Submitted URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate#_edn201
Effective URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Submission: On December 23 via api from US — Scanned from CA

Summary

This website contacted 11 IPs in 3 countries across 8 domains to perform 103 HTTP transactions. The main IP is 216.223.152.12, located in Thornhill, Canada and belongs to ILAP, CA. The main domain is www.ohrc.on.ca.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on October 29th 2021. Valid for: a year.
This is the only time www.ohrc.on.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Domain Requested by
61 www3.ohrc.on.ca www.ohrc.on.ca
www3.ohrc.on.ca
25 www.facebook.com connect.facebook.net
www.ohrc.on.ca
www.facebook.com
5 www.ohrc.on.ca www.ohrc.on.ca
4 platform.twitter.com www.ohrc.on.ca
platform.twitter.com
2 syndication.twitter.com platform.twitter.com
2 connect.facebook.net www.ohrc.on.ca
connect.facebook.net
1 bam-cell.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com www.ohrc.on.ca
1 www.google-analytics.com www3.ohrc.on.ca
1 platform.linkedin.com www.ohrc.on.ca
103 10
Subject Issuer Validity Valid
ohrc.on.ca
Go Daddy Secure Certificate Authority - G2
2021-10-29 -
2022-10-16
a year crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA
2021-09-10 -
2022-09-10
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-10-01 -
2021-12-30
3 months crt.sh
*.twimg.com
DigiCert TLS RSA SHA256 2020 CA1
2021-10-20 -
2022-10-19
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-29 -
2022-02-21
3 months crt.sh
syndication.twitter.com
DigiCert TLS RSA SHA256 2020 CA1
2021-03-24 -
2022-03-23
a year crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA H2 2021
2021-10-06 -
2022-11-07
a year crt.sh
*.nr-data.net
DigiCert SHA2 Secure Server CA
2020-02-05 -
2022-02-08
2 years crt.sh

This page contains 4 frames:

Primary Page: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Frame ID: AD90778C9CACE0F9BE734DBF6C4F1FF1
Requests: 75 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.ohrc.on.ca
Frame ID: B72EB8EAEC6F7D9B48A96A70EE7CB369
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Frame ID: E4700531D9C33EB70104BE3148844A00
Requests: 25 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.21f942bb866c2823339b839747a0c50c.en.html
Frame ID: 02477CEC6B4AB3F0B0BF9B32441F449D
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

8. Duty to accommodate | Ontario Human Rights Commission

Detected technologies

Overall confidence: 100%
Detected patterns
  • drupal\.js

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery-ui.*\.js

Page Statistics

103
Requests

100 %
HTTPS

50 %
IPv6

8
Domains

10
Subdomains

11
IPs

3
Countries

815 kB
Transfer

2667 kB
Size

5
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

103 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 8-duty-accommodate
www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/
175 KB
51 KB
Document
General
Full URL
https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.223.152.12 Thornhill, Canada, ASN12059 (ILAP, CA),
Reverse DNS
http2.anycast.ilap.com
Software
nginx /
Resource Hash
caabcde80aa6ed55beb90f305cf9911359261bb007635535e2fce6f420fe376d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

