urlscan.io logo urlscan.io
SecurityTrails logo

myhbp.org Open in urlscan Pro
13.225.78.22  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://email.notifications.degreed.com/c/eJx8kc2OnDAQhJ_GXFYzMm4ww8GHlRCnHCIld9TgHmjt2Eb-WYk8fcRok2wue61Sl6q_suY2A-qKTN3Vuu6h7fuKHPJjys...
Effective URL: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Submission: On May 21 via manual from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 16 HTTP transactions. The main IP is 13.225.78.22, located in United States and belongs to AMAZON-02, US. The main domain is myhbp.org. The Cisco Umbrella rank of the primary domain is 223195.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 23rd 2023. Valid for: a year.
This is the only time myhbp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 34.111.99.212 396982 (GOOGLE-CL...)
1 3 13.107.246.45 8075 (MICROSOFT...)
2 10 13.225.78.22 16509 (AMAZON-02)
1 1 104.17.99.195 13335 (CLOUDFLAR...)
4 104.18.72.113 13335 (CLOUDFLAR...)
1 104.18.70.113 13335 (CLOUDFLAR...)
1 104.16.51.111 13335 (CLOUDFLAR...)
16 6
1    34.111.99.212 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 212.99.111.34.bc.googleusercontent.com
email.notifications.degreed.com
3    13.107.246.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
degreed.com
10    13.225.78.22 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-78-22.fra2.r.cloudfront.net
myhbp.org
1    104.17.99.195 (None, )

ASN13335 (CLOUDFLARENET, US)
v2.zopim.com
4    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
1    104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)
ekr.zdassets.com
1    104.16.51.111 (None, )

ASN13335 (CLOUDFLARENET, US)
hbphelp.zendesk.com
Apex Domain
Subdomains		 Transfer
10 myhbp.org
myhbp.org — Cisco Umbrella Rank: 223195
1 MB
5 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2248
ekr.zdassets.com — Cisco Umbrella Rank: 2556
340 KB
4 degreed.com
email.notifications.degreed.com — Cisco Umbrella Rank: 270879
degreed.com — Cisco Umbrella Rank: 51895
12 KB
1 zendesk.com
hbphelp.zendesk.com — Cisco Umbrella Rank: 466091
1 KB
1 zopim.com
v2.zopim.com — Cisco Umbrella Rank: 15062
220 B
16 5
Domain Requested by
10 myhbp.org 2 redirects myhbp.org
4 static.zdassets.com myhbp.org
v2.zopim.com
static.zdassets.com
3 degreed.com 1 redirects
1 hbphelp.zendesk.com static.zdassets.com
1 ekr.zdassets.com v2.zopim.com
1 v2.zopim.com 1 redirects
1 email.notifications.degreed.com 1 redirects
16 7

This site contains no links.

Subject Issuer Validity Valid
degreed.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-11-13 -
2024-11-13		 a year crt.sh
*.myhbp.org
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-06-23 -
2024-07-16		 a year crt.sh
zdassets.com
E1		 2024-05-01 -
2024-07-30		 3 months crt.sh
hbphelp.zendesk.com
E1		 2024-05-20 -
2024-08-18		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Frame ID: 7DFBD73DD1E70ED76EB1FF6563E413C0
Requests: 13 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d152b1b.js
Frame ID: E5441B65B5118AA220B436029AB6172A
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Harvard Business Publishing | Corporate Learning

Page URL History Show full URLs

  1. https://email.notifications.degreed.com/c/eJx8kc2OnDAQhJ_GXFYzMm4ww8GHlRCnHCIld9TgHmjt2Eb-WYk8fcRok2wue61Sl6q_suY2A-... HTTP 302
    https://degreed.com/videos/introduction-to-persuading-others?d=12584365&inputtype=video&orgsso=b... HTTP 302
    https://degreed.com/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2f... Page URL
  2. https://myhbp.org/ping/idp/SSO.saml2 Page URL
  3. https://myhbp.org/ping/idp/SSO.saml2 HTTP 302
    https://myhbp.org/idp/login?resume=%2Fidp%2FYt2ZZcqjlk%2FresumeSAML20%2Fidp%2FSSO.ping&spentit... HTTP 302
    https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:h... Page URL

