urlscan.io logo urlscan.io
SecurityTrails logo

my.roswellpark.org Open in urlscan Pro
67.99.175.181  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://67.99.175.36/?v=$
Effective URL: https://my.roswellpark.org/
Submission: On March 21 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 16 HTTP transactions. The main IP is 67.99.175.181, located in Buffalo, United States and belongs to BUFFALO-ASN, US. The main domain is my.roswellpark.org.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on November 12th 2021. Valid for: a year.
This is the only time my.roswellpark.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 67.99.175.36 32831 (RPCI-AS)
9 67.99.175.181 3685 (BUFFALO-ASN)
3 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
16 4
2    67.99.175.36 (Buffalo, United States)

ASN32831 (RPCI-AS, US)
PTR: c-67-99-175-036.roswellpark.org
67.99.175.36
9    67.99.175.181 (Buffalo, United States)

ASN3685 (BUFFALO-ASN, US)
PTR: my.roswellpark.org
my.roswellpark.org
3    2a00:1450:4001:82b::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
apis.google.com
3    2a00:1450:4001:831::200d (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
accounts.google.com
1    2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
ssl.gstatic.com
Apex Domain
Subdomains		 Transfer
9 roswellpark.org
my.roswellpark.org
3 MB
6 google.com
apis.google.com — Cisco Umbrella Rank: 83
accounts.google.com — Cisco Umbrella Rank: 64
128 KB
1 gstatic.com
ssl.gstatic.com
40 KB
16 3
Domain Requested by
9 my.roswellpark.org my.roswellpark.org
3 accounts.google.com apis.google.com
my.roswellpark.org
ssl.gstatic.com
3 apis.google.com my.roswellpark.org
apis.google.com
1 ssl.gstatic.com accounts.google.com
16 4

This site contains links to these domains. Also see Links.

Domain
www.roswellpark.org
Subject Issuer Validity Valid
*.roswellpark.org
Go Daddy Secure Certificate Authority - G2		 2021-11-12 -
2022-12-14		 a year crt.sh
*.apis.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-02-28 -
2022-05-23		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://my.roswellpark.org/
Frame ID: BA6345A22B40C185906244B58CD4FEB9
Requests: 12 HTTP requests in this frame

Frame: https://accounts.google.com/o/oauth2/iframe
Frame ID: B98D66D81725460B872C02C8A13350C8
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Patient Portal - MyRoswell: Login

Page URL History Show full URLs

  1. http://67.99.175.36/?v=$ HTTP 302
    https://67.99.175.36/?v=$ HTTP 302
    https://my.roswellpark.org/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <iframe[^>]*accounts\.google\.com/o/oauth2

Page Statistics

16
Requests

100 %
HTTPS

60 %
IPv6

3
Domains

4
Subdomains

4
IPs

2
Countries

3581 kB
Transfer

21283 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://67.99.175.36/?v=$ HTTP 302
    https://67.99.175.36/?v=$ HTTP 302
    https://my.roswellpark.org/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
my.roswellpark.org/
Redirect Chain
  • http://67.99.175.36/?v=$
  • https://67.99.175.36/?v=$
  • https://my.roswellpark.org/
13 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
164f54892920b621b857bb54f20db4f55d6d38c53797272aba40dcab3b080ef5
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Mon, 21 Mar 2022 15:51:15 GMT
Server
Apache
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
0
X-Frame-Options
SAMEORIGIN, SAMEORIGIN sameorigin
Vary
Accept-Encoding,User-Agent
Content-Encoding
gzip
X-XSS-Protection
1; mode=block
Content-Length
3969
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Content-Type
text/html; charset=UTF-8

Redirect headers

Location
https://my.roswellpark.org
Server
BigIP
Connection
Keep-Alive
Content-Length
0
cached37.css
my.roswellpark.org/css/cache/ 		19 MB
3 MB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.roswellpark.org/css/cache/cached37.css
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
cd4245604dc6cf0e8236243d8902189472ce5accbdabef881071ca1df5f4f547
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:16 GMT
Content-Encoding
gzip
Last-Modified
Sat, 19 Mar 2022 04:26:49 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"1318d44-5da8aac04defb-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=604800
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Mar 2022 15:51:16 GMT
main.1.0.153.js
my.roswellpark.org/js/static/ 		1 MB
263 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.roswellpark.org/js/static/main.1.0.153.js
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
4749dfdb6c31dd5072697d443d45d8e05a19ace5f8810ccc696c50345171b660
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:16 GMT
Content-Encoding
gzip
Vary
Accept-Encoding,User-Agent
Last-Modified
Tue, 26 Oct 2021 20:46:12 GMT
Server
Apache
ETag
"1175d5-5cf47916b96ee-gzip"
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
X-XSS-Protection
1; mode=block
rpccc-logo@2x.png
my.roswellpark.org/media/images/ 		49 KB
49 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.roswellpark.org/media/images/rpccc-logo@2x.png
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
34a518410b8824bfb289d1676ba13f877280e67db8d47b8942a0127470fad437
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:16 GMT
Last-Modified
Sun, 29 Nov 2020 04:46:38 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"c36c-5b5379436c780"
Vary
User-Agent
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
50028
X-XSS-Protection
1; mode=block
btn_google_signin_dark_normal_web.png
my.roswellpark.org/media/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.roswellpark.org/media/images/btn_google_signin_dark_normal_web.png
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
3b9345d6fb67292893c7a7a6119e46fef357c68093732ceacc45f6b700f243b8
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:16 GMT
Last-Modified
Sun, 29 Nov 2020 17:30:58 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"f8f-5b54241b0f196"
Vary
User-Agent
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
3983
X-XSS-Protection
1; mode=block
myroswell.png
my.roswellpark.org/media/images/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.roswellpark.org/media/images/myroswell.png
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
2ee9db4952124ec41f0e5dbb0811e494a0cd1603128a67f394f98fde6dc23aa4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:16 GMT
Last-Modified
Sun, 29 Nov 2020 17:30:58 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"51ce-5b54241b0f196"
Vary
User-Agent
Content-Type
image/png
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
20942
X-XSS-Protection
1; mode=block
client:platform.js
apis.google.com/js/ 		53 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/client:platform.js?onload=googleInit
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e35b10ec8b173981a6df16b69146003979a0d77e350e67245f7def06b3eb0e58
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

