5b10062a4666cfe0a91d88b14ea2cf4f0803688feabbeb9c74d6c912797255e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control
max-age=86400
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 29 Aug 2024 02:35:37 GMT
host-header
a9130478a60e5f9135f765b23f26593b
link
<https://www.stb.gov/wp-json/>; rel="https://api.w.org/"
p3p
CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV DEM"
permissions-policy
fullscreen=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000;includeSubdomains;preload
vary
Accept-Encoding
x-cache
MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-hacker
Official Website of the United States Government
x-rq
jfk2 96 185 443
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=86400
content-type
text/html; charset=UTF-8
date
Thu, 29 Aug 2024 02:35:37 GMT
host-header
a9130478a60e5f9135f765b23f26593b
location
https://www.stb.gov/vulnerability/-disclosure/-policy/
p3p
CP="ALL DSP NID CURa ADMa DEVa HISa OTPa OUR NOR NAV DEM"
permissions-policy
fullscreen=()
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000;includeSubdomains;preload
x-cache
MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-hacker
Official Website of the United States Government
x-redirect-by
WordPress
x-rq
jfk2 96 185 443
x-xss-protection
1; mode=block
Universal-Federated-Analytics-Min.js
dap.digitalgov.gov/ 		27 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=STB
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2514:5200:5:83ea:ba80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
c8a17a207f86b27f357193797a5151138de7f5f9686aa4a6138e4082914c8d89