Page Statistics

16
Requests

94 %
HTTPS

0 %
IPv6

5
Domains

7
Subdomains

6
IPs

2
Countries

1400 kB
Transfer

7054 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://email.notifications.degreed.com/c/eJx8kc2OnDAQhJ_GXFYzMm4ww8GHlRCnHCIld9TgHmjt2Eb-WYk8fcRok2wue61Sl6q_suY2A-qKTN3Vuu6h7fuKHPJjysdOZkB-HC8_inMYDwGvL99jsGXJHHxF_p1j8I58Np_kzczUNWipg7ZZJFEP_WyVnq3qiVSDtmKjpGpkq6S8KQ39FRuiHqHDvtUdLHfRSB8y33nBMzNdLa2RyF6X4KqH2XLek4BXoUahxk-eUOM7WwpJqJF9_lvqksNlp5gKWvbrJeSNYhIwWgFDrdpbA7oVSrPfSz7_FjA8c4TSIa4pBQHD7PcdI8-Y7hH9Qptzacf4JpQu2U0plLich_ZE9iE6slycgOGJ9ENc0O3IqxcwnBgm2U5K_vGCz-SzgOFnsHikb4TRs1-rEFf0_OuJY2Jr6lrWVTSOvWe6bkU0EhPj9V_LJ6v_lslfzlkSxWmP4c4Pmt7oMKqGG8ha_w4AAP__Xeu7EA HTTP 302
    https://degreed.com/videos/introduction-to-persuading-others?d=12584365&inputtype=video&orgsso=bnpparibasfrancehmmspark&utm_source=daily&utm_medium=email&utm_campaign=2024_05_20&utm_content=TodaysLearning HTTP 302
    https://degreed.com/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2fvideos%2fintroduction-to-persuading-others%3fd%3d12584365%26inputtype%3dvideo%26orgsso%3dbnpparibasfrancehmmspark%26utm_source%3ddaily%26utm_medium%3demail%26utm_campaign%3d2024_05_20%26utm_content%3dTodaysLearning&SsoType=Saml Page URL
  2. https://myhbp.org/ping/idp/SSO.saml2 Page URL
  3. https://myhbp.org/ping/idp/SSO.saml2 HTTP 302
    https://myhbp.org/idp/login?resume=%2Fidp%2FYt2ZZcqjlk%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=sp%3Acl%3Ahbsp%3Asaml2 HTTP 302
    https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • https://email.notifications.degreed.com/c/eJx8kc2OnDAQhJ_GXFYzMm4ww8GHlRCnHCIld9TgHmjt2Eb-WYk8fcRok2wue61Sl6q_suY2A-qKTN3Vuu6h7fuKHPJjysdOZkB-HC8_inMYDwGvL99jsGXJHHxF_p1j8I58Np_kzczUNWipg7ZZJFEP_WyVnq3qiVSDtmKjpGpkq6S8KQ39FRuiHqHDvtUdLHfRSB8y33nBMzNdLa2RyF6X4KqH2XLek4BXoUahxk-eUOM7WwpJqJF9_lvqksNlp5gKWvbrJeSNYhIwWgFDrdpbA7oVSrPfSz7_FjA8c4TSIa4pBQHD7PcdI8-Y7hH9Qptzacf4JpQu2U0plLich_ZE9iE6slycgOGJ9ENc0O3IqxcwnBgm2U5K_vGCz-SzgOFnsHikb4TRs1-rEFf0_OuJY2Jr6lrWVTSOvWe6bkU0EhPj9V_LJ6v_lslfzlkSxWmP4c4Pmt7oMKqGG8ha_w4AAP__Xeu7EA HTTP 302
  • https://degreed.com/videos/introduction-to-persuading-others?d=12584365&inputtype=video&orgsso=bnpparibasfrancehmmspark&utm_source=daily&utm_medium=email&utm_campaign=2024_05_20&utm_content=TodaysLearning HTTP 302
  • https://degreed.com/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2fvideos%2fintroduction-to-persuading-others%3fd%3d12584365%26inputtype%3dvideo%26orgsso%3dbnpparibasfrancehmmspark%26utm_source%3ddaily%26utm_medium%3demail%26utm_campaign%3d2024_05_20%26utm_content%3dTodaysLearning&SsoType=Saml
Request Chain 9
  • https://v2.zopim.com/?3POLSd6mimTNxdgblOuHRp1FxVx7xYG0 HTTP 302
  • https://static.zdassets.com/ekr/asset_composer.js

