Submitted URL: https://nexxe.gep.com//BOFAPROD/v3/?b=1#/contract_create/2846ff20-10bb-42ea-b51a-cbd38c047989
Effective URL: https://smart-auth.gep.com/login/callback?connection=boa
Submission: On November 05 via api from IL — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 5 HTTP transactions. The main IP is 20.231.240.137, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is smart-auth.gep.com. The Cisco Umbrella rank of the primary domain is 214486.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on June 10th 2023. Valid for: a year.
This is the only time smart-auth.gep.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 5 2620:1ec:46::63 8075 (MICROSOFT...)
2 4 20.231.240.137 8075 (MICROSOFT...)
1 171.161.146.123 10794 (BANKAMERICA)
5 3
Apex Domain
Subdomains
Transfer
9 gep.com
nexxe.gep.com — Cisco Umbrella Rank: 479418
smart-sts.gep.com — Cisco Umbrella Rank: 233599
smart-auth.gep.com — Cisco Umbrella Rank: 214486
smartdev.gep.com
30 KB
1 bankofamerica.com
fedsso.bankofamerica.com — Cisco Umbrella Rank: 250962
6 KB
5 2
Domain Requested by
4 smart-auth.gep.com 2 redirects nexxe.gep.com
3 smart-sts.gep.com 3 redirects
1 smartdev.gep.com smart-auth.gep.com
1 fedsso.bankofamerica.com
1 nexxe.gep.com
5 5

This site contains links to these domains. Also see Links.

Domain
success.gep.com
Subject Issuer Validity Valid
Nexxe.gep.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-10-09 -
2024-10-22
a year crt.sh
smart-auth.gep.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-06-10 -
2024-06-10
a year crt.sh
fedsso-rtx-ext.bankofamerica.com
Entrust Certification Authority - L1M
2023-05-19 -
2024-05-18
a year crt.sh
smartdev.gep.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-12 -
2024-08-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://smart-auth.gep.com/login/callback?connection=boa
Frame ID: DCA717918B00198BD4C247549C15AEDF
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Error - Gep

Page URL History Show full URLs

  1. https://nexxe.gep.com//BOFAPROD/v3/?b=1 Page URL
  2. https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PA... HTTP 302
    https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrea... HTTP 302
    https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs... HTTP 302
    https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2... HTTP 302
    https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253As... HTTP 302
    https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3F... Page URL
  3. https://fedsso.bankofamerica.com/idp/SSO.saml2 Page URL
  4. https://smart-auth.gep.com/login/callback?connection=boa Page URL