content-security-policy
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gapi-team
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20544
x-xss-protection
0
server
sffe
cross-origin-opener-policy
same-origin; report-to="gapi-team"
date
Mon, 21 Mar 2022 15:51:16 GMT
vary
Accept-Encoding
report-to
{"group":"gapi-team","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gapi-team"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"055d6889342349a6"
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 21 Mar 2022 15:51:16 GMT
print.css
my.roswellpark.org/css/ 		2 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.roswellpark.org/css/print.css
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
be0a8be881378f7cb87f27060299620045902d1196c6a9f80ae23d94c84cad58
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:17 GMT
Content-Encoding
gzip
Last-Modified
Sun, 29 Nov 2020 04:44:47 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"640-5b5378d990dc0-gzip"
Vary
Accept-Encoding,User-Agent
Content-Type
text/css
Cache-Control
max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
539
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Mar 2022 15:51:17 GMT
open-sans.woff
my.roswellpark.org/media/fonts/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.roswellpark.org/media/fonts/open-sans.woff
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/css/cache/cached37.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
90556675373ea9ed1d0e9b5678426d69296b6801c906ca378bb426aa3d6acdc3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.roswellpark.org/css/cache/cached37.css
Origin
https://my.roswellpark.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:18 GMT
Last-Modified
Sun, 29 Nov 2020 04:44:47 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"55c4-5b5378d990dc0"
Vary
User-Agent
Content-Type
application/x-font-woff
Cache-Control
max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
21956
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Mar 2022 15:51:18 GMT
open-sans-light.woff
my.roswellpark.org/media/fonts/ 		22 KB
23 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.roswellpark.org/media/fonts/open-sans-light.woff
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/css/cache/cached37.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
67.99.175.181 Buffalo, United States, ASN3685 (BUFFALO-ASN, US),
Reverse DNS
my.roswellpark.org
Software
Apache /
Resource Hash
7e7fd69ff0a1671b508800f38f6ad3690650c27c0a1f3f505629ecbe6ba51942
Security Headers
Name Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN, sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.roswellpark.org/css/cache/cached37.css
Origin
https://my.roswellpark.org
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

Date
Mon, 21 Mar 2022 15:51:18 GMT
Last-Modified
Sun, 29 Nov 2020 04:44:47 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN, SAMEORIGIN, sameorigin
ETag
"5880-5b5378d990dc0"
Vary
User-Agent
Content-Type
application/x-font-woff
Cache-Control
max-age=604800
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=95
Content-Length
22656
X-XSS-Protection
1; mode=block
Expires
Mon, 28 Mar 2022 15:51:18 GMT
cb=gapi.loaded_0
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.I13-EL4NYtQ.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8kfO5_tzH3I_uDPUBAcVFwZfiR6w/ 		311 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.I13-EL4NYtQ.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8kfO5_tzH3I_uDPUBAcVFwZfiR6w/cb=gapi.loaded_0?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client:platform.js?onload=googleInit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
a5de6587f20288172a4e499f34200a8bde3cb11c9c8678e35dffea539e8d51b9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 10:21:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
19764
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
107939
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:59:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
vary
Accept-Encoding
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Tue, 21 Mar 2023 10:21:54 GMT
cb=gapi.loaded_1
apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.I13-EL4NYtQ.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8kfO5_tzH3I_uDPUBAcVFwZfiR6w/ 		62 B
85 B 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.I13-EL4NYtQ.O/m=auth2/exm=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8kfO5_tzH3I_uDPUBAcVFwZfiR6w/cb=gapi.loaded_1?le=scs
Requested by
Host: apis.google.com
URL: https://apis.google.com/js/client:platform.js?onload=googleInit
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:82b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
27095d13a9c6e755cb20dc225c60d419aaea91a9ec240b842527daea5c98a3ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Wed, 16 Mar 2022 15:14:23 GMT
x-content-type-options
nosniff
age
434215
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/social-frontend-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
62
x-xss-protection
0
last-modified
Wed, 02 Feb 2022 22:59:44 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="social-frontend-mpm-access"
report-to
{"group":"social-frontend-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/social-frontend-mpm-access"}]}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 16 Mar 2023 15:14:23 GMT
iframe
accounts.google.com/o/oauth2/ Frame B98D 		513 B
949 B 		Document
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframe
Requested by
Host: apis.google.com
URL: https://apis.google.com/_/scs/abc-static/_/js/k=gapi.lb.de.I13-EL4NYtQ.O/m=client/rt=j/sv=1/d=1/ed=1/rs=AHpOoo8kfO5_tzH3I_uDPUBAcVFwZfiR6w/cb=gapi.loaded_0?le=scs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
1f5b30ea4c7d68e119e5341a939395e424e70f6681d1a1e3f25f83458823b82c
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri /o/cspreport script-src 'report-sample' 'nonce-nKeshjVlVqZ35JJUbSO6Ug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Referer
https://my.roswellpark.org/