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
singlesignon
degreed.com/account/
Redirect Chain
  • https://email.notifications.degreed.com/c/eJx8kc2OnDAQhJ_GXFYzMm4ww8GHlRCnHCIld9TgHmjt2Eb-WYk8fcRok2wue61Sl6q_suY2A-qKTN3Vuu6h7fuKHPJjysdOZkB-HC8_inMYDwGvL99jsGXJHHxF_p1j8I58Np_kzczUNWipg7ZZJFEP_Wy...
  • https://degreed.com/videos/introduction-to-persuading-others?d=12584365&inputtype=video&orgsso=bnpparibasfrancehmmspark&utm_source=daily&utm_medium=email&utm_campaign=2024_05_20&utm_content=TodaysL...
  • https://degreed.com/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2fvideos%2fintroduction-to-persuading-others%3fd%3d12584365%26inputtype%3dvideo%26orgsso%3dbnpparibasfr...
5 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://degreed.com/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2fvideos%2fintroduction-to-persuading-others%3fd%3d12584365%26inputtype%3dvideo%26orgsso%3dbnpparibasfrancehmmspark%26utm_source%3ddaily%26utm_medium%3demail%26utm_campaign%3d2024_05_20%26utm_content%3dTodaysLearning&SsoType=Saml
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' prod.degreedcdn.com fast.chmln-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: prod.degreedcdn.com fast.trychameleon.com cmp.osano.com snap.licdn.com bat.bing.com googletagmanager.com google-analytics.com googleads.g.doubleclick.net google.com translate.google.com tag.demandbase.com js-na1.hs-scripts.com js.hs-analytics.net gstatic.com d2c7xlmseob604.cloudfront.net datadoghq-browser-agent.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com explore.degreed.com blog.degreed.com assets.adobedtm.com; style-src 'self' 'unsafe-inline' data: prod.degreedcdn.com explore.degreed.com blog.degreed.com gstatic.com cdn.jsdelivr.net; img-src * data: blob: about: https:; frame-src * blob: https:; font-src * data:; connect-src 'self' https: prod.degreedcdn.com api.company-target.com stats.g.doubleclick.net graphql.contentful.com api.hubapi.com forms.hubspot.com analytics.degreed.com fast.trychameleon.com ld.degreed.com rum.browser-intake-datadoghq.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com explore.degreed.com; base-uri 'self' about: ld.degreed.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com; manifest-src 'self'; media-src * data: blob:; worker-src 'self' blob:; object-src *; report-uri https://csp.degreed.com/api/ReportCollector?type=mvc;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
cache-control
public, no-cache="Set-Cookie", no-store, max-age=0
content-encoding
gzip
content-length
3994
content-security-policy
default-src 'self' prod.degreedcdn.com fast.chmln-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: prod.degreedcdn.com fast.trychameleon.com cmp.osano.com snap.licdn.com bat.bing.com googletagmanager.com google-analytics.com googleads.g.doubleclick.net google.com translate.google.com tag.demandbase.com js-na1.hs-scripts.com js.hs-analytics.net gstatic.com d2c7xlmseob604.cloudfront.net datadoghq-browser-agent.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com explore.degreed.com blog.degreed.com assets.adobedtm.com; style-src 'self' 'unsafe-inline' data: prod.degreedcdn.com explore.degreed.com blog.degreed.com gstatic.com cdn.jsdelivr.net; img-src * data: blob: about: https:; frame-src * blob: https:; font-src * data:; connect-src 'self' https: prod.degreedcdn.com api.company-target.com stats.g.doubleclick.net graphql.contentful.com api.hubapi.com forms.hubspot.com analytics.degreed.com fast.trychameleon.com ld.degreed.com rum.browser-intake-datadoghq.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com explore.degreed.com; base-uri 'self' about: ld.degreed.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com; manifest-src 'self'; media-src * data: blob:; worker-src 'self' blob:; object-src *; report-uri https://csp.degreed.com/api/ReportCollector?type=mvc;
content-type
text/html
date
Tue, 21 May 2024 01:55:06 GMT
expires
Tue, 21 May 2024 01:55:06 GMT
last-modified
Tue, 21 May 2024 01:55:06 GMT
p3p
CP="DEV"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
vary
*
x-app-version
202413797
x-azure-ref
20240521T015506Z-164d49668c6x7ldkc87atvw7mw00000003yg000000001e1h
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-instance
WN1MDWK0001CQ
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block