Page Statistics

5
Requests

100 %
HTTPS

33 %
IPv6

2
Domains

5
Subdomains

3
IPs

1
Countries

27 kB
Transfer

17 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nexxe.gep.com//BOFAPROD/v3/?b=1 Page URL
  2. https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3Dv3%2F%26b%3D1&ru=%2Fbofaprod&wreply=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3Dv3%2F%26b%3D1%26_PATH1%3D%2Fcontract_create%2F2846ff20-10bb-42ea-b51a-cbd38c047989 HTTP 302
    https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrealm%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26ru%3d%2fbofaprod%26wreply%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26_PATH1%3d%2fcontract_create%2f2846ff20-10bb-42ea-b51a-cbd38c047989 HTTP 302
    https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs0W6wP16lZ9K1?connection=boa&RelayState=https%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26_PATH1%3d%2fcontract_create%2f2846ff20-10bb-42ea-b51a-cbd38c047989 HTTP 302
    https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2F%2Fsmart-sts.gep.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email&code_challenge=cwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo&code_challenge_method=S256&response_mode=form_post&nonce=638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy&acr_values=tenant%3Aboa%20returnto%3Ahttps%253a%252f%252fNexxe.gep.com%252fHome%253frux%253dscm%2526_PATH%253dv3%252f%2526b%253d1%2526_PATH1%253d%252fcontract_create%252f2846ff20-10bb-42ea-b51a-cbd38c047989&state=sGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP 302
    https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP 302
    https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 Page URL
  3. https://fedsso.bankofamerica.com/idp/SSO.saml2 Page URL
  4. https://smart-auth.gep.com/login/callback?connection=boa Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3Dv3%2F%26b%3D1&ru=%2Fbofaprod&wreply=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3Dv3%2F%26b%3D1%26_PATH1%3D%2Fcontract_create%2F2846ff20-10bb-42ea-b51a-cbd38c047989 HTTP 302
  • https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrealm%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26ru%3d%2fbofaprod%26wreply%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26_PATH1%3d%2fcontract_create%2f2846ff20-10bb-42ea-b51a-cbd38c047989 HTTP 302
  • https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs0W6wP16lZ9K1?connection=boa&RelayState=https%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26_PATH1%3d%2fcontract_create%2f2846ff20-10bb-42ea-b51a-cbd38c047989 HTTP 302
  • https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2F%2Fsmart-sts.gep.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email&code_challenge=cwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo&code_challenge_method=S256&response_mode=form_post&nonce=638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy&acr_values=tenant%3Aboa%20returnto%3Ahttps%253a%252f%252fNexxe.gep.com%252fHome%253frux%253dscm%2526_PATH%253dv3%252f%2526b%253d1%2526_PATH1%253d%252fcontract_create%252f2846ff20-10bb-42ea-b51a-cbd38c047989&state=sGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 HTTP 302
  • https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0 HTTP 302
  • https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0

