Submitted URL: http://www.oxy.com/employeehandbook/
Effective URL: https://www.oxy.com/employeehandbook/
Submission: On December 11 via manual from IN — Scanned from DE

Summary

This website contacted 7 IPs in 3 countries across 7 domains to perform 36 HTTP transactions. The main IP is 2606:4700:4400::6812:2548, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.oxy.com. The Cisco Umbrella rank of the primary domain is 717090.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on December 21st 2023. Valid for: a year.
This is the only time www.oxy.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 2606:4700:440... 13335 (CLOUDFLAR...)
14 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2620:1ec:bdf::45 8075 (MICROSOFT...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
2 20.50.88.233 8075 (MICROSOFT...)
36 7
Apex Domain
Subdomains
Transfer
14 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 329
245 KB
14 oxy.com
www.oxy.com — Cisco Umbrella Rank: 717090
1 MB
2 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 801
202 B
2 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 3353
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
210 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 514
295 B
1 azure.com
js.monitor.azure.com — Cisco Umbrella Rank: 597
56 KB
36 7
Domain Requested by
14 cdn.cookielaw.org www.oxy.com
cdn.cookielaw.org
js.monitor.azure.com
14 www.oxy.com www.oxy.com
2 dc.services.visualstudio.com js.monitor.azure.com
2 region1.google-analytics.com js.monitor.azure.com
2 www.googletagmanager.com www.oxy.com
www.googletagmanager.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 js.monitor.azure.com www.oxy.com
36 7
Subject Issuer Validity Valid
www.oxy.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-12-21 -
2024-12-20
a year crt.sh
cookielaw.org
WE1
2024-12-09 -
2025-03-09
3 months crt.sh
*.google-analytics.com
WR2
2024-11-04 -
2025-01-27
3 months crt.sh
js.monitor.azure.com
Microsoft Azure RSA TLS Issuing CA 04
2024-11-19 -
2025-05-18
6 months crt.sh
geolocation.onetrust.com
WE1
2024-12-09 -
2025-03-09
3 months crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 04
2024-11-23 -
2025-05-22
6 months crt.sh

This page contains 1 frames:

Primary Page: https://www.oxy.com/employeehandbook/
Frame ID: 33422276442B25B75289E19A64F80DCF
Requests: 35 HTTP requests in this frame

Screenshot

Page Title

Oxy | Zero In

Page URL History Show full URLs

  1. http://www.oxy.com/employeehandbook/ HTTP 307
    https://www.oxy.com/employeehandbook/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

36
Requests

100 %
HTTPS

86 %
IPv6

7
Domains

7
Subdomains

7
IPs

3
Countries

1966 kB
Transfer

4583 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.oxy.com/employeehandbook/ HTTP 307
    https://www.oxy.com/employeehandbook/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.oxy.com/employeehandbook/
Redirect Chain
  • http://www.oxy.com/employeehandbook/
  • https://www.oxy.com/employeehandbook/
46 KB
8 KB
Document
General
Full URL
https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b51fee0a8f1687271d784f405870a402bb3b6f19268df99d2879aeb8a4cdfa2f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-cache,no-store
cf-cache-status
DYNAMIC
cf-ray
8f0288771a3e360c-FRA
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Wed, 11 Dec 2024 03:54:23 GMT
expires
-1
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload

Redirect headers

Location
https://www.oxy.com/employeehandbook/
Non-Authoritative-Reason
HttpsUpgrades
OtAutoBlock.js
cdn.cookielaw.org/consent/8bc190c6-1b62-4215-9767-0a7983b7645e/
4 KB
2 KB
Script
General
Full URL
https://cdn.cookielaw.org/consent/8bc190c6-1b62-4215-9767-0a7983b7645e/OtAutoBlock.js
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6e0e9c238f2186180af6c0772af724ba1fc466627e53d22991ef5c48bdaa7a66
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
TR++s9lB6QtxA93yPGvTpw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DD051DEBB64191
age
69678
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 12 Dec 2024 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/javascript
last-modified
Fri, 15 Nov 2024 02:33:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
1811b3b4-201e-001b-6b06-37bd18000000
cf-ray
8f0288791a86d365-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1700
x-ms-blob-type
BlockBlob
server
cloudflare
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
22 KB
8 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
50d93a2c186cbd1032ed973e133713a6dfbbd5f7fba4fb89069350f228ce4d81
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
UzmBk0Ra4K9he+CwjGKb/g==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD188D1A896EBB
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
76801
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/javascript
last-modified
Mon, 09 Dec 2024 20:07:27 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
05518db7-001e-0043-1bb4-4ab963000000
cf-ray
8f0288791a89d365-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
7211
x-ms-blob-type
BlockBlob
server
cloudflare
main.css
www.oxy.com/styles/
413 KB
44 KB
Stylesheet
General
Full URL
https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b16f2066cf229f09faac9fbc93e77ce641702203cbef7c409719fc36d950dd4
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"1db47531ead95a7"
age
436508
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
text/css
last-modified
Thu, 05 Dec 2024 20:20:26 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=31536000
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
cf-ray
8f028878fb28360c-FRA
access-control-allow-origin
https://www.oxy.com
server
cloudflare
logo.png
www.oxy.com/siteassets/images/logos/
2 KB
2 KB
Image
General
Full URL
https://www.oxy.com/siteassets/images/logos/logo.png
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffdb072b2978ab3dd4fdf7362790c2f30f0f088a171e0416c342c23b328dd8c7
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

cf-cache-status
MISS
etag
"1da4a547dda00f2"
x-content-type-options
nosniff
expires
Wed, 11 Dec 2024 03:53:24 GMT
date
Wed, 11 Dec 2024 03:54:24 GMT
x-frame-option
sameorigin
content-type
image/png
last-modified
Thu, 18 Jan 2024 21:22:51 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
no-store, must-revalidate, proxy-revalidate, no-cache
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
1906
cf-ray
8f0288794b53360c-FRA
server
cloudflare
oxy-logo-tagline-white.png
www.oxy.com/siteassets/images/logos/
3 KB
3 KB
Image
General
Full URL
https://www.oxy.com/siteassets/images/logos/oxy-logo-tagline-white.png
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffa04f3a1c40c5d9c249f95bcebfb3aa1b88c1d41992aa029001bcead0e00269
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

cf-cache-status
MISS
etag
"1da4a55e5448cb9"
x-content-type-options
nosniff
expires
Wed, 11 Dec 2024 03:53:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
image/png
last-modified
Thu, 18 Jan 2024 21:32:54 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
no-store, must-revalidate, proxy-revalidate, no-cache
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
3001
cf-ray
8f028878fb29360c-FRA
server
cloudflare
oxyprivacylogo.png
www.oxy.com/siteassets/images/
4 KB
5 KB
Image
General
Full URL
https://www.oxy.com/siteassets/images/oxyprivacylogo.png
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9abcfbbd5ee03410d0e3b8a3583acdfd89a50b1446221e39c46724c42677acbf
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