Redirect headers

content-length
433
content-type
text/html; charset=utf-8
date
Tue, 21 May 2024 01:55:06 GMT
location
/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2fvideos%2fintroduction-to-persuading-others%3fd%3d12584365%26inputtype%3dvideo%26orgsso%3dbnpparibasfrancehmmspark%26utm_source%3ddaily%26utm_medium%3demail%26utm_campaign%3d2024_05_20%26utm_content%3dTodaysLearning&SsoType=Saml
p3p
CP="DEV"
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
x-app-version
202413797
x-azure-ref
20240521T015505Z-164d49668c6x7ldkc87atvw7mw00000003yg000000001e0c
x-cache
CONFIG_NOCACHE
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-instance
WN1MDWK0001CQ
x-permitted-cross-domain-policies
none
x-xss-protection
1; mode=block
SSO.saml2
myhbp.org/ping/idp/ 		1 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/ping/idp/SSO.saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
https://degreed.com
Referer
https://degreed.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache, no-store no-cache="set-cookie"
content-encoding
gzip
content-length
775
content-type
text/html;charset=utf-8
date
Tue, 21 May 2024 01:55:07 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
leg
PROD1
pragma
no-cache
server
vary
Accept-Encoding Accept-Encoding
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
x-amz-cf-id
8BNUjv8Vhfw_rA_SMBD42YeuxmPIrl1CfkepadDOLMZt_PoOlLCWOg==
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
favicon.ico
degreed.com/ 		5 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://degreed.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://degreed.com/account/singlesignon?id=sp%3acl%3ahbsp%3asaml2&tenant=1101-650&returnUrl=%2fvideos%2fintroduction-to-persuading-others%3fd%3d12584365%26inputtype%3dvideo%26orgsso%3dbnpparibasfrancehmmspark%26utm_source%3ddaily%26utm_medium%3demail%26utm_campaign%3d2024_05_20%26utm_content%3dTodaysLearning&SsoType=Saml
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-cache
CONFIG_NOCACHE
p3p
CP="DEV"
content-length
5430
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
x-app-version
202413797
last-modified
Wed, 08 May 2024 18:29:46 GMT
etag
"09c3b375a1da1:0"
x-frame-options
SAMEORIGIN
x-azure-ref
20240521T015506Z-164d49668c6x7ldkc87atvw7mw00000003yg000000001e21
content-type
image/x-icon
x-instance
WN0MDWK000FPX
accept-ranges
bytes
Primary Request login
myhbp.org/home/
Redirect Chain
  • https://myhbp.org/ping/idp/SSO.saml2
  • https://myhbp.org/idp/login?resume=%2Fidp%2FYt2ZZcqjlk%2FresumeSAML20%2Fidp%2FSSO.ping&spentity=sp%3Acl%3Ahbsp%3Asaml2
  • https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
609 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash
b3c4e0f5fcdf4a5ea71a169cffaef3cb6d0fb00cc0f504d29355dfa076293b93
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Content-Type
application/x-www-form-urlencoded
Origin
https://myhbp.org
Referer
https://myhbp.org/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-cache no-store
content-encoding
gzip
content-language
de-DE
content-length
366
content-security-policy
default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
content-type
text/html
date
Tue, 21 May 2024 01:55:08 GMT
expires
Thu, 01 Jan 1970 00:00:00 GMT
last-modified
Thu, 04 Apr 2024 19:47:32 GMT
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
strict-transport-security
max-age=31536000 ; includeSubDomains
vary
Accept-Encoding
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
x-amz-cf-id
fq072kOqdq0djd6TESNvD9G9Seg1OSA0c8Mrj6yq9l4oQU35cIV4Mw==
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