5 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
nexxe.gep.com//BOFAPROD/v3/
670 B
3 KB
Document
General
Full URL
https://nexxe.gep.com//BOFAPROD/v3/?b=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
70eeff08f1002e829426adb61c9fe63bd07e03cc0a1231afd902e4ef5a604eae
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: blob: wss: 'unsafe-eval' smart.gep.com static-nexxeuat.gep.com eu.smart.gep.com smartapac.gep.com nexxe.gep.com api-nexxe.gep.com api-smart.gep.com api-leo.gep.com api-click.gep.com d1icd6shlvmxi6.cloudfront.net js-agent.newrelic.com fonts.googleapis.com bam.nr-data.net fonts.gstatic.com static-smart.gep.com static-nexxe.gep.com cloudfront.net nexxeproddirectcdn.azureedge.net nexxecdn.gep.com static.gep.com smart-sts.gep.com smart-idp.gep.com js.pusher.com us-central1-bustling-psyche-221120.cloudfunctions.net cdn.ckeditor.com smartdevdirectstorage.blob.core.windows.net businessnetwork.gep.com businessnetwork-idp.gep.com businessnetwork-sts.gep.com Platform.gep.com Build.gep.com cdnjs.cloudflare.com static2-nexxe.gep.com api-leodsaks.gep.com us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-uat1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net use.typekit.net fonts.googleapis.com plugin-nexxedev.gep.com plugin-nexxeqc.gep.com plugin-nexxeuat.gep.com plugin-nexxe.gep.com atlas.microsoft.com fonts.googleapis.com dc.services.visualstudio.com plugin-nexxeqc.gep.com api-click.gep.com api-clickeu.gep.com api-clickapac.gep.com static-azstorage-us.gep.com static-azstorage-eu.gep.com punchout.gep.com static-azstorage-apac.gep.com static-bofastorage.gep.com api-click.gep.com api-clickeu.gep.com api.ipify.org nexxedirectdatastore.blob.core.windows.net data.smartpendo.gep.com *.pusher.com api-leoaks.gep.com p.typekit.net content.smartpendo.gep.com sockjs-mt1.pusher.com ws-mt1.pusher.com sockjs-eu.pusher.com nexxedevdirectcdn.azureedge.net whatfix.com api-nexxeapac.gep.com api-smartapac.gep.com api-leoapac.gep.com api-leodsaksapac.gep.com api-nexxeeu.gep.com api-smarteu.gep.com api-leoeu.gep.com api-leodsakseu.gep.com nexxe.gep.com static-nexxe.gep.com static-bofastorage.gep.com cdn.whatfix.com m.media-amazon.com static.grainger.com static-doc-storage.gep.com images.staplesadvantage.com smartakseu.gep.com cdn.walkme.com ec.walkme.com s3.walkmeusercontent.com papi.walkme.com rapi.walkme.com playerserver.walkme.com gepsmartmtstorage.blob.core.windows.net nexxeprodapacdatastore.blob.core.windows.net nexxeprodeudatastore.blob.core.windows.net nexxeproddirectdatastore.blob.core.windows.net api-nexxeprodeu.gep.com smartapac.gep.com api-nexxeprodeu.gep.com api-clickuat.gep.com api-clickuateu.gep.com api-clickuatapac.gep.com; frame-src 'self' whatfix.com word-edit.officeapps.live.com cdn.walkme.com ffc-word-edit.officeapps.live.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*.gep.com
access-control-max-age
1728000
cache-control
no-store
content-security-policy
default-src 'self' 'unsafe-inline' data: blob: wss: 'unsafe-eval' smart.gep.com static-nexxeuat.gep.com eu.smart.gep.com smartapac.gep.com nexxe.gep.com api-nexxe.gep.com api-smart.gep.com api-leo.gep.com api-click.gep.com d1icd6shlvmxi6.cloudfront.net js-agent.newrelic.com fonts.googleapis.com bam.nr-data.net fonts.gstatic.com static-smart.gep.com static-nexxe.gep.com cloudfront.net nexxeproddirectcdn.azureedge.net nexxecdn.gep.com static.gep.com smart-sts.gep.com smart-idp.gep.com js.pusher.com us-central1-bustling-psyche-221120.cloudfunctions.net cdn.ckeditor.com smartdevdirectstorage.blob.core.windows.net businessnetwork.gep.com businessnetwork-idp.gep.com businessnetwork-sts.gep.com Platform.gep.com Build.gep.com cdnjs.cloudflare.com static2-nexxe.gep.com api-leodsaks.gep.com us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-uat1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net use.typekit.net fonts.googleapis.com plugin-nexxedev.gep.com plugin-nexxeqc.gep.com plugin-nexxeuat.gep.com plugin-nexxe.gep.com atlas.microsoft.com fonts.googleapis.com dc.services.visualstudio.com plugin-nexxeqc.gep.com api-click.gep.com api-clickeu.gep.com api-clickapac.gep.com static-azstorage-us.gep.com static-azstorage-eu.gep.com punchout.gep.com static-azstorage-apac.gep.com static-bofastorage.gep.com api-click.gep.com api-clickeu.gep.com api.ipify.org nexxedirectdatastore.blob.core.windows.net data.smartpendo.gep.com *.pusher.com api-leoaks.gep.com p.typekit.net content.smartpendo.gep.com sockjs-mt1.pusher.com ws-mt1.pusher.com sockjs-eu.pusher.com nexxedevdirectcdn.azureedge.net whatfix.com api-nexxeapac.gep.com api-smartapac.gep.com api-leoapac.gep.com api-leodsaksapac.gep.com api-nexxeeu.gep.com api-smarteu.gep.com api-leoeu.gep.com api-leodsakseu.gep.com nexxe.gep.com static-nexxe.gep.com static-bofastorage.gep.com cdn.whatfix.com m.media-amazon.com static.grainger.com static-doc-storage.gep.com images.staplesadvantage.com smartakseu.gep.com cdn.walkme.com ec.walkme.com s3.walkmeusercontent.com papi.walkme.com rapi.walkme.com playerserver.walkme.com gepsmartmtstorage.blob.core.windows.net nexxeprodapacdatastore.blob.core.windows.net nexxeprodeudatastore.blob.core.windows.net nexxeproddirectdatastore.blob.core.windows.net api-nexxeprodeu.gep.com smartapac.gep.com api-nexxeprodeu.gep.com api-clickuat.gep.com api-clickuateu.gep.com api-clickuatapac.gep.com; frame-src 'self' whatfix.com word-edit.officeapps.live.com cdn.walkme.com ffc-word-edit.officeapps.live.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com blob: ;
