Submitted URL: http://square.americanexpress.com/
Effective URL: https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Submission: On May 03 via manual from US

Summary

This website contacted 5 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 54.197.192.172, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US. The main domain is aexp.okta.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on June 4th 2016. Valid for: 3 years.
This is the only time aexp.okta.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 4 64.94.98.230 14807 (SHNAC1)
1 54.197.192.172 14618 (AMAZON-AES)
4 52.85.184.163 16509 (AMAZON-02)
2 52.85.184.86 16509 (AMAZON-02)
1 52.85.184.78 16509 (AMAZON-02)
9 5
Domain Requested by
5 ok2static.oktacdn.com aexp.okta.com
4 square.americanexpress.com 3 redirects
2 login.okta.com ok2static.oktacdn.com
login.okta.com
1 aexp.okta.com
9 4

This site contains links to these domains. Also see Links.

Domain
www.okta.com
Subject Issuer Validity Valid
square.americanexpress.com
DigiCert SHA2 Extended Validation Server CA
2017-09-01 -
2019-09-06
2 years crt.sh
*.okta.com
DigiCert SHA2 High Assurance Server CA
2016-06-04 -
2019-07-10
3 years crt.sh
accounts.okta.com
DigiCert SHA2 High Assurance Server CA
2016-08-04 -
2019-08-09
3 years crt.sh

This page contains 2 frames:

Primary Page: https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Frame ID: E737EB6964616F601655B99C203AE1BC
Requests: 7 HTTP requests in this frame

Frame: https://login.okta.com/discovery/iframe.html
Frame ID: A166D4DF66B83FA0AECD8FBA3CED9538
Requests: 2 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. http://square.americanexpress.com/ HTTP 301
    https://square.americanexpress.com/ HTTP 302
    https://square.americanexpress.com/index.jspa HTTP 302
    https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa Page URL
  2. https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i

Overall confidence: 100%
Detected patterns
  • env /^Backbone$/i

Overall confidence: 100%
Detected patterns
  • env /^Backbone$/i

Page Statistics

9
Requests

44 %
HTTPS

0 %
IPv6

3
Domains

4
Subdomains

5
IPs

1
Countries

726 kB
Transfer

2122 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://square.americanexpress.com/ HTTP 301
    https://square.americanexpress.com/ HTTP 302
    https://square.americanexpress.com/index.jspa HTTP 302
    https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa Page URL
  2. https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://square.americanexpress.com/ HTTP 301
  • https://square.americanexpress.com/ HTTP 302
  • https://square.americanexpress.com/index.jspa HTTP 302
  • https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set login.jspa
square.americanexpress.com/
Redirect Chain
  • http://square.americanexpress.com/
  • https://square.americanexpress.com/
  • https://square.americanexpress.com/index.jspa
  • https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa
8 KB
3 KB
Document
General
Full URL
https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.94.98.230 , United States, ASN14807 (SHNAC1 - Skyhigh Networks Inc, US),
Reverse DNS
Software
nginx/1.9.3 /
Resource Hash
0fa1a5077781cb99807c6b9fa8672c8eee9d6a0b9b514511e1e99612d9060bec
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
square.americanexpress.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Cookie
jive.login.ts=1525325392621; JSESSIONID=DDAA8D81E1C94F542226AB18A12BC278; BIGipServerpool_americanexpress.hosted.jivesoftware.com=2920655882.20480.0000; jive.security.context=yXwt5FETEBI6F7dwcg9fIP//////////XQxjN2Gmxi+qaoS5KiNqQFpbuYo4bPt2MD4bhBr4AXSzzaRpaGwdwjACIom9PamsPssBVd2ZaR9Msz2uNohj9saP4b+4zmIJ; SHN-VH-session=2e9d0219-9c25-454b-8aed-613f55530a9b|1525327195057
Connection
keep-alive
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Thu, 03 May 2018 05:29:55 GMT
Content-Encoding
gzip
X-Jive-Request-Id
01ad3e10-4e93-11e8-97e6-0050568b4854
P3P
CP="CAO PSA OUR"
Set-Cookie
jive.security.context=HQyT2+wnbVkH2Bg0syUuG///////////PkFElo0Fi9g2LN1K44l6hr3RO2GkRxbGYd3M8ODzavUJsOHUKRXLG8+0IDOtNF2QWsPRvlsVbf12G7TfKQ+3zR+P6ApZps3Q; Expires=Fri, 04-May-2018 05:29:53 GMT; Path=/; HttpOnly
Connection
keep-alive
X-JSL
D=192842 t=1525325393008037
Content-Length
2561
Pragma
no-cache
Server
nginx/1.9.3
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Type
text/html;charset=UTF-8
Cache-control
no-cache, no-store, no-store, no-cache, must-revalidate, private, max-age=0
X-SkyHigh-Version
BuildNumber=50, BuildDate=2018-04-16 18:14
X-Robots-Tag
none
X-Jive-Flow-Id
01ad3e11-4e93-11e8-97e6-0050568b4854
Expires
Thu, 03 May 2018 05:29:53 GMT