cache-control
no-cache, no-store, max-age=0, must-revalidate
content-language
de-DE
content-length
0
date
Tue, 21 May 2024 01:55:07 GMT
expires
0
location
https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
pragma
no-cache
server
strict-transport-security
max-age=31536000 ; includeSubDomains
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
x-amz-cf-id
S3Qb28Gq0yrnQtJzmTb5LGEvdgOl20l_ESWmJ8t4sFD41cNUnP49pw==
x-amz-cf-pop
FRA2-C2
x-application-context
application
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block
favicon.ico
myhbp.org/ 		4 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:08 GMT
x-amz-version-id
S.6eS_6ltvpvFXPlSXEQv768voGA6pZS
content-encoding
gzip
last-modified
Tue, 14 Sep 2021 14:01:18 GMT
server
AmazonS3
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C2
etag
W/"57f3270ce380820fc574ccd98d5cca52"
vary
Accept-Encoding
x-cache
Error from cloudfront
content-type
text/html
x-amz-cf-id
pY1zSSX00p7GZCNlQJ_B4ycqtb2SxRhHUqC03G79YtYxI51nPogJTg==
lato.css
myhbp.org/home/resources/fonts/Lato/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/home/resources/fonts/Lato/lato.css
Requested by
Host: myhbp.org
URL: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash
d5fb3f9281572198ff5d03ba2c93f20b495717411d50ca02cc13e8cc42257c40
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
content-encoding
gzip
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
date
Tue, 21 May 2024 01:55:08 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
372
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 19:47:32 GMT
server
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
kuY8zrq05AkwcQMmt30ok22r7txNRI8gWJ0BZQRlbWhGf20KfrKTEw==
react.bundle.css
myhbp.org/home/resources/dist/ 		4 MB
596 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/home/resources/dist/react.bundle.css
Requested by
Host: myhbp.org
URL: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash
ea044266abab73aea8042ba9fb1aac0246a39b2669af276da874bfd631bb591a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
content-encoding
gzip
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
date
Tue, 21 May 2024 01:55:08 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 19:50:06 GMT
server
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
eMrIW4PzH4PYjG-CoFixUhjZeC8M-9a9sSDaw1F-X39s_1eu5uK2iA==
react.bundle.js
myhbp.org/home/resources/dist/ 		2 MB
389 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/home/resources/dist/react.bundle.js
Requested by
Host: myhbp.org
URL: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash
ae74e1dfa65a30d8e2fb074ab5f06f874d8a8ecfe264260d4f92ef200451874a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
content-encoding
gzip
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
date
Tue, 21 May 2024 01:55:08 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000 ; includeSubDomains
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 19:50:06 GMT
server
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/javascript
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
x-amz-cf-id
mGHsmPHYhHbP1XRTcg2kKdrWedfBWWARRypvdl-DMfunMCrL8tKaxQ==
HBPub_reverse_crimson_rev_OnBlack.svg
myhbp.org/home/resources/dist/ 		31 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://myhbp.org/home/resources/dist/HBPub_reverse_crimson_rev_OnBlack.svg