server
nginx
date
Thu, 23 Dec 2021 14:25:14 GMT
content-type
text/html; charset=utf-8
x-drupal-cache
HIT
content-location
https://www3.ohrc.on.ca/en/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
content-language
en
x-frame-options
SAMEORIGIN
permissions-policy
interest-cohort=()
x-generator
Drupal 7 (http://drupal.org)
link
</en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate>; rel="canonical",</en/node/18936>; rel="shortlink"
cache-control
public, max-age=900
expires
Sun, 19 Nov 1978 05:00:00 GMT
vary
Cookie,Accept-Encoding
content-encoding
gzip
x-request-id
v-57deafd6-63fb-11ec-b04d-22000a950009
x-ah-environment
prod
age
344
via
varnish
x-cache
HIT
x-cache-hits
53
system.base.css
www3.ohrc.on.ca/modules/system/
5 KB
2 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/system/system.base.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bf6028e15a460586c16adb0210d268374501f60ecf36f11e554e2ffd089c636b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10049
x-ah-environment
prod
content-length
1883
x-request-id
v-2e70f1a8-62ad-11ec-afae-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
system.menus.css
www3.ohrc.on.ca/modules/system/
2 KB
990 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/system/system.menus.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8ddd16e82813d3b21156531806bf2621098f1315544b9dd93386b42fea3b6633
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10013
x-ah-environment
prod
content-length
661
x-request-id
v-2e711458-62ad-11ec-9426-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
system.messages.css
www3.ohrc.on.ca/modules/system/
961 B
710 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/system/system.messages.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d0bbad771a8a5ac5f9446791109693aeca1d676d44ced48f8514857f7d3e6fd0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10015
x-ah-environment
prod
content-length
382
x-request-id
v-2e70f234-62ad-11ec-bd0e-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
system.theme.css
www3.ohrc.on.ca/modules/system/
4 KB
2 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/system/system.theme.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ff7750952a601dbf03688b01a2eced6e5671a8335393eb063201bb732f12c99a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10015
x-ah-environment
prod
content-length
1220
x-request-id
v-2e70fe46-62ad-11ec-8998-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
mediaelementplayer.min.css
www3.ohrc.on.ca/sites/all/libraries/mediaelement/build/
19 KB
3 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/mediaelement/build/mediaelementplayer.min.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
21daa396814216b1c3b60e0596b213adcff24abe606791fbf9f526e77b625c33
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10033
x-ah-environment
prod
content-length
3118
x-request-id
v-2e7105c6-62ad-11ec-b513-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
book.css
www3.ohrc.on.ca/modules/book/
1 KB
762 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/book/book.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b895b71aeb9546efe0b35751e9ddb50bceaf2bea293f6aa09da7a530251783d3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10044
x-ah-environment
prod
content-length
434
x-request-id
v-2e71c1c8-62ad-11ec-b7a9-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
comment.css
www3.ohrc.on.ca/modules/comment/
184 B
471 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/comment/comment.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
dd1c7822082e5d2cda6242df595462dffc97bfb4ec52b3dd9af2a9abb27bca82
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10018
x-ah-environment
prod
content-length
142
x-request-id
v-2e775480-62ad-11ec-a8c4-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
date.css
www3.ohrc.on.ca/sites/all/modules/date/date_api/
4 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/date/date_api/date.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1dbc835b3f505cbcddf95fc329ba74416a6247867c722a8c083d47641a64a0f4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10035
x-ah-environment
prod
content-length
1196
x-request-id
v-2e7347b4-62ad-11ec-a503-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
datepicker.1.7.css
www3.ohrc.on.ca/sites/all/modules/date/date_popup/themes/
4 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/date/date_popup/themes/datepicker.1.7.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2260eb1cffb528a8fadcc8aa8c8f436593e0c2b8ec7540f690c8290ad6096bf9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10022
x-ah-environment
prod
content-length
907
x-request-id
v-2e753e7a-62ad-11ec-9bd3-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
field.css
www3.ohrc.on.ca/modules/field/theme/
550 B
563 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/field/theme/field.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e3ad317a103b4271c6d00cb97957c0d8e0f5bfd6cdc74976d022dd526963ecdf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10031
x-ah-environment
prod
content-length
235
x-request-id
v-2e785eac-62ad-11ec-b120-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
node.css
www3.ohrc.on.ca/modules/node/
144 B
438 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/node/node.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4569fbfef2a73b2369d1e070a2ce3511f5a8c6a22a7cd6d61baf4982e75a21ee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10024
x-ah-environment
prod
content-length
109
x-request-id
v-2e78745a-62ad-11ec-82c4-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
search.css
www3.ohrc.on.ca/modules/search/
564 B
561 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/search/search.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
50f8d8e45f6742713a156c9fcf1b20d7c8c2dbddc7c649b76ee377775c6c4b83
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10027
x-ah-environment
prod
content-length
232
x-request-id
v-2e787ad6-62ad-11ec-9e64-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
user.css
www3.ohrc.on.ca/modules/user/
2 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/user/user.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
63eeb9baf46a801bccb55ef3c1a60610e820d57f90814480a393a0ec8edb36a3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10030
x-ah-environment
prod
content-length
698
x-request-id
v-2e7345e8-62ad-11ec-abe1-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
views.css
www3.ohrc.on.ca/sites/all/modules/views/css/
707 B
637 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/views/css/views.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
0dd53ceca07de8b1b2c16d9fee7a1d33dc90bc462a24abd38b2b9da7b8d27bc2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10018
x-ah-environment
prod
content-length
309
x-request-id
v-2e737f04-62ad-11ec-a270-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
ctools.css
www3.ohrc.on.ca/sites/all/modules/ctools/css/
509 B
576 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/ctools/css/ctools.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c1247c6c6e2fa2a3b02f04886deac34f46ccef66483b1c64c1347e6b95e158b9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10042
x-ah-environment
prod
content-length
248
x-request-id
v-2e775a20-62ad-11ec-a1e1-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
dhtml_menu.css
www3.ohrc.on.ca/sites/all/modules/dhtml_menu/
1 KB
936 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/dhtml_menu/dhtml_menu.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8026c31e5bf970924061e0ca8a66aef0d434e6aa3f2cc9ccc1eb89aacb013db5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10033
x-ah-environment
prod
content-length
607
x-request-id
v-2e775f16-62ad-11ec-acb4-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
locale.css
www3.ohrc.on.ca/modules/locale/
875 B
741 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/modules/locale/locale.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5f21c9572eb4aca5d25d08458d0d26cf5d8dac5290a0f0b04c2b3f00a13dbd72
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10030
x-ah-environment
prod
content-length
413
x-request-id
v-2e7310be-62ad-11ec-bbc0-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
superfish.css
www3.ohrc.on.ca/sites/all/libraries/superfish/css/
5 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/superfish/css/superfish.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
72aa4c0790d3899e5d808b169340c5ee49465e65963e010a7abe3215aeff65e4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9254
x-ah-environment
prod
content-length
879
x-request-id
v-2e7338b4-62ad-11ec-922d-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
default.css
www3.ohrc.on.ca/sites/all/libraries/superfish/style/
2 KB
895 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/superfish/style/default.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5755ee19aeb04eb9bddb4a79cda108f74394192459a71134e25cac146aba7315
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9249
x-ah-environment
prod
content-length
567
x-request-id
v-2e71f166-62ad-11ec-9e98-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
alpha-reset.css
www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/
2 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/alpha-reset.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
542bce5a36596312192c95bb548f94aef2beb0b25c252d549148116356a07e18
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10030
x-ah-environment
prod
content-length
711
x-request-id
v-2e77d7de-62ad-11ec-aeb3-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
alpha-mobile.css
www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/
716 B
664 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/alpha-mobile.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
860cdd1dfc3f4cb0d2e233ae2d796879ad8f011b10536ddfb124efc6f2778833
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10024
x-ah-environment
prod
content-length
335
x-request-id
v-2e784c00-62ad-11ec-8379-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
alpha-alpha.css
www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/
1 KB
861 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/alpha-alpha.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
0b21aa5e960937314d58656f01a995d3591919907abbf72955e8df8aa204e57a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10035
x-ah-environment
prod
content-length
533
x-request-id
v-2e72a804-62ad-11ec-929d-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
formalize.css
www3.ohrc.on.ca/sites/all/themes/omega/omega/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/css/formalize.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
97c381714d28393d8950f88ae64a6f7241a02ad35ff8cf95ddca7bc26758550a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10029
x-ah-environment
prod
content-length
1357
x-request-id
v-2e776d12-62ad-11ec-9adc-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
omega-text.css
www3.ohrc.on.ca/sites/all/themes/omega/omega/css/
1 KB
922 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/css/omega-text.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e700bddf62232740af0e6b749f77155a531957e4e7ad2601ad1493e51420f107
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10028
x-ah-environment
prod
content-length
593
x-request-id
v-2e777762-62ad-11ec-abd5-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
omega-branding.css
www3.ohrc.on.ca/sites/all/themes/omega/omega/css/
278 B
488 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/css/omega-branding.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8ed57735554e10487869fc96209f0bfe4efeb6152404d2fe9126be9ceb0d9916
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10018
x-ah-environment
prod
content-length
159
x-request-id
v-2e710a94-62ad-11ec-b8b8-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
omega-menu.css
www3.ohrc.on.ca/sites/all/themes/omega/omega/css/
72 B
409 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/css/omega-menu.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
95026db445d30c2f364e055a1bb64d77b3dbdd0a36499130d702e7232c177e28
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10025
x-ah-environment
prod
content-length
81
x-request-id
v-2e7375fe-62ad-11ec-9617-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
omega-forms.css
www3.ohrc.on.ca/sites/all/themes/omega/omega/css/
132 B
445 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/css/omega-forms.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9f7f953befdb471c618c658e3fb8dd84af8c90c610cabac17b5b79f8e8df7d98
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10012
x-ah-environment
prod
content-length
116
x-request-id
v-2e754b54-62ad-11ec-ae3a-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
omega-visuals.css
www3.ohrc.on.ca/sites/all/themes/omega/omega/css/
4 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/css/omega-visuals.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a21d516967f722e2aee0803f0881f4d9d298968dd2af2326278c7571c22efc1b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10032
x-ah-environment
prod
content-length
1144
x-request-id
v-2e71b66a-62ad-11ec-b1b6-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
jquery-ui.css
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/
34 KB
8 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/jquery-ui.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7f4b9e18d6c7644e9d690818b04285dc90f64930759799ed1344f8ca71013e52
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10010
x-ah-environment
prod
content-length
8125
x-request-id
v-2e78ac7c-62ad-11ec-9379-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
global.css
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/
33 KB
8 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/global.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
15d0fab7d9e8bd7c529f5ff8c27e7ea33e1925fa0d759af2b2b39108a9a0661d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10050
x-ah-environment
prod
content-length
7492
x-request-id
v-2e75757a-62ad-11ec-840e-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
ohrc-theme2-alpha-default.css
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/
95 B
424 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/ohrc-theme2-alpha-default.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e9bfb6e5adb0dd6edcc0928dfab79b6e3ee8907f79c0e36310bd242f45fb73d2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10047
x-ah-environment
prod
content-length
96
x-request-id
v-2e731d16-62ad-11ec-af3f-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
ohrc-theme2-alpha-default-narrow.css
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/ohrc-theme2-alpha-default-narrow.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4f36148e740ef70ae17373c9859f095f90b7a48fbec1de344e2036ec4d010d1c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9967
x-ah-environment
prod
content-length
1349
x-request-id
v-2e72e9e0-62ad-11ec-83ae-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
alpha-default-narrow-12.css
www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/grid/alpha_default/narrow/
4 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/grid/alpha_default/narrow/alpha-default-narrow-12.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bcd43deeb6edb4338252cabeef98abea73e71a203fe52655bcd9f5dae12129d2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10042
x-ah-environment
prod
content-length
709
x-request-id
v-2e751eb8-62ad-11ec-83d6-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
ohrc-theme2-alpha-default-normal.css
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/ohrc-theme2-alpha-default-normal.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
61d9ffc76d2464dd6f8dcca0d61d2f437c64c1173debe61235e87e6197e9dba7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10031
x-ah-environment
prod
content-length
756
x-request-id
v-2e7852c2-62ad-11ec-b737-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
alpha-default-normal-12.css
www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/grid/alpha_default/normal/
4 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/grid/alpha_default/normal/alpha-default-normal-12.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
8765c022283e18d48a8ca1897935dc9e594be3bd10e33d7b9cad31140c328166
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10029
x-ah-environment
prod
content-length
714
x-request-id
v-2e785790-62ad-11ec-9f5c-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
ohrc-theme2-alpha-default-wide.css
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/
2 KB
974 B
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/ohrc-theme2-alpha-default-wide.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
bd6ec6ca789ecb1949286079ac29f331a532bca081300155dd4c117e16015984
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10031
x-ah-environment
prod
content-length
646
x-request-id
v-2e72215e-62ad-11ec-b806-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:28 GMT
alpha-default-wide-12.css
www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/grid/alpha_default/wide/
4 KB
1 KB
Stylesheet
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/alpha/css/grid/alpha_default/wide/alpha-default-wide-12.css?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
932e90a5129c9dc438e44222fc3b43df3de4a61902c68caec47c92f05feb47dc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10031
x-ah-environment
prod
content-length
711
x-request-id
v-2e77d388-62ad-11ec-9681-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery.min.js
www3.ohrc.on.ca/sites/all/modules/jquery_update/replace/jquery/1.7/
93 KB
33 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/jquery_update/replace/jquery/1.7/jquery.min.js?v=1.7.2
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
9d935c2f3a923520d9a042e69d50a20a69cb43798b27ae68ba87b837fa231cc2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10066
x-ah-environment
prod
content-length
33623
x-request-id
v-2e779490-62ad-11ec-84bb-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery-extend-3.4.0.js
www3.ohrc.on.ca/misc/
3 KB
2 KB
Script
General
Full URL
https://www3.ohrc.on.ca/misc/jquery-extend-3.4.0.js?v=1.7.2
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c54103ba57ee210ca55c052e70415402707548a4e6a68dd6efb3895019bee392
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10016
x-ah-environment
prod
content-length
1330
x-request-id
v-2e786398-62ad-11ec-8d9a-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery-html-prefilter-3.5.0-backport.js
www3.ohrc.on.ca/misc/
12 KB
5 KB
Script
General
Full URL
https://www3.ohrc.on.ca/misc/jquery-html-prefilter-3.5.0-backport.js?v=1.7.2
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
fad84efa145fb507e5df9b582fa01b1c4e6313de7f72ebdd55726d92fa4dbf06
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10007
x-ah-environment
prod
content-length
4480
x-request-id
v-2e78b14a-62ad-11ec-b76a-22000a950009
last-modified
Sun, 21 Jun 2020 15:02:09 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery.once.js
www3.ohrc.on.ca/misc/
3 KB
1 KB
Script
General
Full URL
https://www3.ohrc.on.ca/misc/jquery.once.js?v=1.2
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1430f42c0d760ba8e05bb3762480502e541f654fec5739ee40625ab22dc38c4f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10028
x-ah-environment
prod
content-length
1066
x-request-id
v-2e77a1d8-62ad-11ec-b81b-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
drupal.js
www3.ohrc.on.ca/misc/
20 KB
7 KB
Script
General
Full URL
https://www3.ohrc.on.ca/misc/drupal.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
2e08dccbd4d8b728a6871562995a4636b89bfe0ed3b8fb0138191c922228b116
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10017
x-ah-environment
prod
content-length
7020
x-request-id
v-2e787112-62ad-11ec-94ac-22000a950009
last-modified
Tue, 05 Jan 2021 02:04:39 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
mediaelement-and-player.min.js
www3.ohrc.on.ca/sites/all/libraries/mediaelement/build/
76 KB
21 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/mediaelement/build/mediaelement-and-player.min.js?v=2.1.6
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
fd8c6a08386e278b59bda6401107cdaa3bbcf9023c960d7cd95800d98c263165
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10053
x-ah-environment
prod
content-length
21466
x-request-id
v-2e77b312-62ad-11ec-83be-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery.cookie.js
www3.ohrc.on.ca/sites/all/modules/jquery_update/replace/ui/external/
4 KB
2 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/jquery_update/replace/ui/external/jquery.cookie.js?v=67fb34f6a866c40d0570
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4ba03e57203ea578ec51f56d317a69cc2bb83af0933780683890fd9e046b66e5
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10037
x-ah-environment
prod
content-length
1343
x-request-id
v-2e77c03c-62ad-11ec-9a40-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
dhtml_menu.js
www3.ohrc.on.ca/sites/all/modules/dhtml_menu/
11 KB
4 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/dhtml_menu/dhtml_menu.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1b2223372862d254318238091ca22f9be4374b19b342b5f6beba77b7afdf8fee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10007
x-ah-environment
prod
content-length
3384
x-request-id
v-2e792cba-62ad-11ec-af25-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
mediaelement.js
www3.ohrc.on.ca/sites/all/modules/mediaelement/
1022 B
740 B
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/mediaelement/mediaelement.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
0bc6fc875fca8c80cbd330aca2f0607d4f6b4ac8f6b716ba557722f2f9d13530
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10013
x-ah-environment
prod
content-length
402
x-request-id
v-2e783c1a-62ad-11ec-b1dd-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
googleanalytics.js
www3.ohrc.on.ca/sites/all/modules/google_analytics/
6 KB
2 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/google_analytics/googleanalytics.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
312d73c2d350568c141e8b4eb5b3a2eca40d64b56ecf50eb80e37a1f70e1fc2c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9554
x-ah-environment
prod
content-length
1875
x-request-id
v-2e778752-62ad-11ec-af4c-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
node.js
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/js/
2 KB
1 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/js/node.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
451d5deb0660a2ae8db21b7c47f42c412128a70bf1f5e8ca8383203bc651fa29
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10005
x-ah-environment
prod
content-length
1001
x-request-id
v-2e79f802-62ad-11ec-ad87-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery.hoverIntent.minified.js
www3.ohrc.on.ca/sites/all/libraries/superfish/
1 KB
965 B
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/superfish/jquery.hoverIntent.minified.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d24a2e5db8c476184f3f4b28fe5be7cfd159c276d1f58af244d72de55d5dee16
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9235
x-ah-environment
prod
content-length
628
x-request-id
v-2e78c982-62ad-11ec-90c8-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
sftouchscreen.js
www3.ohrc.on.ca/sites/all/libraries/superfish/
1 KB
1 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/superfish/sftouchscreen.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
3500b02b5fcb6e6a9074a286528c6c08f99e04120ba36213e73232c4c29b5682
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9233
x-ah-environment
prod
content-length
714
x-request-id
v-2e77e756-62ad-11ec-8ed7-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
superfish.js
www3.ohrc.on.ca/sites/all/libraries/superfish/
4 KB
2 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/superfish/superfish.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
cedb2c9ccb5ceb2ad0c3d7be200063f8f0355d3d9bbab366388e0f500c949d53
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9232
x-ah-environment
prod
content-length
1506
x-request-id
v-2e775020-62ad-11ec-b14a-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
supersubs.js
www3.ohrc.on.ca/sites/all/libraries/superfish/
4 KB
2 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/libraries/superfish/supersubs.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f50ecccab299718f06b5dfef251e49d21622ee3f9f9f21fe3a19e3d0751db021
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9241
x-ah-environment
prod
content-length
1707
x-request-id
v-2e778982-62ad-11ec-a166-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:05 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
superfish.js
www3.ohrc.on.ca/sites/all/modules/superfish/
1 KB
795 B
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/modules/superfish/superfish.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
47bd42add62e3c51cf35f0cee531ad5e7f9bee8a309456174e672726e96630e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9235
x-ah-environment
prod
content-length
458
x-request-id
v-2e776a06-62ad-11ec-b011-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery-ui.js
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/js/
459 KB
112 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/js/jquery-ui.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10116
x-ah-environment
prod
content-length
114390
x-request-id
v-2e775e44-62ad-11ec-8d22-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
jquery.formalize.js
www3.ohrc.on.ca/sites/all/themes/omega/omega/js/
4 KB
2 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/js/jquery.formalize.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
fad98e17c9463edbfb349c0adb1a8104cbc3d94be9a9ece19cc78e2ff66c570b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10029
x-ah-environment
prod
content-length
1248
x-request-id
v-2e7843a4-62ad-11ec-85a6-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
omega-mediaqueries.js
www3.ohrc.on.ca/sites/all/themes/omega/omega/js/
3 KB
1 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/omega/omega/js/omega-mediaqueries.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
b1e8401a6be3cbb62e08f46d66e71ac2aff50d3e4d8ab90d925023301e273ec1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
10398
x-ah-environment
prod
content-length
913
x-request-id
v-2e777794-62ad-11ec-8c6b-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
OHRC-Drupal-logo_548x92_14Feb2018.png
www3.ohrc.on.ca/sites/default/files/
12 KB
13 KB
Image
General
Full URL
https://www3.ohrc.on.ca/sites/default/files/OHRC-Drupal-logo_548x92_14Feb2018.png
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
0a21b12cf821ebf17ecded74cca0b145c612a0cdb36ed9ee942ffac6e2ef41e7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
expires
Tue, 04 Jan 2022 22:27:29 GMT
last-modified
Mon, 09 Apr 2018 14:02:02 GMT
server
nginx
age
143865
x-cache
HIT
content-type
image/png
x-ah-environment
prod
cache-control
max-age=1209600
accept-ranges
bytes
content-length
12565
x-request-id
v-2ea32fce-62ad-11ec-944f-22000a950009
x-cache-hits
8858
facebook.png
www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/icons/
2 KB
2 KB
Image
General
Full URL
https://www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/icons/facebook.png
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.223.152.12 Thornhill, Canada, ASN12059 (ILAP, CA),
Reverse DNS
http2.anycast.ilap.com
Software
nginx /
Resource Hash
d1cf866d16699ab3195d2018a452f0c467f5d12974e27d8a3b34c833562270ec
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
age
143865
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
expires
Tue, 04 Jan 2022 22:27:29 GMT
cache-control
max-age=1209600
x-ah-environment
prod
content-encoding
gzip
x-request-id
v-2ea9b8bc-62ad-11ec-a1e1-22000a950009
x-cache-hits
9057
twitter.png
www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/icons/
2 KB
2 KB
Image
General
Full URL
https://www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/icons/twitter.png
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.223.152.12 Thornhill, Canada, ASN12059 (ILAP, CA),
Reverse DNS
http2.anycast.ilap.com
Software
nginx /
Resource Hash
9ca6f7264b965f39155f6101fd95943768fbc7c58e9242baa652dce38c865525
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
age
143865
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
expires
Tue, 04 Jan 2022 22:27:29 GMT
cache-control
max-age=1209600
x-ah-environment
prod
content-encoding
gzip
x-request-id
v-2eae1466-62ad-11ec-9713-22000a950009
x-cache-hits
9034
Instagram-Logo.png
www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/icons/
5 KB
3 KB
Image
General
Full URL
https://www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/icons/Instagram-Logo.png
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.223.152.12 Thornhill, Canada, ASN12059 (ILAP, CA),
Reverse DNS
http2.anycast.ilap.com
Software
nginx /
Resource Hash
c2d45ca2b3439b8433e858bf4ac3af1dc1601c10f18152cb26b76897b8e27e14
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
age
143865
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
expires
Tue, 04 Jan 2022 22:27:29 GMT
cache-control
max-age=1209600
x-ah-environment
prod
content-encoding
gzip
x-request-id
v-2eb2e914-62ad-11ec-9d15-22000a950009
x-cache-hits
9058
in.js
platform.linkedin.com/
201 KB
61 KB
Script
General
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:21f:edfc:49f9:c096:a5a7:75f2 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (chb/0289) /
Resource Hash
350d4f60c3868c0408491737e8809a81648d1798346b95ea8dfd4f6c401c863e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
content-encoding
gzip
vary
Accept-Encoding
x-cdn-client-ip-version
IPV6
x-cdn
ECST
age
3592
x-cache
HIT
x-cdn-proto
HTTP2
content-length
62394
x-li-uuid
AAXT0Cu1N11swNEDuBbFZA==
server
ECAcc (chb/0289)
last-modified
Thu, 23 Dec 2021 13:25:23 GMT
x-li-pop
prod-ltx1-x
nel
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
report-to
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
content-type
text/javascript; charset=UTF-8
cache-control
public, max-age=3600
accept-ranges
bytes
x-li-proto
http/1.1
x-li-fabric
prod-ltx1
expires
Thu, 23 Dec 2021 14:25:23 GMT
coat-footer.png
www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/
4 KB
5 KB
Image
General
Full URL
https://www.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/coat-footer.png
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
216.223.152.12 Thornhill, Canada, ASN12059 (ILAP, CA),
Reverse DNS
http2.anycast.ilap.com
Software
nginx /
Resource Hash
555b94f889438ccb04407a8ee4e2a8f4ee6d1dc70df357464a4d2274eb939c59
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
age
143865
vary
Accept-Encoding
x-cache
HIT
content-type
image/png
expires
Tue, 04 Jan 2022 22:27:29 GMT
cache-control
max-age=1209600
x-ah-environment
prod
content-encoding
gzip
x-request-id
v-2eb702c4-62ad-11ec-a119-22000a950009
x-cache-hits
9389
page.js
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/js/
2 KB
1 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/js/page.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
4ffbe2e9dee8140051f1c8d1dc0f1993bfedf0b3d9f31d05f14525a2f2e50060
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9938
x-ah-environment
prod
content-length
880
x-request-id
v-2ea03c56-62ad-11ec-9966-22000a950009
last-modified
Wed, 03 Jun 2020 01:04:07 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
analytics.js
www3.ohrc.on.ca/sites/default/files/googleanalytics/
49 KB
20 KB
Script
General
Full URL
https://www3.ohrc.on.ca/sites/default/files/googleanalytics/analytics.js?r2akdq
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
143865
x-cache
HIT
x-cache-hits
9382
x-ah-environment
prod
content-length
20006
x-request-id
v-2ea47636-62ad-11ec-aa9c-22000a950009
last-modified
Tue, 09 Nov 2021 06:22:39 GMT
server
nginx
vary
Accept-Encoding
content-type
text/javascript
via
varnish
cache-control
max-age=1209600
accept-ranges
bytes
expires
Tue, 04 Jan 2022 22:27:29 GMT
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9b00bfc4e472e5c44170751bd95f82aa0e35d8151799f2dfb7adbce59ee41ee6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
TDFPRdl77m8NOfJnkvlrjg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Thu, 23 Dec 2021 14:39:36 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1687
x-fb-rlafr
0
x-fb-debug
NaDf4o1RXgMkAqg36QnrM3j3ualLEcG8X9ceVvR7nLtC6ewP0e9/WmvjStTIFm4TVoHpMqQht6tFwOCENJ4sTQ==
x-fb-trip-id
1512268381
x-fb-content-md5
0d20ade7c8dc494e05e3e508b242759d
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
date
Thu, 23 Dec 2021 14:25:15 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"1bc85f2524bc5eadc681e983f515abaf"
timing-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
border_h1.png
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/
989 B
1 KB
Image
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/border_h1.png
Requested by
Host: www3.ohrc.on.ca
URL: https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/global.css?r2akdq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
c06b8cf4e5609aae2d8d386745346d57a23bf97249a6515f902c5cbe3fb6ad96
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/global.css?r2akdq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
expires
Tue, 04 Jan 2022 22:27:29 GMT
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
age
143865
x-cache
HIT
content-type
image/png
x-ah-environment
prod
cache-control
max-age=1209600
accept-ranges
bytes
content-length
989
x-request-id
v-2ea47ec4-62ad-11ec-a8ff-22000a950009
x-cache-hits
9480
book-nav-arrows.png
www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/
2 KB
3 KB
Image
General
Full URL
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/images/book-nav-arrows.png
Requested by
Host: www3.ohrc.on.ca
URL: https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/global.css?r2akdq
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
184.73.171.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-184-73-171-62.compute-1.amazonaws.com
Software
nginx /
Resource Hash
5580b87ae96ed15358354d851df33e26208e42018af30c5c5ad85669c9a6a3fd
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www3.ohrc.on.ca/sites/all/themes/ohrc_theme2/css/global.css?r2akdq
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
via
varnish
x-content-type-options
nosniff
expires
Tue, 04 Jan 2022 22:27:29 GMT
last-modified
Wed, 03 Jun 2020 01:04:06 GMT
server
nginx
age
143865
x-cache
HIT
content-type
image/png
x-ah-environment
prod
cache-control
max-age=1209600
accept-ranges
bytes
content-length
2487
x-request-id
v-2ea4751e-62ad-11ec-8968-22000a950009
x-cache-hits
5299
widgets.js
platform.twitter.com/
96 KB
29 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/8195) /
Resource Hash
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 23 Dec 2021 14:25:15 GMT
Content-Encoding
gzip
Vary
Accept-Encoding
Age
688
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Content-Length
29126
x-tw-cdn
VZ
Last-Modified
Thu, 02 Dec 2021 21:35:27 GMT
Server
ECS (cha/8195)
Etag
"50ec7e701ed018305368886c39cac301+gzip"
Access-Control-Max-Age
3000
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=1800
sdk.js
connect.facebook.net/en_US/
284 KB
80 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=0fa2c2fd6184a18a2d45d277b9020bf7
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ef574d8fb41531083f9051c27b299d32dc57b3ae917e23412a0fbf594d292d93
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.ohrc.on.ca/
Origin
https://www.ohrc.on.ca
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
ZQS38wAKORZ9n5yo5vxsTQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
expires
Fri, 23 Dec 2022 13:13:54 GMT
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
81968
x-fb-rlafr
0
x-fb-debug
LBVya6+qhFNPwcU+Z5eZVr7aF7fTHP6aSVIzYREDfEaAahp5Fp4Vxr+3P736nW03OwWRGMbAqA2DYOwqhQWFoQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
e311d2ec47b2e1d689b681593453b0af
cross-origin-opener-policy
same-origin-allow-popups
date
Thu, 23 Dec 2021 14:25:15 GMT
x-frame-options
DENY
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"29cc0e3bf7f3c8512ffe04bc31b45bc4"
timing-allow-origin
*
priority
u=3,i
access-control-expose-headers
X-FB-Content-MD5
collect
www.google-analytics.com/j/
2 B
405 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&aip=1&a=209288454&t=pageview&_s=1&dl=https%3A%2F%2Fwww.ohrc.on.ca%2Fen%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&ul=en-us&de=UTF-8&dt=8.%20Duty%20to%20accommodate%20%7C%20Ontario%20Human%20Rights%20Commission&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAEABAAAAAC~&jid=681696711&gjid=1084943560&cid=1123257832.1640269515&tid=UA-23877743-1&_gid=1304163115.1640269515&_r=1&_slc=1&z=308403518
Requested by
Host: www3.ohrc.on.ca
URL: https://www3.ohrc.on.ca/sites/default/files/googleanalytics/analytics.js?r2akdq
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81f::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.ohrc.on.ca/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 23 Dec 2021 14:25:15 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.ohrc.on.ca
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
widget_iframe.21f942bb866c2823339b839747a0c50c.html
platform.twitter.com/widgets/ Frame B72E
319 KB
103 KB
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.ohrc.on.ca
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/80E1) /
Resource Hash
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1187931
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 23 Dec 2021 14:25:15 GMT
Etag
"8321d7cf58d70200c1423dfa0bca40f6+gzip"
Last-Modified
Thu, 02 Dec 2021 21:34:18 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (cha/80E1)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
105433
settings
syndication.twitter.com/ Frame B72E
233 B
448 B
Fetch
General
Full URL
https://syndication.twitter.com/settings?session_id=b49473a5fede0c7db03ca8d98daaae74834528fc
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets/widget_iframe.21f942bb866c2823339b839747a0c50c.html?origin=https%3A%2F%2Fwww.ohrc.on.ca
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://platform.twitter.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-response-time
6
date
Thu, 23 Dec 2021 14:25:14 GMT
content-encoding
gzip
last-modified
Thu, 23 Dec 2021 14:25:15 GMT
server
tsa_b
vary
Origin
strict-transport-security
max-age=631138519
content-type
application/json; charset=utf-8
access-control-allow-origin
https://platform.twitter.com
cache-control
must-revalidate, max-age=600
access-control-allow-credentials
true
x-connection-hash
98fbdca619d6b5e54def3ad9d83786074419a705709b7f22336f2ce477f8d549
content-length
167
nr-1212.min.js
js-agent.newrelic.com/
34 KB
13 KB
Script
General
Full URL
https://js-agent.newrelic.com/nr-1212.min.js
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id
S6r4yaeB6jo_ZylmZ_5cM21n7ZH1t6gc
content-encoding
gzip
etag
"9dfe540eb31e6fc0e0dddd91e3511f68"
x-amz-request-id
JFXHP4JMP2JXQF8D
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
12828
x-amz-id-2
7xuK/rXf81qTphcQiXAlcxAgFlOeXwx7At7JdSKBtTGOve4DeHnMqZOr3CXSX9gUpe2NrJPZMP0=
x-served-by
cache-yul12826-YUL
last-modified
Thu, 04 Nov 2021 21:16:16 GMT
server
AmazonS3
x-timer
S1640269515.411318,VS0,VE0
date
Thu, 23 Dec 2021 14:25:15 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
13287
like.php
www.facebook.com/v2.0/plugins/ Frame E470
48 KB
18 KB
Document
General
Full URL
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=0fa2c2fd6184a18a2d45d277b9020bf7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
751c24422ce335d7357eed66b5c0903f64a343bdb5dd1955f2fcefb9cfbc260a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
facebook-api-version
v5.0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
09v6+R+3cwUOyq/uoHtrqHtFTTaQv2/pagK+3JMKB8GyWm19ueiLaxZMZYUOoFL8JfI3rAJVu2Uu8+V1N/DYsQ==
date
Thu, 23 Dec 2021 14:25:16 GMT
priority
u=3,i
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
590d265d5e
bam-cell.nr-data.net/1/
49 B
715 B
Script
General
Full URL
https://bam-cell.nr-data.net/1/590d265d5e?a=524380&v=1212.e95d35c&to=b1EGNUJUD0VWVUUMV1YbMRNZGghYU1NJS0hQRA%3D%3D&rst=839&ck=1&ref=https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate&ap=18&be=270&fe=793&dc=605&perf=%7B%22timing%22:%7B%22of%22:1640269514586,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:2,%22c%22:2,%22s%22:11,%22ce%22:43,%22rq%22:43,%22rp%22:230,%22rpe%22:241,%22dl%22:234,%22di%22:605,%22ds%22:605,%22de%22:636,%22dc%22:793,%22l%22:793,%22le%22:817%7D,%22navigation%22:%7B%7D%7D&fp=573&fcp=573&at=QxYFQwpOHEs%3D&jsonp=NREUM.setToken
Requested by
Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1212.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.243.147 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 23 Dec 2021 14:25:15 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Expect-CT
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
6c22421798ed7151-YUL
button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
platform.twitter.com/js/
7 KB
3 KB
Script
General
Full URL
https://platform.twitter.com/js/button.0d6aa7fd095b2a9dd19cc66c7c2ed64b.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/8195) /
Resource Hash
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date
Thu, 23 Dec 2021 14:25:15 GMT
Content-Encoding
gzip
Last-Modified
Thu, 02 Dec 2021 21:34:11 GMT
Server
ECS (cha/8195)
Age
1187931
Etag
"e8090d17c9828f5a217bebb39dd3e689+gzip"
Vary
Accept-Encoding
x-tw-cdn
VZ
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=315360000
X-Cache
HIT
Access-Control-Allow-Methods
GET
Content-Type
application/javascript; charset=utf-8
Content-Length
2294
tweet_button.21f942bb866c2823339b839747a0c50c.en.html
platform.twitter.com/widgets/ Frame 0247
32 KB
12 KB
Document
General
Full URL
https://platform.twitter.com/widgets/tweet_button.21f942bb866c2823339b839747a0c50c.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:220:131d:1d30:1f1d:238b:1e56 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECS (cha/8195) /
Resource Hash
612f1b11300114847b24820da8ce6a8e41e103cad7e3b392b59fb2d4009f96b2

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/

Response headers

Content-Encoding
gzip
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Age
1187931
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Thu, 23 Dec 2021 14:25:15 GMT
Etag
"7bedc4d7904c5b9401a38944b0a7ed6f+gzip"
Last-Modified
Thu, 02 Dec 2021 21:34:15 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (cha/8195)
Vary
Accept-Encoding
X-Cache
HIT
x-tw-cdn
VZ
Content-Length
12236
truncated
/ Frame 0247
822 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Content-Type
image/svg+xml
jot
syndication.twitter.com/i/
43 B
357 B
Image
General
Full URL
https://syndication.twitter.com/i/jot?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fwww3.ohrc.on.ca%2Fen%2Fen%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate%22%2C%22widget_frame%22%3Afalse%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1640269515746%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%229fd78d5%3A1638479056965%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.200 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.ohrc.on.ca/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 23 Dec 2021 14:25:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
11
pragma
no-cache
last-modified
Thu, 23 Dec 2021 14:25:15 GMT
server
tsa_b
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
98fbdca619d6b5e54def3ad9d83786074419a705709b7f22336f2ce477f8d549
x-transaction
7560e115fb5213d6
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
www.facebook.com/csp/reporting/ Frame E470
0
462 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jQ9uv+mtP1QZjf6LdlemCKrRSKdNbZjuZW19rLAROhLPgiaLIglZ1A0qw3dccYuISQLUT1NFs535S2kFqs12Cw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:16 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
kvEJeWWD+EbbZroBbCyrkmF6Gui5eJBMKXKkX805t6qzghXgsso2S/COR2DSDh9gOvB+2o7i/iINeuZjwaLAXg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:16 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
cGh1ZOnQbJnzp68AF917qeOZ708QbawL27IT2vj8rr4wVTi5jyTJR7RDUQ2AY8rjV1atUmwErv+S5dGOyByW2Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:16 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
127 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
1tDhpW51BNNv3SedGK6LCxZo61hchgOL7hbnQCfGfRPsal7UuOSDhR/lW4Z1NOXN6cUenS8Fj+7ql6W4iNX4wQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:16 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
1 KB
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ivk9ZhNzErA2xgK63P98PfT580v8cuTH0U4l18maO3f9JFrpvvNERNZ95tmot6+1Q/EFAej9JbhUyTd0tRldBg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
127 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
nbee/C7I05FWPMY4NS8Ati7bsM5DpwEANbBy9d/XAIE474WrwwvxRfU38PpOr7s0VAJc0VxQGXluaLQdM9sDbw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
DobB3GOYtII9CrN/6wyGtsSjptU+0sVnoo1sicJmxZXaZ2EmJ0KHWyWdIb53mLPmAOhyCFYZwEN7EwSdiiHSQg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
127 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
5EvO36ba68LA/pWCU/VSZdcDrzhuW1UYDULSfax3OmK/kRn9z3+2G2Qe/kIjbfY5ldZC/A6IKiMIhe5s6+Qgcw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
129 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ITlk5yZYSg5zxQf5y8UEtN7v75RkSdR2ELGkXRN1Ahvx6EitPDw2rp6lAlUdc6D/WHP2wG+QnupWl9ISj4llEQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
129 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
MmJzKdaP3ZzBdjbkLgOR2CjszegWl7+zYJux9yXy6L/O84TqrAJTf7fKxD4fR03LhYkL9IQvEsJX6kRxzOLT3g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ik72ucTLRI5c1jLZyugY0z9GSWbEI9KbTikw5ztkVEMpVwygn3k2h1dvykIbzT0DGecZ7wIBnAnoqHglHAmUCA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
130 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
B7lAMefgMafyzt+IWtLEpLSINIb6/6GTAKmrdhUxt9dJZTwgRWW9PL3TNbWU/ON3MBCzIe+LTTOa/4CGr2KLzg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
129 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
/vjA36jFFUGrs4XMqHjrm67SJqdl9wYLs21eQa88+LyMFEGpezUJ9HGsGq79Gk0FP6qfKXxzhk6mPgXrFP82rQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
SGHmOmoLJ0SOE1q494ljQOm+qKL9nmnHCB+vEmeoocRl6ycRPW0UFLpNrGwvNhrXFbPlsAtCe4bwV6C1Hbu5Sg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
HZ6O8o/d6EC6s6CjFAaAnoqSYOf9V0AHdq+0Pw/1TQLioZzF/dKhoYqW0EAmUAw60jTrzQQByz37Hq9Ho6vSGA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
6GHY+N/kX8Jh5cTXyhdirpsL4iOTrPsrKwiNe2qBZBaFOX1VoR42/d7t1OBeLkPp/PUJq/k0iHIMX7K8kUlBgA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
127 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
VQLfEQWMQqMueXlgcaWt/a1mq8tNp209XvAK0gZMrjNO5dWQxSdRF80JuqaBwUs7Ur6LT+RRIBokyjrimNTZeA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
129 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
r4gRfLz8Jq7Q2ZSxaS1yfL1vpZ0W8eZBXlzSfnPZQxUN9r9y67ZtFwcai9RbCFmQwZO39I6LvVNfAAh7J3T+7A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
126 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
MqhJ1/VozopX0i1E4MpCg4YIHmkAzui2QfX7x7KGfEQp8ybtlmBw8oKOcx//59iW3aN9jKHAxRl7RAh2Gn4Uiw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
127 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
hIgDob5/m/AfQkCe5i4G/bFcogX2O8OKEEGUqE/qrYdUAIahbsIDUfF+ZuaqlEKYsVYNLF2DojYFObukny/vJw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame E470
0
128 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.ohrc.on.ca
URL: https://www.ohrc.on.ca/en/policy-ableism-and-discrimination-based-disability/8-duty-accommodate
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
bpYuiw6NHX8+qXubo5aK+Jsf+XuMmrB1R0ein0iTWHH3mZKOiOevP4Hiv66iDeWKGfyrYYXFZ/eCCyh3sSm7bQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:17 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
lBbx1VbWyUs.js
www.facebook.com/rsrc.php/v3iEpO4/yV/l/en_US/ Frame E470
518 KB
135 KB
XHR
General
Full URL
https://www.facebook.com/rsrc.php/v3iEpO4/yV/l/en_US/lBbx1VbWyUs.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5db97c929ce3d62399619f5a4eca967dbcb05e766215531a00d820e07632481c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Fri, 17 Dec 2021 04:34:10 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
5MBbj0cML1eduE6bOayDbQ==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
cross-origin-resource-policy
cross-origin
content-length
138522
x-fb-rlafr
0
x-fb-debug
54bbb7UhiNOAk7SFPcWnSWJ8Q+Rll/gIA3qrNAV628m01LlfFU0KnqE7b685c11Jjd6qFcJS+r2WEOmbF/458Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sat, 17 Dec 2022 04:34:10 GMT
OqOE21UvWe3.png
www.facebook.com/rsrc.php/v3/y5/r/ Frame E470
400 B
451 B
Image
General
Full URL
https://www.facebook.com/rsrc.php/v3/y5/r/OqOE21UvWe3.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date
Thu, 16 Dec 2021 13:25:53 GMT
x-content-type-options
nosniff
content-md5
uF0RL4E+h23ClLQmPOTTMw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src https: data: wss: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
content-length
400
x-fb-rlafr
0
x-fb-debug
U6KRc/uKT0W/2gxfTS6tsJXmKY3u1mbBquwDBVCW+uFXeBulCT/eMH5AvwjktcR5/6zhG6vizAqlrguHnTkJaw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 16 Dec 2022 13:25:53 GMT
cavalry_endpoint.php
www.facebook.com/common/ Frame E470
67 B
99 B
Image
General
Full URL
https://www.facebook.com/common/cavalry_endpoint.php?t_cstart=1640269516427&t_start=1640269516427&t_domcontent=1640269516635&t_layout=1640269517825&t_onload=1640269517825&t_paint=1640269517825&t_creport=1640269517826&t_tti=1640269516635&lid=7044903928298565304-0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f15c:183:face:b00c:0:25de Singapore, Singapore, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.facebook.com/v2.0/plugins/like.php?action=like&app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df23bc4476a46f4c%26domain%3Dwww.ohrc.on.ca%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.ohrc.on.ca%252Ff26a93f17852d5c%26relation%3Dparent.parent&container_width=100&href=https%3A%2F%2Fwww.ohrc.on.ca%2Fpolicy-ableism-and-discrimination-based-disability%2F8-duty-accommodate&layout=button_count&locale=en_US&sdk=joey&share=false&show_faces=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
br
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
x-xss-protection
0
pragma
no-cache
x-fb-debug
VoJTuuSjjHop4OnV255ibUPSbcFotvP8ahtbG32Y7x7Iy6lLdQ+MqfHeBEdp8sSGhE4q/a8Zy+Hx15HBSrqYGQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Thu, 23 Dec 2021 14:25:18 GMT
strict-transport-security
max-age=15552000; preload
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
image/png
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| NREUM object| newrelic function| __nr_require undefined| $ function| jQuery object| Drupal object| jQuery17203046386458067989 function| onYouTubePlayerAPIReady function| onYouTubePlayerReady object| mejs function| MediaElement function| MediaElementPlayer string| GoogleAnalyticsObject function| ga function| openFullScreen function| openSWFFullScreen object| FORMALIZE object| twttr object| FB object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| __core-js_shared__ object| Sslac object| IN object| $ULs object| langArray string| langPathPrefix object| __twttrll object| __twttr

5 Cookies

Domain/Path Name / Value
www.ohrc.on.ca/ Name: has_js
Value: 1
.ohrc.on.ca/ Name: _ga
Value: GA1.3.1123257832.1640269515
.ohrc.on.ca/ Name: _gid
Value: GA1.3.1304163115.1640269515
.ohrc.on.ca/ Name: _gat
Value: 1
.nr-data.net/ Name: JSESSIONID
Value: c8c24187cbd44f63

205 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

bam-cell.nr-data.net
connect.facebook.net
js-agent.newrelic.com
platform.linkedin.com
platform.twitter.com
syndication.twitter.com
www.facebook.com
www.google-analytics.com
www.ohrc.on.ca
www3.ohrc.on.ca
104.244.42.200
151.101.66.137
162.247.243.147
184.73.171.62
216.223.152.12
2606:2800:21f:edfc:49f9:c096:a5a7:75f2
2606:2800:220:131d:1d30:1f1d:238b:1e56
2607:f8b0:4006:81f::200e
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f15c:183:face:b00c:0:25de
0a21b12cf821ebf17ecded74cca0b145c612a0cdb36ed9ee942ffac6e2ef41e7
0b21aa5e960937314d58656f01a995d3591919907abbf72955e8df8aa204e57a
0bc6fc875fca8c80cbd330aca2f0607d4f6b4ac8f6b716ba557722f2f9d13530
0dd53ceca07de8b1b2c16d9fee7a1d33dc90bc462a24abd38b2b9da7b8d27bc2
1430f42c0d760ba8e05bb3762480502e541f654fec5739ee40625ab22dc38c4f
15d0fab7d9e8bd7c529f5ff8c27e7ea33e1925fa0d759af2b2b39108a9a0661d
186ef01aca1c73789f73c2f4388a26387e38e5fd8a05f4f1c3785709cec25f66
1b2223372862d254318238091ca22f9be4374b19b342b5f6beba77b7afdf8fee
1dbc835b3f505cbcddf95fc329ba74416a6247867c722a8c083d47641a64a0f4
21daa396814216b1c3b60e0596b213adcff24abe606791fbf9f526e77b625c33
2260eb1cffb528a8fadcc8aa8c8f436593e0c2b8ec7540f690c8290ad6096bf9
2816082c025f64540b613fde3096d814ae21ac75279461ec1d6bcb5c07099fdd
2e08dccbd4d8b728a6871562995a4636b89bfe0ed3b8fb0138191c922228b116
312d73c2d350568c141e8b4eb5b3a2eca40d64b56ecf50eb80e37a1f70e1fc2c
3500b02b5fcb6e6a9074a286528c6c08f99e04120ba36213e73232c4c29b5682
350d4f60c3868c0408491737e8809a81648d1798346b95ea8dfd4f6c401c863e
451d5deb0660a2ae8db21b7c47f42c412128a70bf1f5e8ca8383203bc651fa29
4569fbfef2a73b2369d1e070a2ce3511f5a8c6a22a7cd6d61baf4982e75a21ee
47bd42add62e3c51cf35f0cee531ad5e7f9bee8a309456174e672726e96630e6
4ba03e57203ea578ec51f56d317a69cc2bb83af0933780683890fd9e046b66e5
4f36148e740ef70ae17373c9859f095f90b7a48fbec1de344e2036ec4d010d1c
4ffbe2e9dee8140051f1c8d1dc0f1993bfedf0b3d9f31d05f14525a2f2e50060
50f8d8e45f6742713a156c9fcf1b20d7c8c2dbddc7c649b76ee377775c6c4b83
542bce5a36596312192c95bb548f94aef2beb0b25c252d549148116356a07e18
555b94f889438ccb04407a8ee4e2a8f4ee6d1dc70df357464a4d2274eb939c59
5580b87ae96ed15358354d851df33e26208e42018af30c5c5ad85669c9a6a3fd
5755ee19aeb04eb9bddb4a79cda108f74394192459a71134e25cac146aba7315
5db97c929ce3d62399619f5a4eca967dbcb05e766215531a00d820e07632481c
5f21c9572eb4aca5d25d08458d0d26cf5d8dac5290a0f0b04c2b3f00a13dbd72
612f1b11300114847b24820da8ce6a8e41e103cad7e3b392b59fb2d4009f96b2
61d9ffc76d2464dd6f8dcca0d61d2f437c64c1173debe61235e87e6197e9dba7
63eeb9baf46a801bccb55ef3c1a60610e820d57f90814480a393a0ec8edb36a3
72aa4c0790d3899e5d808b169340c5ee49465e65963e010a7abe3215aeff65e4
751c24422ce335d7357eed66b5c0903f64a343bdb5dd1955f2fcefb9cfbc260a
7f4b9e18d6c7644e9d690818b04285dc90f64930759799ed1344f8ca71013e52
8026c31e5bf970924061e0ca8a66aef0d434e6aa3f2cc9ccc1eb89aacb013db5
860cdd1dfc3f4cb0d2e233ae2d796879ad8f011b10536ddfb124efc6f2778833
8765c022283e18d48a8ca1897935dc9e594be3bd10e33d7b9cad31140c328166
8ddd16e82813d3b21156531806bf2621098f1315544b9dd93386b42fea3b6633
8ed57735554e10487869fc96209f0bfe4efeb6152404d2fe9126be9ceb0d9916
932e90a5129c9dc438e44222fc3b43df3de4a61902c68caec47c92f05feb47dc
95026db445d30c2f364e055a1bb64d77b3dbdd0a36499130d702e7232c177e28
97719c71e44494e537beba8d51c6bb268a34dcd867fdefc431229225ca734b46
97c381714d28393d8950f88ae64a6f7241a02ad35ff8cf95ddca7bc26758550a
9b00bfc4e472e5c44170751bd95f82aa0e35d8151799f2dfb7adbce59ee41ee6
9ca6f7264b965f39155f6101fd95943768fbc7c58e9242baa652dce38c865525
9d935c2f3a923520d9a042e69d50a20a69cb43798b27ae68ba87b837fa231cc2
9f7f953befdb471c618c658e3fb8dd84af8c90c610cabac17b5b79f8e8df7d98
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a21d516967f722e2aee0803f0881f4d9d298968dd2af2326278c7571c22efc1b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1e8401a6be3cbb62e08f46d66e71ac2aff50d3e4d8ab90d925023301e273ec1
b895b71aeb9546efe0b35751e9ddb50bceaf2bea293f6aa09da7a530251783d3
bcd43deeb6edb4338252cabeef98abea73e71a203fe52655bcd9f5dae12129d2
bd6ec6ca789ecb1949286079ac29f331a532bca081300155dd4c117e16015984
bed57a09b10b5cfc83c33f5bc6205831a9db085c874bc72d096d05ad2136e4b4
bf6028e15a460586c16adb0210d268374501f60ecf36f11e554e2ffd089c636b
c06b8cf4e5609aae2d8d386745346d57a23bf97249a6515f902c5cbe3fb6ad96
c1247c6c6e2fa2a3b02f04886deac34f46ccef66483b1c64c1347e6b95e158b9
c2d45ca2b3439b8433e858bf4ac3af1dc1601c10f18152cb26b76897b8e27e14
c54103ba57ee210ca55c052e70415402707548a4e6a68dd6efb3895019bee392
c6d03b7a5561687268e57b13d9d4a6a4c71ee570ea74718040ce9227676e3e5e
caabcde80aa6ed55beb90f305cf9911359261bb007635535e2fce6f420fe376d
cedb2c9ccb5ceb2ad0c3d7be200063f8f0355d3d9bbab366388e0f500c949d53
d0bbad771a8a5ac5f9446791109693aeca1d676d44ced48f8514857f7d3e6fd0
d1cf866d16699ab3195d2018a452f0c467f5d12974e27d8a3b34c833562270ec
d24a2e5db8c476184f3f4b28fe5be7cfd159c276d1f58af244d72de55d5dee16
d2f0522008bff05c6434e48ac8f11f7464331436a4d5d96a14a058a81a75c82e
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
dd1c7822082e5d2cda6242df595462dffc97bfb4ec52b3dd9af2a9abb27bca82
e3ad317a103b4271c6d00cb97957c0d8e0f5bfd6cdc74976d022dd526963ecdf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e700bddf62232740af0e6b749f77155a531957e4e7ad2601ad1493e51420f107
e8fd6832e13fca9622a46af5fddb394c358ef083d84002896aca34613d77780e
e9bfb6e5adb0dd6edcc0928dfab79b6e3ee8907f79c0e36310bd242f45fb73d2
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
ef574d8fb41531083f9051c27b299d32dc57b3ae917e23412a0fbf594d292d93
f50ecccab299718f06b5dfef251e49d21622ee3f9f9f21fe3a19e3d0751db021
fad84efa145fb507e5df9b582fa01b1c4e6313de7f72ebdd55726d92fa4dbf06
fad98e17c9463edbfb349c0adb1a8104cbc3d94be9a9ece19cc78e2ff66c570b
fd8c6a08386e278b59bda6401107cdaa3bbcf9023c960d7cd95800d98c263165
ff7750952a601dbf03688b01a2eced6e5671a8335393eb063201bb732f12c99a