Response headers

content-type
text/html; charset=utf-8
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 21 Mar 2022 15:51:18 GMT
content-language
en-US
content-security-policy
require-trusted-types-for 'script';report-uri /o/cspreport script-src 'report-sample' 'nonce-nKeshjVlVqZ35JJUbSO6Ug' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
content-encoding
gzip
server
ESF
x-xss-protection
0
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cspreport
accounts.google.com/o/ Frame B98D 		0
19 B 		Other
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/cspreport
Requested by
Host: my.roswellpark.org
URL: https://my.roswellpark.org/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-hmypt7GYA6ETHrbzIbV/0A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36
Content-Type
application/csp-report

Response headers

pragma
no-cache
date
Mon, 21 Mar 2022 15:51:18 GMT
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'report-sample' 'nonce-hmypt7GYA6ETHrbzIbV/0A' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri /o/cspreport
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
x-xss-protection
0
expires
Mon, 01 Jan 1990 00:00:00 GMT
1678996273-idpiframe.js
ssl.gstatic.com/accounts/o/ Frame B98D 		115 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ssl.gstatic.com/accounts/o/1678996273-idpiframe.js
Requested by
Host: accounts.google.com
URL: https://accounts.google.com/o/oauth2/iframe
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
b3787400c474cd2f397daf515070ac44b3daca77ded38e088c9d59e8ab2d815b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://accounts.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Tue, 15 Mar 2022 17:01:00 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
514218
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/federated-signon-mpm-access
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40365
x-xss-protection
0
last-modified
Thu, 10 Mar 2022 21:16:09 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="federated-signon-mpm-access"
vary
Accept-Encoding
report-to
{"group":"federated-signon-mpm-access","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/federated-signon-mpm-access"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 15 Mar 2023 17:01:00 GMT
iframerpc
accounts.google.com/o/oauth2/ Frame B98D 		30 B
73 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/o/oauth2/iframerpc?action=checkOrigin&origin=https%3A%2F%2Fmy.roswellpark.org&client_id=118420931253-m286lj0subv9ckjg6i6bjcsl7cusbsa0.apps.googleusercontent.com
Requested by
Host: ssl.gstatic.com
URL: https://ssl.gstatic.com/accounts/o/1678996273-idpiframe.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:831::200d Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f565ff550498d37147965a45937dfd1a9dc0b197d06179918d4fea00be462654
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://accounts.google.com/o/oauth2/iframe
X-Requested-With
XmlHttpRequest
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.51 Safari/537.36

Response headers

date
Mon, 21 Mar 2022 15:50:25 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
age
54
content-type
application/json; charset=utf-8
cache-control
public, max-age=3600
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
55
x-xss-protection
0
expires
Mon, 21 Mar 2022 16:50:25 GMT

Verdicts & Comments Add Verdict or Comment

43 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| structuredClone object| oncontextlost object| oncontextrestored object| Handlebars object| pportal object| app object| patient function| formatDate function| HighlighterButton function| RedText function| MediumButton function| getCurrentSelection function| $ function| jQuery object| jQuery112005415485383264682 function| SearchIndex function| Bloodhound function| BootstrapDialog object| sb function| rotateAttachment object| rangy function| MediumEditor function| googleInit object| gapi object| ___jsl object| _ object| peopleSearch object| patientSearch object| osapi object| gadgets object| iframer object| __gapi_jstiming__ object| shindig function| ToolbarApi object| iframes function| IframeBase function| Iframe function| IframeProxy function| IframeWindow object| googleapis object| sessionChecker object| auth2

3 Cookies

Domain/Path Name / Value
my.roswellpark.org/ Name: SBFID
Value: qp423h9r4ovgn1ca59pf5qf6ve
my.roswellpark.org/ Name: BIGipServerSVC_My_HTTPS_EXT_pool
Value: 600637706.47873.0000
.my.roswellpark.org/ Name: G_ENABLED_IDPS
Value: google

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
This document requires 'TrustedScript' assignment.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN, SAMEORIGIN sameorigin
X-Xss-Protection 1; mode=block