Requested by
Host: myhbp.org
URL: https://myhbp.org/home/resources/dist/react.bundle.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash
8b6affa17b5f953af2557d77a5a73f99c6931719ebb7a5398b95582e179590c8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/home/resources/dist/react.bundle.css
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
date
Tue, 21 May 2024 01:55:09 GMT
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
31610
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 19:50:06 GMT
server
x-frame-options
DENY
content-type
image/svg+xml
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
f3mV-5x5uQ6Oh_IITyGwsXH1rlyQfEvu0Telv9-A6j15W36ZdR7lgg==
lato-v23-latin-regular.woff2
myhbp.org/home/resources/fonts/Lato/ 		23 KB
24 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://myhbp.org/home/resources/fonts/Lato/lato-v23-latin-regular.woff2
Requested by
Host: myhbp.org
URL: https://myhbp.org/home/resources/fonts/Lato/lato.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.78.22 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-78-22.fra2.r.cloudfront.net
Software
/
Resource Hash
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/home/resources/fonts/Lato/lato.css
Origin
https://myhbp.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' 'unsafe-eval' https:; img-src * data:; connect-src 'self' https:; font-src https:; media-src https: data: blob:; style-src 'self' https: 'unsafe-inline'; script-src 'self' https: data: blob: 'unsafe-inline' 'unsafe-eval'; script-src-elem 'self' https: 'unsafe-inline'
date
Tue, 21 May 2024 01:55:09 GMT
via
1.1 21a3da42c823b5a4a2d9c4c63248bbd6.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-amz-cf-pop
FRA2-C2
x-cache
Miss from cloudfront
content-length
23580
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 04 Apr 2024 19:47:32 GMT
server
x-frame-options
DENY
content-type
font/woff2
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
aSTp1fYdHy6Cn0ZTkesYL3llMzglY85dHSb5IK-4U6Pk-mB9zq7hvg==
asset_composer.js
static.zdassets.com/ekr/
Redirect Chain
  • https://v2.zopim.com/?3POLSd6mimTNxdgblOuHRp1FxVx7xYG0
  • https://static.zdassets.com/ekr/asset_composer.js
10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/asset_composer.js
Requested by
Host: myhbp.org
URL: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Protocol
H2
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://myhbp.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Tue, 21 May 2024 01:55:09 GMT
x-amz-version-id
KdUtYfTvhN3NWk63zbedRawrUoa4O1MG
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
PZERAEDAFZ9SYDTC
age
28
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
tr/so4/RjvATt57vT5wh/Tz8DnV+qeKn9kxsgChY1AajmU8f2RwhpxcTMLctipwAH7PwDn9UhU4=
last-modified
Mon, 15 Jan 2024 02:56:11 GMT
server
cloudflare
etag
W/"c0053b411b753138af468db1bd3b19f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JDTKJxuXJoMLHgRbbszPuc6VgTeI7mgrJmWpiGwRHRO6ODkyt%2FxFIXE122GHOoCTLdqYlAJqQwKRDlAIP33HgYRAcqVffdQ9U0eE2GMI5m5Q%2BE25cerlCj8BbFo%2FT%2F0VUR3WtOA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=3600, s-maxage=60
access-control-max-age
0
cf-ray
8870f1501c0e1d90-FRA
access-control-allow-headers
*