cf-cache-status
MISS
etag
"1daded412c23e52"
x-content-type-options
nosniff
expires
Wed, 11 Dec 2024 03:53:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
image/png
last-modified
Thu, 25 Jul 2024 20:48:59 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
no-store, must-revalidate, proxy-revalidate, no-cache
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
4562
cf-ray
8f028878fb2a360c-FRA
server
cloudflare
find.js
www.oxy.com/Util/Find/epi-util/
6 KB
2 KB
Script
General
Full URL
https://www.oxy.com/Util/Find/epi-util/find.js
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
67004276e5cbe57d0cc96a32bd76d47b1daf4f91f52f807df4d8f9259c69b844
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"1da840b320bfaec"
age
56
x-content-type-options
nosniff
expires
Wed, 11 Dec 2024 07:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
application/javascript
last-modified
Mon, 01 Apr 2024 08:04:18 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=14400
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
cf-ray
8f0288794b54360c-FRA
access-control-allow-origin
https://www.oxy.com
server
cloudflare
bundle.main.js
www.oxy.com/
2 MB
349 KB
Script
General
Full URL
https://www.oxy.com/bundle.main.js?v=bde84f769ca27b5aa4d057c1d95f451e
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
db932650d74ffc7122f4ba92a5d98dc22189a6a960da9f462057e437291fb70f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"1db47531eb37022"
age
444090
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
application/javascript
last-modified
Thu, 05 Dec 2024 20:20:26 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=31536000
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
cf-ray
8f0288794b51360c-FRA
access-control-allow-origin
https://www.oxy.com
server
cloudflare
8bc190c6-1b62-4215-9767-0a7983b7645e.json
cdn.cookielaw.org/consent/8bc190c6-1b62-4215-9767-0a7983b7645e/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/8bc190c6-1b62-4215-9767-0a7983b7645e/8bc190c6-1b62-4215-9767-0a7983b7645e.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff1f1879c78542b95d3195f59aae387f26ba38e61388de0865bd10068969f863
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
H/V7eeMgHiJACUuJfk+OgQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DD051DEBB778B1
age
54766
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 12 Dec 2024 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json
last-modified
Fri, 15 Nov 2024 02:33:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
5f1a479c-d01e-0027-5706-3709c3000000
cf-ray
8f0288795adadbd4-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1786
x-ms-blob-type
BlockBlob
server
cloudflare
gtm.js
www.googletagmanager.com/
227 KB
80 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NLSVLVT
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b2322854ea786bacb4c3f279aac9bcaee287ca68035423c13d88fd5536f9d71d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 11 Dec 2024 03:54:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 11 Dec 2024 03:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
81107
x-xss-protection
0
server
Google Tag Manager
SpeziaWeb-Medium.woff2
www.oxy.com/assets/fonts/
26 KB
27 KB
Font
General
Full URL
https://www.oxy.com/assets/fonts/SpeziaWeb-Medium.woff2
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b13b7405c1bc1faa48bd7da7cc27b6a7570699a7479ab7836becd092d86a1e2
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.oxy.com
Referer
https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0

Response headers

cf-cache-status
HIT
etag
"1db47531eab888c"
age
334498
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
font/woff2
last-modified
Thu, 05 Dec 2024 20:20:26 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=31536000
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
27020
cf-ray
8f0288795b5b360c-FRA
server
cloudflare
icon-font.woff2
www.oxy.com/assets/fonts/
2 KB
3 KB
Font
General
Full URL
https://www.oxy.com/assets/fonts/icon-font.woff2
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92d76ea38e407df10763782b77572cd48cc9c3d1c3486f9ea550296289db557c
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.oxy.com
Referer
https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0

Response headers

cf-cache-status
HIT
etag
"1db36d1df4d29b4"
age
2200326
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
font/woff2
last-modified
Thu, 14 Nov 2024 20:14:56 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=31536000
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
2484
cf-ray
8f0288795b5e360c-FRA
server
cloudflare
SpeziaWeb-Regular.woff2
www.oxy.com/assets/fonts/
26 KB
27 KB
Font
General
Full URL
https://www.oxy.com/assets/fonts/SpeziaWeb-Regular.woff2
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed50a508fa70983b8b126d82b990fe67e61cc28387e207002bec6112e1761331
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.oxy.com
Referer
https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0

Response headers

cf-cache-status
HIT
etag
"1db36d1df4d4974"
age
2194777
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
font/woff2
last-modified
Thu, 14 Nov 2024 20:14:56 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=31536000
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
26996
cf-ray
8f0288795b5f360c-FRA
server
cloudflare
SpeziaWeb-Bold.woff2
www.oxy.com/assets/fonts/
26 KB
28 KB
Font
General
Full URL
https://www.oxy.com/assets/fonts/SpeziaWeb-Bold.woff2
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c81160170a6e5754fffb8d9a909b0c63b62400d9b72b3c368864c67accd1d2d
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.oxy.com
Referer
https://www.oxy.com/styles/main.css?v=2ca24ba9d03d58ceb2a95bc64389d6c0