Redirect headers

Date
Thu, 03 May 2018 05:29:55 GMT
Content-Encoding
gzip
X-Jive-Request-Id
018fcb00-4e93-11e8-97e6-0050568b4854
Content-Type
text/html;charset=UTF-8
P3P
CP="CAO PSA OUR"
Set-Cookie
jive.security.context=yXwt5FETEBI6F7dwcg9fIP//////////XQxjN2Gmxi+qaoS5KiNqQFpbuYo4bPt2MD4bhBr4AXSzzaRpaGwdwjACIom9PamsPssBVd2ZaR9Msz2uNohj9saP4b+4zmIJ; Expires=Fri, 04-May-2018 05:29:52 GMT; Path=/; HttpOnly SHN-VH-session=2e9d0219-9c25-454b-8aed-613f55530a9b|1525327195057; Path=/; Domain=.square.americanexpress.com
Connection
keep-alive
X-JSL
D=6104 t=1525325392815635
Content-Length
20
Server
nginx/1.9.3
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding,User-Agent
Content-Language
en-US
Location
/login.jspa?referer=%252Findex.jspa
X-JIVE-USER-ID
-1
Cache-Control
no-store, no-cache, must-revalidate, private, max-age=0
X-SkyHigh-Version
BuildNumber=50, BuildDate=2018-04-16 18:14
X-Robots-Tag
none
X-Jive-Flow-Id
018fcb01-4e93-11e8-97e6-0050568b4854
Expires
Thu, 03 May 2018 05:29:52 GMT
Primary Request Cookie set saml
aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/
15 KB
7 KB
Document
General
Full URL
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.197.192.172 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
aexp-crtrs.okta.com
Software
nginx /
Resource Hash
70158f94969ff959c14b7253421199143044bf0573c8d853a42b9bc307498dbc
Security Headers
Name Value
Strict-Transport-Security max-age=315360000
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Origin
https://square.americanexpress.com
Accept-Encoding
gzip, deflate
Host
aexp.okta.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Cache-Control
no-cache
Referer
https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa
Connection
keep-alive
Content-Length
832
Referer
https://square.americanexpress.com/login.jspa?referer=%252Findex.jspa
Origin
https://square.americanexpress.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