Redirect headers

date
Tue, 21 May 2024 01:55:09 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/html
location
https://static.zdassets.com/ekr/asset_composer.js
cache-control
private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
8870f14fcf859a09-FRA
content-length
143
expires
Thu, 01 Jan 1970 00:00:01 GMT
truncated
/ 		15 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bb71c2c1aa2da7c7b6d36f226b12ae8c4f474e79f1ac10cc2b97a091a41f9863

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
image/jpeg
3POLSd6mimTNxdgblOuHRp1FxVx7xYG0
ekr.zdassets.com/compose/zopim_chat/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/zopim_chat/3POLSd6mimTNxdgblOuHRp1FxVx7xYG0
Requested by
Host: v2.zopim.com
URL: https://v2.zopim.com/?3POLSd6mimTNxdgblOuHRp1FxVx7xYG0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
18d802bdd57f532a60b9de2ee9ac4d94e28a543b3f975633e0e0cf2befa297e8
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://myhbp.org/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:10 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
884b2bb30a0d26b1-SEA, 884b2bb30a0d26b1-SEA
x-runtime
0.004412
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"18d802bdd57f532a60b9de2ee9ac4d94"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OaT%2B3UFoG%2FatY93Fo4NYHPF9zht2AL%2FSLd%2F4R5GNz6grUPghyjiUdd6x%2BP25e8n6181mzkn%2BqAVh8zElPgut4LKoEPlQ3PsIvJ5EwMq9s5ippB236yp0d5hFeFiZ0HZvjVE%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
8870f1507b1a9963-FRA
web-widget-main-d152b1b.js
static.zdassets.com/web_widget/classic/latest/ Frame E544 		972 KB
276 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d152b1b.js
Requested by
Host: v2.zopim.com
URL: https://v2.zopim.com/?3POLSd6mimTNxdgblOuHRp1FxVx7xYG0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8d3cff83288f40a0b4c0e7a5991ce263d5f99e2cba500b05aeb07af53d679af
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:10 GMT
x-amz-version-id
MbiCdMZZBCYX_Tz.ynC9EmEP7qxMYhWA
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
2J7RHPQN2Q1R4ND9
age
396127
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
VR09gQxa5NMYjvcDgWmDOHVLpppJ3qRQczQgFg3GapkzTpZb/aM8WqLJiKzswYj8CHBe28h9BXSoj5kM3U4WXbXnABTSI5YD
last-modified
Wed, 08 May 2024 06:03:52 GMT
server
cloudflare
etag
W/"7d604dcda77a5cae210d57f3a19cac77"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=B4BRb9yaVHugzBF1Z8dcItjPhiOPmQLncXwwxr92ehDJSUecOUNoAgBCQjYC6OKu%2FpIHddRAoa%2FZ5mk0ZIO3ZJSc56XjCAPVKRMkPJWwVHHjJS1t0w5lHUBD%2FTgVBzkBipvhCtg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
8870f1545dd11d90-FRA
access-control-allow-headers
*
expires
Thu, 08 May 2025 06:03:51 GMT
en-us-json-d152b1b.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame E544 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-d152b1b.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d152b1b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:10 GMT
x-amz-version-id
cFDuTuz.WgUFwzdK..HrAYlXq5ZYp7g_
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
0FDV83W3TPSG30YF
age
396127
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
4vnglYIrdP45fZiSFq3PnZ3CnEkCjYSOgCF0B9rP9fMHPxkQ1TVIw9R9EsD5+dLXqd60BmQSDXg=
last-modified
Wed, 08 May 2024 06:03:54 GMT
server
cloudflare
etag
W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sChxKwdZs%2Bk%2Fof9b1thAIR0d2FjNJrAqSmrpmHVSrkZdKaQCT2h8rUzOngKf2BWzuNEjFSB7bMbZ5BOvDqUKqINnqS3bQrUgG4AUPz%2FiuQWpSftT9DOaq2cY%2Fva6epsdStWwnI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
8870f1555e501d90-FRA
access-control-allow-headers
*
expires
Thu, 08 May 2025 06:03:53 GMT
config
hbphelp.zendesk.com/embeddable/ Frame E544 		914 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://hbphelp.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d152b1b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.51.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31f4d924e784535b23e82cb7a13b19937bbeac2c1aa00b722c4b86bd447c28e8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:10 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-5b446b46b9-ggflh
x-cached
MISS
x-runtime
0.002120
last-modified
Tue, 21 May 2024 01:54:05 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kv653SaViQM2L893HokeSyDRvAY4B1B9FQ1APDc5pBhx%2BjJnL8RlwmkbCgaz3KihQa8IOhc5VwuXfPW8nPM9pCi3bQMYI3Vn2PC3YQFQCXYYMgmfvLagy7tOAz%2Fybu0GdwoIY7w%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
8870f1558e109170-FRA
web-widget-chat-sdk-d152b1b.js
static.zdassets.com/web_widget/classic/latest/ Frame E544 		202 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d152b1b.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-d152b1b.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
965cba95c928e95003ce37271090406eaa7d5c2d955230a785b2b3be8a9a17f5
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 21 May 2024 01:55:10 GMT
x-amz-version-id
4lmLW3mmdbGo4rS7BnvRmGb3W0GgJzVj
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
6NSHJ3PDAGBZX3ZW
age
396127
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
ijLRwVSdSZ0KmdYhniAuHO/Kzehlekec2vHAyCDvFuCHkQI/8EccfCrH+SM33CyDfydkcHfbaxY=
last-modified
Wed, 08 May 2024 06:03:52 GMT
server
cloudflare
etag
W/"b8284a4b45e40625c2b90a641ebe4a68"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZviWuxmx4ZdtJKyv3XSrnfXcmSXgn594s6aLAqAOcj%2FlM4nY3P5DDu4bRMlMc7eYygXHbrYih8J0hFnRIAMi233Y1WUpxCjIxH9b2bHAJ%2FVMhe4VjEGTWcxesXAsRtMl8kynrGI%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
8870f1558e601d90-FRA
access-control-allow-headers
*
expires
Thu, 08 May 2025 06:03:51 GMT