Response headers

cf-cache-status
HIT
etag
"1db36d1df4d49a8"
age
2200326
x-content-type-options
nosniff
expires
Thu, 11 Dec 2025 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
font/woff2
last-modified
Thu, 14 Nov 2024 20:14:56 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
public, max-age=31536000
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
27048
cf-ray
8f0288796b60360c-FRA
server
cloudflare
forestview-1920x1080.jpg
www.oxy.com/siteassets/images/sample-images/
950 KB
951 KB
Image
General
Full URL
https://www.oxy.com/siteassets/images/sample-images/forestview-1920x1080.jpg
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3e42f9ec5c583561ababdbbba7e09dd48fdf9d7f2a1fdc99ed7155488462e28e
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

cf-cache-status
MISS
etag
"1d5fbf8f770f4af"
x-content-type-options
nosniff
expires
Wed, 11 Dec 2024 03:53:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
x-frame-option
sameorigin
content-type
image/jpeg
last-modified
Tue, 17 Mar 2020 01:11:20 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
no-store, must-revalidate, proxy-revalidate, no-cache
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
972975
cf-ray
8f0288796b61360c-FRA
server
cloudflare
ai.2.gbl.min.js
js.monitor.azure.com/scripts/b/
120 KB
56 KB
Script
General
Full URL
https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:bdf::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
12e7192855d64b8867e792c9e0359a8e0b5ae2e2c9286007c9e4b881d86e7e07

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://www.oxy.com
Referer
https://www.oxy.com/