X-Okta-Request-Id
WuqeUU3QTEeziDAv8NCQtAAAAgk
Date
Thu, 03 May 2018 05:29:53 GMT
Content-Encoding
gzip
X-Rate-Limit-Limit
10000
Content-Type
text/html;charset=utf-8
X-Rate-Limit-Remaining
9436
Transfer-Encoding
chunked
P3P
CP="HONK"
Connection
Keep-Alive
Vary
Accept-Encoding
X-UA-Compatible
IE=edge
Pragma
no-cache
Server
nginx
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=315360000
X-Okta-backend
ok2-majorapp04b.aue1p.saasure.com ok2-majorapp04b.aue1p.saasure.com
Content-Language
en
Cache-Control
no-cache, no-store
Public-Key-Pins-Report-Only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
Set-Cookie
ADRUM_BTa="R:69|g:5a4b613c-0bd1-4e45-9bc4-e1a75a57dd2a"; Version=1; Max-Age=30; Expires=Thu, 03-May-2018 05:30:23 GMT; Path=/ ADRUM_BTa="R:69|g:5a4b613c-0bd1-4e45-9bc4-e1a75a57dd2a|n:Okta_6d5b1e30-d05a-4894-a37b-81b5f6c60e0e"; Version=1; Max-Age=30; Expires=Thu, 03-May-2018 05:30:23 GMT; Path=/ ADRUM_BT1="R:69|i:1083"; Version=1; Max-Age=30; Expires=Thu, 03-May-2018 05:30:23 GMT; Path=/ ADRUM_BT1="R:69|i:1083|e:63"; Version=1; Max-Age=30; Expires=Thu, 03-May-2018 05:30:23 GMT; Path=/ sid=""; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/ JSESSIONID=E55354968D3DA0A23379F425E6962983; Path=/; HttpOnly t=default; Path=/
X-Rate-Limit-Reset
1525325398
X-Robots-Tag
none
Keep-Alive
timeout=5, max=100
Expires
0
okta-login-page.min.d029e518b9b3ca1cd273b982139726f2.css
ok2static.oktacdn.com/assets/loginpage/css/
219 KB
41 KB
Stylesheet
General
Full URL
https://ok2static.oktacdn.com/assets/loginpage/css/okta-login-page.min.d029e518b9b3ca1cd273b982139726f2.css
Requested by
Host: aexp.okta.com
URL: https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Protocol
SPDY
Server
52.85.184.163 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-163.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
f0730cdeb7fd3555596fbc00081a0474a2a6490886ef5393f26952d0691cd298
Security Headers
Name Value
Strict-Transport-Security max-age=315360000

Request headers

Referer
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Fri, 20 Apr 2018 00:05:15 GMT
content-encoding
gzip
vary
Accept-Encoding
age
1142678
x-cache
Hit from cloudfront
status
200
last-modified
Wed, 18 Apr 2018 01:44:20 GMT
server
nginx
etag
W/"5ad6a2f4-36ab4"
strict-transport-security
max-age=315360000
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
via
1.1 7a5407bd3564d5f8494603c5f2d0661f.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
content-type
text/css
x-amz-cf-id
KjJp7etAtDDoetFUZA8ZJ3IHDdpI1KwnNjag6r8XoeP1EQ2Zfx-ylg==
expires
Sat, 20 Apr 2019 00:05:15 GMT
jive60.856617bc7b81f9f167290c045b1e35b6.png
ok2static.oktacdn.com/assets/img/logos/
2 KB
2 KB
Image
General
Full URL
https://ok2static.oktacdn.com/assets/img/logos/jive60.856617bc7b81f9f167290c045b1e35b6.png
Requested by
Host: aexp.okta.com
URL: https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Protocol
SPDY
Server
52.85.184.163 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-163.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
57b73deab78891da805983872707ce3a8250512fe99a22629d1262b23c314f6e

Request headers

Referer
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Fri, 18 Aug 2017 07:55:16 GMT
via
1.1 7a5407bd3564d5f8494603c5f2d0661f.cloudfront.net (CloudFront)
age
22282476
x-cache
Hit from cloudfront
status
200
content-length
1537
last-modified
Sat, 12 Aug 2017 01:44:12 GMT
server
nginx
etag
"598e5d6c-601"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
image/png
x-amz-cf-id
TfI4cMfs_JQssk4zcOEtMONcQuBYsJUc9H_6M0tCq-lHXbUr79NiOQ==
expires
Sat, 18 Aug 2018 07:55:16 GMT
initLoginPage.pack.8eb5f472624f2ba2474eac9b8e8773ab.js
ok2static.oktacdn.com/assets/js/mvc/loginpage/
2 MB
556 KB
Script
General
Full URL
https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.8eb5f472624f2ba2474eac9b8e8773ab.js
Requested by
Host: aexp.okta.com
URL: https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Protocol
SPDY
Server
52.85.184.163 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-163.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
a7fd049c86d696feb2421427256e1d1ddaf498820d14145a87cc46264f247720
Security Headers
Name Value
Strict-Transport-Security max-age=315360000