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id
m7NeZBrmXOG7i9AW8WYtOJ.ZwqXNhD2E
content-encoding
gzip
via
1.1 14b9e21ac67dd643dc9e782cb20c49a2.cloudfront.net (CloudFront)
date
Wed, 28 Aug 2024 21:33:59 GMT
x-amz-cf-pop
JFK50-P8
age
18099
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 12 Jul 2024 18:47:23 GMT
server
AmazonS3
etag
W/"3f79f7120d56605b5fb6ee8993e18d7d"
vary
accept-encoding
content-type
application/javascript
x-amz-cf-id
562S870W-A0U0MF9JcnDboQ4QroV_HvuHahWZsqAhUJZvEvevhHhFg==
sem-external-links.css
www.stb.gov/wp-content/plugins/sem-external-links/ 		96 B
329 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/wp-content/plugins/sem-external-links/sem-external-links.css?m=1704474388g
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
eb7ced847a6e4e08f87e74d230e9d5382ffbe2a685a8609e0627d68ba2aa4109
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
strict-transport-security
max-age=31536000;includeSubdomains;preload
x-rq
jfk2 96 185 443
last-modified
Fri, 05 Jan 2024 17:06:28 GMT
server
nginx
etag
"65983714-60"
x-cache
HIT
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
content-length
96
style.min.css
www.stb.gov/wp-includes/css/dist/block-library/ 		110 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/wp-includes/css/dist/block-library/style.min.css?m=1721926675g
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
885c89e82436cfa3d0a0a5a9b2f6be6e1503457c810cc88ed2c09b4570ae9fd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Thu, 25 Jul 2024 16:57:55 GMT
server
nginx
x-rq
jfk2 96 184 443
etag
W/"66a28413-1b723"
vary
Accept-Encoding
x-cache
HIT
content-type
text/css
cache-control
max-age=31536000
accept-ranges
bytes
/
www.stb.gov/_static/ 		855 KB
109 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/_static/??-eJytkttOwzAMhl+INKMDeoV4FJSDVywlThU7nXh7vI6KIbYhxG6iKPH//T7Z/WRCIQESO6U2IrF1cXYUIJoKPBVinMHMGKEYyB5ihGp9wxRtdkhdYL6zZyigv8kAhaIC4xvFBDaUChYppBZBjZhB2CrBsrwnuMjSp8mNQG5Gu16MBv8QyBtkONC86Tf9w+oQkWWx8aUIS3VTl8+k/qW+ktNvFtcrEecTTNpYNnpmbPmY19LPCDvXkvxFnEtsCfgU4sQtgdz5JqLzuxkvlNQy7TAJ1D3GUeu+GZuhzlBZ10zjS1Ad0vg/+sn6rgVcwH2P5MOGLpwqnl+PA/3cl5f8fD/0/fbpcdgMHyASOuw=
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1f44159867f09644857fb0a989dfdcb041cfcb39cbb7475bf0d15fee46f69a6d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Tue, 30 Jul 2024 18:55:07 GMT
server
nginx
x-rq
jfk2 96 185 443
vary
Accept-Encoding
x-cache
HIT
content-type
text/css;charset=utf-8
cache-control
max-age=31536000
accept-ranges
bytes
/
www.stb.gov/_static/ 		166 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/_static/??-eJyVkN0KwjAMhV/IWjdkwwvxWfoTZkeb1iZ1+PZuY+oQGQiB3HznnJzIIQmHxhcLJPtxbgXyY1n74HDf005uQSK4LiuGNWwiMiDL5EvnkCQE5bwANNFCFrqg9SBNzCDftooIeHY3hTiGbyu+QhgxYi3qQ3188dYRTyIdIxNnlX6d8dFOaAZKEcndQQTA8mdQocHS+A3HW4VXGaw0TTXnaNa0yC7hXLV1daqbpm36JzNNkE0=
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bfd340683e6123f420f282a32fa6982a678b5d5676499c55fdec3f3ddf647696
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Thu, 25 Jul 2024 16:57:56 GMT
server
nginx
x-rq
jfk2 96 185 443
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
js
www.googletagmanager.com/gtag/ 		271 KB
93 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QC41SJWL1D
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
784a2f2c57d5874802f193a271ec4f397bc90277ae2cf9a2dfc95af3544baeab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95610
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 29 Aug 2024 02:35:37 GMT
us_flag_small.png
www.stb.gov/wp-content/themes/stb/images/ 		176 B
411 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.stb.gov/wp-content/themes/stb/images/us_flag_small.png
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8a6f68dd8703ce4cb475c92fc1eefa84c41f4741ec4c6ca8403ef99b74b94d20
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
strict-transport-security
max-age=31536000;includeSubdomains;preload
x-rq
jfk2 96 185 443
last-modified
Fri, 05 Jan 2024 17:06:28 GMT
server
nginx
etag
"65983714-b0"
x-cache
HIT
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
176
stblogo.svg
www.stb.gov/wp-content/themes/stb/images/ 		144 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.stb.gov/wp-content/themes/stb/images/stblogo.svg
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c0b58e92f32cfdee95fde95ab09227f4789fff1429a5dc12bf219ce1dfb40482
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Fri, 05 Jan 2024 17:06:28 GMT
server
nginx
x-rq
jfk2 96 184 443
etag
W/"65983714-23f1b"
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=300, must-revalidate
accept-ranges
bytes
/
www.stb.gov/_static/ 		163 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/_static/??-eJydj90OgjAMRl/IUZw/XBkfhcBWsRPGWLsQ396hMdELNfGy6fnO18IclBm9oBcIferIM0yJzEWFpsMwsqiIliIaUY89uEyEEOtTvOdszSZSkGIgXzheQTaSN32yyAvrpoTxConAjBF/U9K0/Eo9r5MzDpllaZUu9RYaZhQGSyyLIPFs+ZM9eYuRv/XnMQn1fxS/fX8cDutK681+V5WVuwGZ1X+8
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4d2ca73397b0fb303eebd7acb58a6135bd6f4e6d2982f3d8a5139658a21d9052
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Tue, 30 Jul 2024 18:55:07 GMT
server
nginx
x-rq
jfk2 96 184 443
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
c4242b70-1d22-4b08-b71b-0ce155f8a43a
https://www.stb.gov/ Frame 		0
0
js
www.googletagmanager.com/gtag/ 		273 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-CSLL4ZEK4L
Requested by
Host: dap.digitalgov.gov
URL: https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=STB
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
92df3e944ec665808de32a67b4b19c7cb78d9723e508b74304bab872ce7ec625
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
96156
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 29 Aug 2024 02:35:37 GMT
sprite.svg
www.stb.gov/wp-content/themes/stb-2024/assets/dist/img/ 		70 KB
22 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/wp-content/themes/stb-2024/assets/dist/img/sprite.svg
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
bf258d57be89ee877249e90a34e5cad3a6970ad0e022f14398b857e2ff43a3f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Fri, 05 Apr 2024 21:28:25 GMT
server
nginx
x-rq
jfk2 96 184 443
etag
W/"66106cf9-11654"
vary
Accept-Encoding
x-cache
HIT
content-type
image/svg+xml
cache-control
max-age=300, must-revalidate
accept-ranges
bytes
widgets.js
platform.twitter.com/ 		91 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
gzip
x-amz-server-side-encryption
AES256
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
27597
x-served-by
cache-iad-kcgs7200078-IAD
last-modified
Mon, 11 Dec 2023 17:20:28 GMT
etag
"824beb891744db98ccbd3a456e59e0f7+gzip"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=1800
accept-ranges
bytes
tw-cdn
FT
wp-emoji-release.min.js
www.stb.gov/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/wp-includes/js/wp-emoji-release.min.js?ver=6.6.1
Requested by
Host: www.stb.gov
URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4e6ce5444c7f396cef0eb1fa3611034151e485dd06fbe5573a5583e1eebc98c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000;includeSubdomains;preload
last-modified
Thu, 25 Jul 2024 16:57:56 GMT
server
nginx
x-rq
jfk2 96 184 443
etag
W/"66a28414-4926"
vary
Accept-Encoding
x-cache
HIT
content-type
application/javascript
cache-control
max-age=31536000
accept-ranges
bytes
widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 4AD1 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fwww.stb.gov
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
72.21.91.66 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (nyd/D140) /
Resource Hash