Response headers

x-azure-ref
20241211T035423Z-r1bf9c55697kjfdqhC1FRAk0mg00000002a0000000004mgz
cache-control
public, max-age=1800, immutable, no-transform
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-aijssdksrc,x-ms-meta-aijssdkver,x-ms-meta-lastmodified,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
content-encoding
br
x-fd-int-roxy-purgeid
0
x-ms-request-id
81bf5983-f01e-009b-3255-3c01da000000
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.18.gbl.min.js
access-control-allow-origin
*
x-cache
TCP_HIT
x-ms-meta-aijssdkver
2.8.18
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
text/javascript; charset=utf-8
vary
Accept-Encoding
last-modified
Wed, 20 Mar 2024 17:31:22 GMT
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
accept
application/json
Referer
https://www.oxy.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
access-control-allow-methods
GET, OPTIONS
cf-ray
8f028879b9afdbe0-FRA
access-control-allow-origin
*
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json
vary
Accept-Encoding
server
cloudflare
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202410.1.0/
461 KB
112 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202410.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea345fff49064976d477cba358fa7a9b7d44fe3f2603ece439ec7cceca25b0ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
OI6ss05gYupGXEyzSe0Tqw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD0F90FEB32B93
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
73689
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/javascript
last-modified
Thu, 28 Nov 2024 09:42:37 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
6b313eaa-701e-002a-797a-41e6cf000000
cf-ray
8f02887a1bbbd365-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
114246
x-ms-blob-type
BlockBlob
server
cloudflare
js
www.googletagmanager.com/gtag/
402 KB
130 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-70TY67EB27&l=dataLayer&cx=c&gtm=45He4ca0v854796463za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NLSVLVT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
28ca06432cfbc47d58bcb3b7ae6c539715b63d58f8dd4a2b768618e11b212f6a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 11 Dec 2024 03:54:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
133192
x-xss-protection
0
server
Google Tag Manager
en.json
cdn.cookielaw.org/consent/8bc190c6-1b62-4215-9767-0a7983b7645e/fa61790f-105c-4c55-8d5f-0dfec1c0af74/
68 KB
14 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/8bc190c6-1b62-4215-9767-0a7983b7645e/fa61790f-105c-4c55-8d5f-0dfec1c0af74/en.json
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6ab763d60ab9cd10a521d198d250a7d7e82ec7650ffa4c7c31428ab5669ef9b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
3E7twiTvTIbthfn9k172Wg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
HIT
etag
0x8DD051DEFC93499
age
33914
x-ms-lease-status
unlocked
x-content-type-options
nosniff
x-ms-version
2009-09-19
expires
Thu, 12 Dec 2024 03:54:23 GMT
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json
last-modified
Fri, 15 Nov 2024 02:33:49 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
e47c3382-901e-004d-4906-375568000000
cf-ray
8f02887a5c2adbd4-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
13978
x-ms-blob-type
BlockBlob
server
cloudflare
otFlat.json
cdn.cookielaw.org/scripttemplates/202410.1.0/assets/
13 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202410.1.0/assets/otFlat.json
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
KtZPjvOSiaf/7Qm8pUf4gQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD0F90FA5162B5
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
53243
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json
last-modified
Thu, 28 Nov 2024 09:42:30 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
daa54c5e-801e-0095-28d4-41f2b9000000
cf-ray
8f02887a8c78dbd4-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3003
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202410.1.0/assets/v2/
62 KB
13 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202410.1.0/assets/v2/otPcCenter.json
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b299beb73a789a8d7b52742818aa6ca138181937696f93189bd6051cc6db65f2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
jl3/A5uhoeIYptHx/x9Yqw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD0F90FBA7F781
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
53243
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json
last-modified
Thu, 28 Nov 2024 09:42:32 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
58c0cca1-b01e-0073-0208-42e349000000
cf-ray
8f02887a8c7adbd4-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
12723
x-ms-blob-type
BlockBlob
server
cloudflare
otCookieSettingsButton.json
cdn.cookielaw.org/scripttemplates/202410.1.0/assets/
5 KB
2 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202410.1.0/assets/otCookieSettingsButton.json
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
qCG/M5VT9MVxxsv2WsCDvA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD0F90FB6042A1
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
53243
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json
last-modified
Thu, 28 Nov 2024 09:42:32 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
d5c2f127-301e-00c8-232a-4202bd000000
cf-ray
8f02887a8c7bdbd4-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1738
x-ms-blob-type
BlockBlob
server
cloudflare
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202410.1.0/assets/
24 KB
4 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/202410.1.0/assets/otCommonStyles.css
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2afa04c9a3e080712c94d68b9c1d33587fddcbaeaba9dfcaf1d53d19f6a280a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
A9jekd5UoO8SyzJ6LiStug==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
53243
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
text/css
last-modified
Thu, 28 Nov 2024 09:42:41 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
ac30748f-801e-00b7-6817-429c8f000000
cf-ray
8f02887a8c7cdbd4-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_close.svg
cdn.cookielaw.org/logos/static/
651 B
600 B
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_close.svg
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
pcXWFGpuVeSg/jVnYCseRg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
7578
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
image/svg+xml
last-modified
Tue, 10 Dec 2024 17:08:44 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
af9a0346-601e-0058-246c-4b97f1000000
cf-ray
8f02887abc81d365-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
495 B
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
15261
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
image/svg+xml
last-modified
Mon, 09 Dec 2024 20:07:28 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
9fd9feda-801e-009e-299e-4aeacd000000
cf-ray
8f02887abcc1dbd4-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/
497 B
0
Fetch
General
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
tXyZydHjxQshFMbbBT1/8A==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
15261
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
image/svg+xml
last-modified
Mon, 09 Dec 2024 20:07:28 GMT
vary
Accept-Encoding
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
9fd9feda-801e-009e-299e-4aeacd000000
cf-ray
8f02887abcc1dbd4-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
OXY_LOGO_ZERO-IN_HORIZONTAL_COLOR_RGB.png
cdn.cookielaw.org/logos/741149ca-801c-4eec-8397-d271344f4637/f3e96e64-f9ef-4d89-8ced-487107bab941/5499f80e-0035-464c-8083-b91c56e74e11/
82 KB
83 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/741149ca-801c-4eec-8397-d271344f4637/f3e96e64-f9ef-4d89-8ced-487107bab941/5499f80e-0035-464c-8083-b91c56e74e11/OXY_LOGO_ZERO-IN_HORIZONTAL_COLOR_RGB.png
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17aa7c9c790b512dab9023a03150f409cc87f857c1808bad0bcd9473c745d8c3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
TxbkPeT7EiOgM9qN5bR2xQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
etag
0x8D9A38C5D28F9DB
age
64897
cf-cache-status
HIT
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
image/png
last-modified
Tue, 09 Nov 2021 14:22:30 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
a66cb5f2-001e-004d-4651-79f66f000000
cf-ray
8f02887acc98d365-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
84474
x-ms-blob-type
BlockBlob
server
cloudflare
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
5 KB
2 KB
Image
General
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: www.oxy.com
URL: https://www.oxy.com/employeehandbook/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