Request headers

Referer
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

date
Thu, 03 May 2018 00:07:55 GMT
content-encoding
gzip
vary
Accept-Encoding
age
19318
x-cache
Hit from cloudfront
status
200
last-modified
Fri, 27 Apr 2018 16:36:36 GMT
server
nginx
etag
W/"5ae35194-1b9287"
strict-transport-security
max-age=315360000
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
via
1.1 7a5407bd3564d5f8494603c5f2d0661f.cloudfront.net (CloudFront)
cache-control
max-age=31536000, public,max-age=31536000,s-maxage=1814400
content-type
application/javascript
x-amz-cf-id
bKllUJqnOUBv0naS6xW-wQQwyKdVgaKc8QQfPybEAUl3Gvc9uwLlKA==
expires
Fri, 03 May 2019 00:07:55 GMT
fileStoreRecord
ok2static.oktacdn.com/bc/image/
3 KB
4 KB
Image
General
Full URL
https://ok2static.oktacdn.com/bc/image/fileStoreRecord?id=fs04hmwxad5mjSgE40x7
Protocol
SPDY
Server
52.85.184.163 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-163.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
873c4a558518b4627a36a4b1b67d3d4dd2000893c3b1d60f1dc48e58570ee3dc
Security Headers
Name Value
Strict-Transport-Security max-age=315360000

Request headers

Referer
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

x-okta-request-id
Wipq-CDfzB4EMf9NDtuv9AAADok
date
Fri, 08 Dec 2017 10:35:40 GMT
via
1.1 7a5407bd3564d5f8494603c5f2d0661f.cloudfront.net (CloudFront)
x-rate-limit-limit
10000
content-type
image/png
x-rate-limit-remaining
9995
age
1703573
x-cache
Hit from cloudfront
p3p
CP="HONK"
status
200
content-length
3403
last-modified
Thu, 10 Mar 2016 05:24:56 GMT
server
nginx
strict-transport-security
max-age=315360000
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
public,max-age=31536000,s-maxage=1814400
x-rate-limit-reset
1512729399
x-robots-tag
none
x-amz-cf-id
HA0FBHgWzIEPloFMJq6uW-i9SmqfaSIg_Qi7si4G-T7tOExnbSoRPQ==
expires
Sat, 08 Dec 2018 10:35:40 GMT
iframe.html
login.okta.com/discovery/ Frame A166
531 B
947 B
Document
General
Full URL
https://login.okta.com/discovery/iframe.html
Requested by
Host: ok2static.oktacdn.com
URL: https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.8eb5f472624f2ba2474eac9b8e8773ab.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.184.86 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-86.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
53049caf5bff4bc85495b9c230e5ce6f5c242f107e1946c2e5817f975d78a3c4

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
login.okta.com
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
Connection
keep-alive
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
Referer
https://aexp.okta.com/app/jive60/exkdpvnryoaVOv50y0x7/sso/saml
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Thu, 05 Apr 2018 18:12:57 GMT
Via
1.1 f51b809c33f0bb5b1d5504f4df0c0a3f.cloudfront.net (CloudFront)
Last-Modified
Thu, 05 Apr 2018 18:12:49 GMT
Server
AmazonS3
Age
40556
ETag
"132efefaaa286b4e274e17c34c8ff86b"
X-Cache
Hit from cloudfront
Content-Type
text/html
Connection
keep-alive
Content-Length
531
X-Amz-Cf-Id
-Z2ozSUa3FGHT6uryIRdSRY1hq6_ZhZtykZb1wGiKcf_uYgOPqpqhg==
okticon.db28723126138387cdf40680e6e0fa5d.woff
ok2static.oktacdn.com/assets/loginpage/font/
20 KB
21 KB
Font
General
Full URL
https://ok2static.oktacdn.com/assets/loginpage/font/okticon.db28723126138387cdf40680e6e0fa5d.woff
Protocol
SPDY
Server
52.85.184.78 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-78.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
7eccbb3b4b68f9f24a3b826f2eea4a1bbb48196cb734afc1b62c3d045cb680e1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Referer
https://ok2static.oktacdn.com/assets/loginpage/css/okta-login-page.min.d029e518b9b3ca1cd273b982139726f2.css
Origin
https://aexp.okta.com