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| FontAwesomeConfig object| ___FONT_AWESOME___ object| cl-home object| zEWebpackACJsonp function| zE function| zEmbed boolean| zEACLoaded function| $zopim

6 Cookies

Domain/Path Name / Value
degreed.com/ Name: session.v4.degreed.com
Value: s3kmm24o0mexwhacwfaybhm3
degreed.com/ Name: antiforgery.v4.degreed.com
Value: f-J2V7fZDnp7GUDLrFgQhI2-4klwQWds_xNCtXbUe8Xm2ueIiEJRX67Qm4Zz5gaMnKH6pWdsGLdXIfG9sMsn3tmg_ts1
degreed.com/ Name: antiforgery-request.v4.degreed.com
Value: zSDaCgemjukrXE0A9qY52yPFyJj6yo7CNJEyKoGiiHM6CGoRqJ7dwy2bf8s2e38jKo2wUqnbmveS4VBW0jLBHnG7Ibc1
myhbp.org/ Name: AWSELB
Value: BD61035906F6E439A79D6CEF1F8FFD74ACD03CFC76F721753E35DEF7F4AA412499E56C558B8C7C3A6FBEF1D903B5AE4F390B50B97406403B97B2A84943701AA6B70FE6862B
myhbp.org/ Name: AWSELBCORS
Value: BD61035906F6E439A79D6CEF1F8FFD74ACD03CFC76F721753E35DEF7F4AA412499E56C558B8C7C3A6FBEF1D903B5AE4F390B50B97406403B97B2A84943701AA6B70FE6862B
.myhbp.org/ Name: PF
Value: 8wlsWEYVr1OtR0au59hlkb08yAYlIeK2YBYwzilR6Irl

10 Console Messages

Source Level URL
Text
network error URL: https://myhbp.org/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.
recommendation verbose URL: https://myhbp.org/home/login?resume=/idp/Yt2ZZcqjlk/resumeSAML20/idp/SSO.ping&spentity=sp:cl:hbsp:saml2
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security error URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-chat-sdk-d152b1b.js(Line 1)
Message:
Refused to connect to 'wss://widget-mediator.zopim.com/s/W/ws/z+HBLe+ynDTUMuxf/c/1716256510380' because it violates the following Content Security Policy directive: "connect-src 'self' https:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' prod.degreedcdn.com fast.chmln-cdn.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: https: prod.degreedcdn.com fast.trychameleon.com cmp.osano.com snap.licdn.com bat.bing.com googletagmanager.com google-analytics.com googleads.g.doubleclick.net google.com translate.google.com tag.demandbase.com js-na1.hs-scripts.com js.hs-analytics.net gstatic.com d2c7xlmseob604.cloudfront.net datadoghq-browser-agent.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com explore.degreed.com blog.degreed.com assets.adobedtm.com; style-src 'self' 'unsafe-inline' data: prod.degreedcdn.com explore.degreed.com blog.degreed.com gstatic.com cdn.jsdelivr.net; img-src * data: blob: about: https:; frame-src * blob: https:; font-src * data:; connect-src 'self' https: prod.degreedcdn.com api.company-target.com stats.g.doubleclick.net graphql.contentful.com api.hubapi.com forms.hubspot.com analytics.degreed.com fast.trychameleon.com ld.degreed.com rum.browser-intake-datadoghq.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com explore.degreed.com; base-uri 'self' about: ld.degreed.com zn3dpyydxnqicchiy-degreed.siteintercept.qualtrics.com; manifest-src 'self'; media-src * data: blob:; worker-src 'self' blob:; object-src *; report-uri https://csp.degreed.com/api/ReportCollector?type=mvc;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block