content-md5
Y+c301RBZNK39PvKQWrIBw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-version
2009-09-19
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
81400
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
image/svg+xml
last-modified
Mon, 09 Dec 2024 03:23:08 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
5bd9d21d-701e-0047-7d36-4a4ce1000000
cf-ray
8f02887acc99d365-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-70TY67EB27&gtm=45je4ca0v884655235z8854796463za200zb854796463&_p=1733889263556&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&cid=1648132679.1733889264&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1733889263&sct=1&seg=0&dl=https%3A%2F%2Fwww.oxy.com%2Femployeehandbook%2F&dt=Oxy%20%7C%20Zero%20In&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=698
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.oxy.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
text/plain
server
Golfe2
favicon.ico
www.oxy.com/
2 KB
3 KB
Other
General
Full URL
https://www.oxy.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e7c653861b4dcd06b89c53bd83cf21e87f718947a523c931634f510444ac8af3
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

content-encoding
gzip
cf-cache-status
MISS
etag
W/"1db47531eabe7ac"
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:24 GMT
x-frame-option
sameorigin
content-type
image/x-icon
last-modified
Thu, 05 Dec 2024 20:20:26 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
private, no-cache, max-age=0
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
cf-ray
8f02887e2dc9360c-FRA
access-control-allow-origin
https://www.oxy.com
server
cloudflare
track
dc.services.visualstudio.com/v2/
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.233 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://www.oxy.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context,X-Set-Cross-Origin-Resource-Policy
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Wed, 11 Dec 2024 03:54:23 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
98 B
202 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.233 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
4f15a4b15477ff10c02688a9f3120d7a3720330da3dc295a1d1ab52552e3341e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://www.oxy.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-type
application/json
Sdk-Context
appId

Response headers

strict-transport-security
max-age=31536000
access-control-allow-origin
*
date
Wed, 11 Dec 2024 03:54:23 GMT
content-type
application/json; charset=utf-8
server
Microsoft-HTTPAPI/2.0
x-content-type-options
nosniff
favicon-32x32.png
www.oxy.com/
2 KB
2 KB
Other
General
Full URL
https://www.oxy.com/favicon-32x32.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2548 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ea8233e42211f17b06a9ea11ff84e01716f9b5f49366f72b86b04e3aba26c9fa
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/employeehandbook/