Response headers

date
Wed, 13 Dec 2017 03:47:57 GMT
via
1.1 1a483cde6df004748f3e5c80dc46df26.cloudfront.net (CloudFront)
age
12188517
x-cache
Hit from cloudfront
status
200
content-length
20600
last-modified
Thu, 30 Nov 2017 22:15:08 GMT
server
nginx
etag
"5a2082ec-5078"
public-key-pins-report-only
pin-sha256="r5EfzZxQVvQpKo3AgYRaT7X2bDO/kj3ACwmxfdT2zt8="; pin-sha256="MaqlcUgk2mvY/RFSGeSwBRkI+rZ6/dxe/DuQfBT/vnQ="; pin-sha256="72G5IEvDEWn+EThf3qjR7/bQSWaS2ZSLqolhnO6iyJI="; pin-sha256="rrV6CLCCvqnk89gWibYT0JO6fNQ8cCit7GGoiVTjCOg="; max-age=60; report-uri="https://okta.report-uri.io/r/default/hpkp/reportOnly"
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
content-type
application/font-woff
x-amz-cf-id
5fEgOQXhOY5U4IET15jyEojjNAPMbaDtIVyisDp90BGZOFcO-XUnYA==
expires
Thu, 13 Dec 2018 03:47:57 GMT
discoveryIframe-a3766d114bdf498ab637.min.js
login.okta.com/lib/ Frame A166
91 KB
91 KB
Script
General
Full URL
https://login.okta.com/lib/discoveryIframe-a3766d114bdf498ab637.min.js
Requested by
Host: login.okta.com
URL: https://login.okta.com/discovery/iframe.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.85.184.86 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-52-85-184-86.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
20df1aa0e5f0da1d4005255d01257dfc8d34a6aec3e9c2dcdb875360af46ca47

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
login.okta.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36
Accept
*/*
Referer
https://login.okta.com/discovery/iframe.html
Connection
keep-alive
Cache-Control
no-cache
Referer
https://login.okta.com/discovery/iframe.html
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/65.0.3325.181 Safari/537.36

Response headers

Date
Thu, 05 Apr 2018 18:12:57 GMT
Via
1.1 f51b809c33f0bb5b1d5504f4df0c0a3f.cloudfront.net (CloudFront)
Last-Modified
Thu, 05 Apr 2018 18:12:49 GMT
Server
AmazonS3
Age
40570
ETag
"55a8af21bd703a2d369c8c98370a23f8"
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Connection
keep-alive
Content-Length
92755
X-Amz-Cf-Id
Hjb85BRlLwrU4BAL4Dlgd1WFNB7LHlLLO4UgWGxFNa82qUyAPvhUew==

Verdicts & Comments Add Verdict or Comment

16 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| okta function| runLoginPage object| OktaLogin object| core object| __core-js_shared__ object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill object| jQBrowser function| jQueryCourage object| Backbone

4 Cookies

Domain/Path Name / Value
aexp.okta.com/ Name: t
Value: default
aexp.okta.com/ Name: JSESSIONID
Value: E55354968D3DA0A23379F425E6962983
aexp.okta.com/ Name: ADRUM_BT1
Value: "R:69|i:1083|e:63"
aexp.okta.com/ Name: ADRUM_BTa
Value: "R:69|g:5a4b613c-0bd1-4e45-9bc4-e1a75a57dd2a|n:Okta_6d5b1e30-d05a-4894-a37b-81b5f6c60e0e"

1 Console Messages

Source Level URL
Text
console-api log URL: https://ok2static.oktacdn.com/assets/js/mvc/loginpage/initLoginPage.pack.8eb5f472624f2ba2474eac9b8e8773ab.js(Line 26695)
Message:
[okta-auth-sdk] WARN: This browser doesn't support localStorage. Switching to sessionStorage.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN