urlscan.io logo urlscan.io
SecurityTrails logo

uat.portal.discovery.us.deloitte.com Open in urlscan Pro
20.57.16.70  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://uat.portal.discovery.us.deloitte.com/
Effective URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Submission: On May 11 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 10 HTTP transactions. The main IP is 20.57.16.70, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is uat.portal.discovery.us.deloitte.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 4th 2024. Valid for: a year.
This is the only time uat.portal.discovery.us.deloitte.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 20.57.16.70 8075 (MICROSOFT...)
10 2
Apex Domain
Subdomains		 Transfer
11 deloitte.com
uat.portal.discovery.us.deloitte.com
474 KB
10 1
Domain Requested by
11 uat.portal.discovery.us.deloitte.com 1 redirects uat.portal.discovery.us.deloitte.com
10 1

This site contains no links.

Subject Issuer Validity Valid
uat.portal.discovery.us.deloitte.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-04 -
2025-03-03		 a year crt.sh

This page contains 1 frames:

Primary Page: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Frame ID: B1863F22B2C6BE9DA563C0F471305B3B
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Client Portal

Page URL History Show full URLs

  1. https://uat.portal.discovery.us.deloitte.com/ Page URL
  2. https://uat.portal.discovery.us.deloitte.com/Login HTTP 302
    https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

546 kB
Transfer

537 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://uat.portal.discovery.us.deloitte.com/ Page URL
  2. https://uat.portal.discovery.us.deloitte.com/Login HTTP 302
    https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
uat.portal.discovery.us.deloitte.com/ 		8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4a0c5da59a3ec488783b2839633aeb293f466a3ba0d991d21e672aea21cacc62
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Content-Type
text/html; charset=utf-8
Date
Sat, 11 May 2024 08:06:50 GMT
Expires
-1
Pragma
no-cache
Referrer-Policy
no-referrer
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
X-Xss-Protection
1; mode=block
fonts.css
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/ 		73 KB
79 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/fonts.css
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 11 May 2024 08:06:50 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:34 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0d0d134c1"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
js.cookie.js
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/js.cookie.js
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 11 May 2024 08:06:50 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:32 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0cf9ee5ce"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/javascript
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
capture-original-url.js
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/ 		548 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/capture-original-url.js
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 11 May 2024 08:06:50 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:32 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0cf9ee824"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/javascript
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
Primary Request authentication
uat.portal.discovery.us.deloitte.com/
Redirect Chain
  • https://uat.portal.discovery.us.deloitte.com/Login
  • https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
9 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/scripts/capture-original-url.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
bc5b8fcc770732f86c1bef4983cfaa2507f6902c7117b557f9f4df3fc8c97469
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-US,en;q=0.9;q=0.9
Referer
https://uat.portal.discovery.us.deloitte.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store,no-cache
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Content-Type
text/html; charset=utf-8
Date
Sat, 11 May 2024 08:06:51 GMT
Expires
-1
Pragma
no-cache
Referrer-Policy
no-referrer
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
X-Xss-Protection
1; mode=block

Redirect headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Content-Length
0
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Date
Sat, 11 May 2024 08:06:51 GMT
Expires
-1
Location
https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Pragma
no-cache
Referrer-Policy
no-referrer
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Server
Microsoft-IIS/10.0
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
X-Xss-Protection
1; mode=block
bg-mason.jpg
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/ 		143 KB
144 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/bg-mason.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://uat.portal.discovery.us.deloitte.com/
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 11 May 2024 08:06:51 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Content-Length
146575
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:32 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0cf9cd68f"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
image/jpeg
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
truncated
/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
fonts.css
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/ 		73 KB
79 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/styles/fonts.css
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4241728cd5c8758767c2cc172cbcc4dcfd72da1328bb32e63a8f551d27d3b4c2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Permitted-Cross-Domain-Policies
none
Date
Sat, 11 May 2024 08:06:51 GMT
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:34 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0d0d134c1"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Access-Control-Allow-Methods
GET,POST,HEAD
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
Deloitte-wh.png
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/Deloitte-wh.png
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
a62f9e00c3b8eec3d40b0bbb9a38d7de06f7ad5595fc7837cbff7962d0c5c24e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 11 May 2024 08:06:51 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Content-Length
8877
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:32 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0cf9ec8ad"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
image/png
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
bg-mason.jpg
uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/ 		143 KB
144 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://uat.portal.discovery.us.deloitte.com/PublicStaticFiles/assets/images/bg-mason.jpg
Requested by
Host: uat.portal.discovery.us.deloitte.com
URL: https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8980ee10c8ad5a2bfcf8fc51ed9abaea0a2b7ddca95955ff39e1c9debd6bb3d3
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://uat.portal.discovery.us.deloitte.com/authentication?ReturnUrl=%2FLogin
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 11 May 2024 08:06:51 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Content-Length
146575
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Fri, 10 May 2024 15:43:32 GMT
Server
Microsoft-IIS/10.0
ETag
"1daa2f0cf9cd68f"
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
image/jpeg
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Expires
-1
truncated
/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea20e5db3ba915c503173fae268445fc2745fc9a5dce2f58d47f5a355e1cdb18

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
truncated
/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e8a28a0638c920e5b76177e5f03ba94fcdedd3e3ecd347c333d82876b51c9c0

Request headers

Referer
Origin
https://uat.portal.discovery.us.deloitte.com
Accept-Language
en-US,en;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
font/woff
favicon.ico
uat.portal.discovery.us.deloitte.com/ 		527 B
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://uat.portal.discovery.us.deloitte.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.57.16.70 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ad3584a8d830e90490779ca89b691f7f30db2e4008f6cbb470788d7029127304
Security Headers
Name Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
Accept-Language
en-US,en;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
X-Content-Type-Options
nosniff
Date
Sat, 11 May 2024 08:06:51 GMT
X-Permitted-Cross-Domain-Policies
none
X-Powered-By
ASP.NET
Transfer-Encoding
chunked
X-Xss-Protection
1; mode=block
Request-Context
appId=cid-v1:b7b7948d-ca12-42e4-a7ba-a091bae340d1
Pragma
no-cache
Referrer-Policy
no-referrer
Server
Microsoft-IIS/10.0
X-Frame-Options
DENY
Access-Control-Allow-Methods
GET,POST,HEAD
Content-Type
text/plain
Cache-Control
no-store, no-cache
Access-Control-Allow-Credentials
true
Expires
-1

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Domain/Path Name / Value
.uat.portal.discovery.us.deloitte.com/ Name: ARRAffinity
Value: 8e5526da6ce91b2c201af09c727053a41ca153614da5533f6c3e4b0ec7e2c24d
.uat.portal.discovery.us.deloitte.com/ Name: ARRAffinitySameSite
Value: 8e5526da6ce91b2c201af09c727053a41ca153614da5533f6c3e4b0ec7e2c24d
uat.portal.discovery.us.deloitte.com/ Name: dseng.clientportal.antiforgery
Value: CfDJ8HSuTN4Tv5xHm2rqefNUZa9zlqz9EUrjvRtUrglCP1AecYQaA1E9M2bW6ScjvhQKig7OFIOcTCi13t82FhnmWmfNS1AW2Kx4TkNOMM8Bazi-UGko7OpAQR3l9fjiGdmb5uC3JB0UIAm8_8SPFRImmRk

1 Console Messages

Source Level URL
Text
network error URL: https://uat.portal.discovery.us.deloitte.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; connect-src 'self' dc.applicationinsights.azure.com dc.applicationinsights.microsoft.com dc.services.visualstudio.com cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com dc.sso-swarm.d3.dev-sltc.com sso-swarm.d3.dev-sltc.com; upgrade-insecure-requests; object-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval' cdn.cookielaw.org geolocation.onetrust.com privacyportal-de.onetrust.com; font-src 'self' data:; img-src 'self' cdn.cookielaw.org data:; style-src 'self' 'unsafe-inline'; frame-src https://app.powerbi.com https://cdn.cookielaw.org
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block