Response headers

cf-cache-status
MISS
etag
"1db47531eabe7d7"
x-content-type-options
nosniff
date
Wed, 11 Dec 2024 03:54:24 GMT
x-frame-option
sameorigin
content-type
image/png
last-modified
Thu, 05 Dec 2024 20:20:26 GMT
vary
Origin, Accept-Encoding
strict-transport-security
max-age=31536000
reporting-endpoints
main="https://reportto.oxy.com/reportto.php"
content-security-policy
default-src 'self' *.episerver.net *.jquery.com *.google-analytics.com *.doubleclick.net *.googleapis.com *.gstatic.com *.google.com player.vimeo.com; frame-ancestors 'self' https://occidentalpetroleum.gcs-web.com/ *.oxy.com; script-src 'self' *.youtube.com/ https://js.monitor.azure.com *.cookielaw.org *.clarity.ms *.aptrinsic.com api.campaign.episerver.net www.google-analytics.com *.google.com *.gstatic.com ajax.googleapis.com cdnjs.cloudflare.com *.googletagmanager.com dl.episerver.net *.vo.msecnd.net dc.services.visualstudio.com code.jquery.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net 'unsafe-inline' 'unsafe-eval'; connect-src 'self' *.cookielaw.org https://geolocation.onetrust.com *.clarity.ms *.aptrinsic.com api.campaign.episerver.net pui.episerver.net *.doubleclick.net dc.services.visualstudio.com www.google-analytics.com; img-src blob: 'self' *.w3.org *.clarity.ms *.cookielaw.org *.imgix.net *.bing.com *.googletagmanager.com *.google-analytics.com; style-src 'self' 'unsafe-inline' www.google-analytics.com *.aptrinsic.com ajax.googleapis.com cdnjs.cloudflare.com *.soundcloud.com *.googletagmanager.com dl.episerver.net *.googleapis.com maxcdn.bootstrapcdn.com cdn.jsdelivr.net; base-uri 'self'; font-src 'self' https://fonts.gstatic.com *.cloudfront.net; form-action 'self'; frame-src 'self' *.episerver.net https://cacl2-tools-dev.oxy.com *.youtube.com/ https://occidentalpetroleum.gcs-web.com/ https://sds.oxy.com/ player.vimeo.com https://www.google.com/ *.jaxondigital.com; report-to main; report-uri https://reportto.oxy.com/reportto.php
cache-control
private, no-cache, max-age=0
referrer-policy
no-referrer-when-downgrade
request-context
appId=cid-v1:6f53d847-e1af-4d5a-822a-832c0d6d884a
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges
bytes
access-control-allow-origin
https://www.oxy.com
content-length
1751
cf-ray
8f0288810f0a360c-FRA
server
cloudflare
collect
region1.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-70TY67EB27&gtm=45je4ca0v884655235za200zb854796463&_p=1733889263556&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102067808~102081485&gdid=dYWJhMj&cid=1648132679.1733889264&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1733889263&sct=1&seg=0&dl=https%3A%2F%2Fwww.oxy.com%2Femployeehandbook%2F&dt=Oxy%20%7C%20Zero%20In&en=scroll&epn.percent_scrolled=90&_et=10&tfd=5710
Requested by
Host: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.gbl.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://www.oxy.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.oxy.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 11 Dec 2024 03:54:28 GMT
content-type
text/plain
server
Golfe2

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| dataLayer object| appInsights object| OtTrustedType object| Microsoft object| __dynProto$Gbl object| webpackJsonp function| objectFitPolyfill object| otStubData object| google_tag_manager object| google_tag_data function| FindApi object| Optanon object| OneTrust function| gtag string| OnetrustActiveGroups string| OptanonActiveGroups function| onYouTubeIframeAPIReady object| gaGlobal

8 Cookies

Domain/Path Name / Value
www.oxy.com/ Name: .AspNetCore.Session
Value: CfDJ8GR6DR9R6%2BBFjUS3L%2F9Ie%2FeEnTDHRdz3X3kq2ZUAfhopV1oF3a87580vDVbSyoA7ixWUcatDohI8iFHjvdzkeBn4r5uRWm0rRCb8jz57PcwtKoY%2B7BpkA7DeMilpvSY05NpFmcQOwfC0rJKxEZ7KVCZTI72eSt9CBMwL9enA54G%2F
.www.oxy.com/ Name: ARRAffinity
Value: 611b239213d4b4b91c53616c835c16664a37f7eba9d98b21cd4341501a8cc5d8
.www.oxy.com/ Name: ARRAffinitySameSite
Value: 611b239213d4b4b91c53616c835c16664a37f7eba9d98b21cd4341501a8cc5d8
www.oxy.com/ Name: ai_user
Value: GqYkalwxTSQ6qxsUlFk9CM|2024-12-11T03:54:23.651Z
www.oxy.com/ Name: ai_session
Value: kVimvlFRiMeVFY4EAwsczJ|1733889263753|1733889263753
.oxy.com/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Wed+Dec+11+2024+04%3A54%3A23+GMT%2B0100+(Mitteleurop%C3%A4ische+Normalzeit)&version=202410.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.oxy.com%2Femployeehandbook%2F&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
.oxy.com/ Name: _ga
Value: GA1.1.1648132679.1733889264
.oxy.com/ Name: _ga_70TY67EB27
Value: GS1.1.1733889263.1.0.1733889263.0.0.0