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
13548245
Cache-Control
public, max-age=315360000
Content-Encoding
gzip
Content-Length
105429
Content-Type
text/html; charset=utf-8
Date
Thu, 29 Aug 2024 02:35:37 GMT
Etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
Last-Modified
Mon, 11 Dec 2023 17:19:49 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (nyd/D140)
Server-Timing
x-cache;desc= HIT,x-tw-cdn;desc=VZ
Vary
Accept-Encoding
X-Cache
HIT
x-amz-server-side-encryption
AES256
x-tw-cdn
VZ
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-CSLL4ZEK4L&gtm=45je48r0v9131934939za200&_p=1724898937794&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=376047480.1724898938&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.stb.gov%2Fvulnerability%2F-disclosure%2F-policy%2F&dt=Surface%20Transportation%20Board&sid=1724898938&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.agency=STB&ep.subagency=STB.GOV&ep.site_topic=unspecified%3Astb.gov&ep.site_platform=unspecified%3Astb.gov&ep.script_source=https%3A%2F%2Fdap.digitalgov.gov%2Funiversal-federated-analytics-min.js&ep.version=20240712%20v8.2%20-%20ga4&ep.protocol=https%3A&ep.using_parallel_tracker=no&tfd=1068
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CSLL4ZEK4L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Aug 2024 02:35:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.stb.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		271 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QC41SJWL1D&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-CSLL4ZEK4L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80d::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
984a639c5c511345a943baa10e078ccc81db32fe638cf745d942311ee9a93d16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:38 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
95669
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 29 Aug 2024 02:35:38 GMT
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-QC41SJWL1D&gtm=45je48r0v9115694447za200zb9131934939&_p=1724898937794&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=376047480.1724898938&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1724898938&sct=1&seg=0&dl=https%3A%2F%2Fwww.stb.gov%2Fvulnerability%2F-disclosure%2F-policy%2F&dt=Surface%20Transportation%20Board&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1135
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-QC41SJWL1D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 29 Aug 2024 02:35:38 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.stb.gov
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cropped-logo-seal.png
www.stb.gov/wp-content/uploads/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.stb.gov/wp-content/uploads/cropped-logo-seal.png?w=32
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffd::c000:42bf , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f166415b7248b3ee6ea2e96cfda58a781c8de254b358be4b1de884ca02ba18be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload

Request headers

Referer
https://www.stb.gov/vulnerability/-disclosure/-policy/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 29 Aug 2024 02:35:38 GMT
strict-transport-security
max-age=31536000;includeSubdomains;preload
x-rq
jfk2 98 226 443
last-modified
Sat, 17 Feb 2024 02:54:54 GMT
server
nginx
etag
"200483703895a165"
vary
Accept
x-cache
HIT
content-type
image/webp
cache-control
max-age=31536000
accept-ranges
bytes, bytes
content-length
1782

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.stb.gov
URL
blob:https://www.stb.gov/c4242b70-1d22-4b08-b71b-0ce155f8a43a

Verdicts & Comments Add Verdict or Comment

62 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| _wpemojiSettings object| _allowedQuerystrings object| oCONFIG object| head object| GA4Object function| gtag function| _onEveryPage function| _defineCookieDomain function| _defineAgencyCDsValues function| _setEnvironment function| _cleanBooleanParam function| _isValidGA4Num number| d_c function| _cleanGA4Value function| _updateConfig function| _sendEvent function| gas4 function| gas function| _sendViewSearchResult function| _isExcludedReferrer function| createTracker function| _initAutoTracker function| _payloadInterceptor function| _unflattenJSON function| _flattenJSON function| _objToQuery function| _queryToJSON object| piiRegex function| _piiRegexReset function| _piiRedactor function| _initIdAssigner function| _initBannerTracker function| _URIHandler function| _scrubbedURL function| _setAllowedQS function| _setUpTrackers function| _setUpTrackersIfReady string| _fullParams string| _keyValuePair string| _key string| _value object| dataLayer boolean| _isRedacted function| jQuery number| uidEvent object| bootstrap function| getOption object| qpprFrontData object| _wpUtilSettings object| stb_l10n boolean| uswdsPresent function| _ object| wp object| twemoji object| __twttrll object| twttr object| __twttr object| google_tag_manager object| google_tag_data object| gaGlobal

3 Cookies

Domain/Path Name / Value
.stb.gov/ Name: _ga
Value: GA1.1.376047480.1724898938
.stb.gov/ Name: _ga_CSLL4ZEK4L
Value: GS1.1.1724898938.1.0.1724898938.0.0.0
.stb.gov/ Name: _ga_QC41SJWL1D
Value: GS1.1.1724898938.1.0.1724898938.0.0.0

1 Console Messages

Source Level URL
Text
network error URL: https://www.stb.gov/vulnerability/-disclosure/-policy/
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000;includeSubdomains;preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block