1 Console Messages

Source Level URL
Text
network error URL: https://www.oxy.com/employeehandbook/
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdn.cookielaw.org
dc.services.visualstudio.com
geolocation.onetrust.com
js.monitor.azure.com
region1.google-analytics.com
www.googletagmanager.com
www.oxy.com
20.50.88.233
2001:4860:4802:34::36
2606:4700:4400::6812:2548
2606:4700:4400::ac40:9b77
2606:4700::6812:572a
2620:1ec:bdf::45
2a00:1450:4001:803::2008
0b16f2066cf229f09faac9fbc93e77ce641702203cbef7c409719fc36d950dd4
12e7192855d64b8867e792c9e0359a8e0b5ae2e2c9286007c9e4b881d86e7e07
17aa7c9c790b512dab9023a03150f409cc87f857c1808bad0bcd9473c745d8c3
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
28ca06432cfbc47d58bcb3b7ae6c539715b63d58f8dd4a2b768618e11b212f6a
2b13b7405c1bc1faa48bd7da7cc27b6a7570699a7479ab7836becd092d86a1e2
3e42f9ec5c583561ababdbbba7e09dd48fdf9d7f2a1fdc99ed7155488462e28e
4f15a4b15477ff10c02688a9f3120d7a3720330da3dc295a1d1ab52552e3341e
50d93a2c186cbd1032ed973e133713a6dfbbd5f7fba4fb89069350f228ce4d81
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
5fb7c176325267082e94a7131fed5e157516e6805cee3ac6f6a93340a947d640
67004276e5cbe57d0cc96a32bd76d47b1daf4f91f52f807df4d8f9259c69b844
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6ab763d60ab9cd10a521d198d250a7d7e82ec7650ffa4c7c31428ab5669ef9b2
6e0e9c238f2186180af6c0772af724ba1fc466627e53d22991ef5c48bdaa7a66
7c81160170a6e5754fffb8d9a909b0c63b62400d9b72b3c368864c67accd1d2d
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
92d76ea38e407df10763782b77572cd48cc9c3d1c3486f9ea550296289db557c
9abcfbbd5ee03410d0e3b8a3583acdfd89a50b1446221e39c46724c42677acbf
b2322854ea786bacb4c3f279aac9bcaee287ca68035423c13d88fd5536f9d71d
b299beb73a789a8d7b52742818aa6ca138181937696f93189bd6051cc6db65f2
b51fee0a8f1687271d784f405870a402bb3b6f19268df99d2879aeb8a4cdfa2f
d890abf66010907c7a0a61236d25c3c98bcb7edec34b13dc887f5be122bfef7e
db932650d74ffc7122f4ba92a5d98dc22189a6a960da9f462057e437291fb70f
e2afa04c9a3e080712c94d68b9c1d33587fddcbaeaba9dfcaf1d53d19f6a280a
e7c653861b4dcd06b89c53bd83cf21e87f718947a523c931634f510444ac8af3
ea345fff49064976d477cba358fa7a9b7d44fe3f2603ece439ec7cceca25b0ae
ea8233e42211f17b06a9ea11ff84e01716f9b5f49366f72b86b04e3aba26c9fa
ed50a508fa70983b8b126d82b990fe67e61cc28387e207002bec6112e1761331
ff1f1879c78542b95d3195f59aae387f26ba38e61388de0865bd10068969f863
ffa04f3a1c40c5d9c249f95bcebfb3aa1b88c1d41992aa029001bcead0e00269
ffdb072b2978ab3dd4fdf7362790c2f30f0f088a171e0416c342c23b328dd8c7