date
Sun, 05 Nov 2023 19:51:28 GMT
permissions-policy
geolocation=(self "https://*.gep.com")
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-azure-ref
20231105T195127Z-x5nyw4km1t5sf1cfne67842sun00000002u000000003hfqf
x-cache
CONFIG_NOCACHE
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
Challenge
smart-auth.gep.com/External/
Redirect Chain
  • https://smart-sts.gep.com/?gepoa=OASignIn&wtrealm=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3Dv3%2F%26b%3D1&ru=%2Fbofaprod&wreply=https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH...
  • https://smart-sts.gep.com/login?ReturnUrl=http%3a%2f%2fsmart-sts.gep.com%2f%3fgepoa%3dOASignIn%26wtrealm%3dhttps%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3dv3%2f%26b%3d1%26ru%3d%2fbofaprod%...
  • https://smart-sts.gep.com/Authenticate?ReturnUrl=https://smart-auth.gep.com/samlp/AYLKmwM5BaTn3lyCQDvs0W6wP16lZ9K1?connection=boa&RelayState=https%3a%2f%2fNexxe.gep.com%2fHome%3frux%3dscm%26_PATH%3...
  • https://smart-auth.gep.com/connect/authorize?client_id=urn%3Asmart-auth.gep.com&redirect_uri=https%3A%2F%2Fsmart-sts.gep.com%2Fsignin-oidc&response_type=code&scope=openid%20profile%20email&code_cha...
  • https://smart-auth.gep.com/External?ReturnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26res...
  • https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%...
1 KB
4 KB
Document
General
Full URL
https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Requested by
Host: nexxe.gep.com
URL: https://nexxe.gep.com//BOFAPROD/v3/?b=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.231.240.137 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://nexxe.gep.com//BOFAPROD/v3/?b=1#/contract_create/2846ff20-10bb-42ea-b51a-cbd38c047989
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,x-gep-transaction-scope-id
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache
content-length
1298
content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
content-type
text/html;charset=UTF-8
date
Sun, 05 Nov 2023 19:51:29 GMT
expires
-1
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,x-gep-transaction-scope-id
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache, no-store
content-length
0
content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
date
Sun, 05 Nov 2023 19:51:29 GMT
location
/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
SSO.saml2
fedsso.bankofamerica.com/idp/
4 KB
6 KB
Document
General
Full URL
https://fedsso.bankofamerica.com/idp/SSO.saml2
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
171.161.146.123 , United States, ASN10794 (BANKAMERICA, US),
Reverse DNS
fedsso-pf-rtx-ext-vip.bankofamerica.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://smart-auth.gep.com
Referer
https://smart-auth.gep.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
3723
Content-Security-Policy
default-src 'self'; style-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; img-src 'self' data: 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; connect-src 'self' 'unsafe-inline' wss: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; frame-src 'self' 'unsafe-inline' *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com; font-src 'self' 'unsafe-inline' data: *.ml.com *.bankofamerica.com *.baml.com *.bluematrix.com *.thomsonreuters.com *.thomsonreuters.biz *.thomsonreuters.net *.sentieo.com *.refinitiv.com *.refinitiv.biz *.refinitiv.net *.fmrco.com
Content-Type
text/html;charset=utf-8
Date
Sun, 05 Nov 2023 19:51:30 GMT
Expect-CT
max-age=3600, enforce
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=5, max=20000
P3P
CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma
no-cache
Referrer-Policy
origin
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Primary Request callback
smart-auth.gep.com/login/
3 KB
4 KB
Document
General
Full URL
https://smart-auth.gep.com/login/callback?connection=boa
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.231.240.137 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f501b20b5acf1c3b77153f7953a194eb0f2815fd79245d8ffb3c7b23d4c26977
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
Strict-Transport-Security max-age=15724800; includeSubDomains
X-Content-Security-Policy upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Content-Type
application/x-www-form-urlencoded
Origin
https://fedsso.bankofamerica.com
Referer
https://fedsso.bankofamerica.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,x-gep-transaction-scope-id
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
cache-control
no-cache,no-store
content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
content-type
text/html; charset=utf-8
date
Sun, 05 Nov 2023 19:51:30 GMT
expires
-1
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=15724800; includeSubDomains
x-content-security-policy
upgrade-insecure-requests default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
smartGepLogo.jpg
smartdev.gep.com/Themes/globalAssets/desktop/images/
8 KB
10 KB
Image
General
Full URL
https://smartdev.gep.com/Themes/globalAssets/desktop/images/smartGepLogo.jpg
Requested by
Host: smart-auth.gep.com
URL: https://smart-auth.gep.com/login/callback?connection=boa
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9e3f3b5948fb734d57b0e15795b1133cf5534c17af31bed50e00597b546737a7
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: wss: blob: 'unsafe-inline' 'unsafe-eval' plugin-nexxedev.gep.com use.typekit.net ec.walkme.com cdn.walkme.com fonts.googleapis.com smartdev.gep.com smart.gep.com scmdev.gep.com nexxedev.gep.com api-nexxedev.gep.com api-smartdev.gep.com js-agent.newrelic.com bam.nr-data.net static-smartdev.gep.com static-nexxedev.gep.com cloudfront.net nexxedevdirectcdn.azureedge.net smartdev-sts.gep.com smartdev-idp.gep.com js.pusher.com google.com gstatic.com cdn.pendo.io static-smart.gep.com content.smartpendo.gep.com ws-mt1.pusher.com sockjs-mt1.pusher.com data.smartpendo.gep.com stats.pusher.com pusher.com api-smartasfdev.gep.com gepdevmediaservice-aase.streaming.media.azure.net dsaksdev.gep.com smarteditor.gep.com gepckeditor01.gep.com powerpoint.officeapps.live.com excel.officeapps.live.com word-edit.officeapps.live.com smart-dev-auction-signleir.service.signalr.net www.highcharts.com smartdeverr.gep.com d1icd6shlvmxi6.cloudfront.net n2.mouseflow.com api-leoaksdev.gep.com p.typekit.net fonts.gstatic.com us-east1-nexxe-ui-qc.cloudfunctions.net us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net cdn.mouseflow.com smart-dev-plat-chatbot-sea.service.signalr.net gepmtstorage.blob.core.windows.net m.media-amazon.com ffc-word-edit.officeapps.live.com pusher.com smartdev-auth.gep.com 'report-sample' www.recaptcha.net static2-smartdev.gep.com code.jquery.com www.recaptcha.net go.microsoft.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://smart-auth.gep.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Sun, 05 Nov 2023 19:51:31 GMT
content-security-policy
default-src 'self' data: wss: blob: 'unsafe-inline' 'unsafe-eval' plugin-nexxedev.gep.com use.typekit.net ec.walkme.com cdn.walkme.com fonts.googleapis.com smartdev.gep.com smart.gep.com scmdev.gep.com nexxedev.gep.com api-nexxedev.gep.com api-smartdev.gep.com js-agent.newrelic.com bam.nr-data.net static-smartdev.gep.com static-nexxedev.gep.com cloudfront.net nexxedevdirectcdn.azureedge.net smartdev-sts.gep.com smartdev-idp.gep.com js.pusher.com google.com gstatic.com cdn.pendo.io static-smart.gep.com content.smartpendo.gep.com ws-mt1.pusher.com sockjs-mt1.pusher.com data.smartpendo.gep.com stats.pusher.com pusher.com api-smartasfdev.gep.com gepdevmediaservice-aase.streaming.media.azure.net dsaksdev.gep.com smarteditor.gep.com gepckeditor01.gep.com powerpoint.officeapps.live.com excel.officeapps.live.com word-edit.officeapps.live.com smart-dev-auction-signleir.service.signalr.net www.highcharts.com smartdeverr.gep.com d1icd6shlvmxi6.cloudfront.net n2.mouseflow.com api-leoaksdev.gep.com p.typekit.net fonts.gstatic.com us-east1-nexxe-ui-qc.cloudfunctions.net us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net cdn.mouseflow.com smart-dev-plat-chatbot-sea.service.signalr.net gepmtstorage.blob.core.windows.net m.media-amazon.com ffc-word-edit.officeapps.live.com pusher.com smartdev-auth.gep.com 'report-sample' www.recaptcha.net static2-smartdev.gep.com code.jquery.com www.recaptcha.net go.microsoft.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com;
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-cache
CONFIG_NOCACHE
public
OPTIONS, GET, HEAD, POST, DELETE, PUT
content-length
8145
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 09 Oct 2023 04:30:30 GMT
etag
"037ac5569fad91:0"
x-azure-ref
20231105T195131Z-4cnrstwawd3atcs47kn54mva2g00000008k000000002p5z5
allow
OPTIONS, GET, HEAD, POST, DELETE, PUT
content-type
image/jpeg
vary
Accept-Encoding
access-control-allow-origin
*
cache-control
max-age=86400
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
permissions-policy
geolocation=(self "https://*.gep.com")
access-control-max-age
1728000
accept-ranges
bytes
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,ocp-apim-subscription-key,EVENT,reference-code,requestverificationtoken,userexecutioncontext,bpc
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

11 Cookies

Domain/Path Name / Value
smart-sts.gep.com/signin-oidc Name: fedno.Ep_LNTtc6jxMSgggr8lpbM2NS2OILMpNfz9u7ra8JWodZpmHl3DdXze_DerlyZXg1LMS1OqsvrfRthcFOuEkIb0ZfAv-AuacBP9AFsbqCbNkro8_A9yXMHPFGaRxLMAhm6PdmAdig8kJ4trb3OE1S_qvQG0rnvnHtplqPlOn2Og
Value: N
smart-sts.gep.com/signin-oidc Name: fedco.stsoidc.IDZPhOTWrA4Q-BEJO64J6fY1nAOrBUIBfIgQk3biQYM
Value: N
smart-sts.gep.com/ Name: stsreturnurl
Value: https%3A%2F%2FNexxe.gep.com%2FHome%3Frux%3Dscm%26_PATH%3Dv3%2F%26b%3D1%26_PATH1%3D%2Fcontract_create%2F2846ff20-10bb-42ea-b51a-cbd38c047989
smart-auth.gep.com/ Name: returnto
Value: https%3A%2F%2Fnexxe.gep.com%2Fboa
smart-auth.gep.com/ Name: Saml2pCorrelation
Value: DOcA2oNf3Lw-BpcBWbYBSf-bG7obZQjdNTszc6ScVBs1kcZGZw3GUA5FU2D_ZZ2XNL7otUvSqjc1ZF4i4c5DYWdX9tyNiRewHr_eIpAuT9DJLHv6O8bXhxh01FL_J2QVeutL09sgm64Y941M01nbUfnNgyj31-gUU-CzfgFPu0Jzc4oVO0CP5cAaXzg9593Dj7t7XmCFVuBYx5fo0RXNPj3CP99-s_XZiegBuqVdHy2qQJjAD8LIJXgdBR7yrC2MkwWUwzslc9lY3qr1FSzFdNTrqVCaAohSDcV1gvbNOkeI0F-OAedijt5s8J0oNO1IJxoiE1Cb8oupGxumwALTWnXJuK8esLZ02PVu1lu20JciD0oyha4285DupQDPwRgeQI7-4cwzQc3xGMyWfZW4stcbDFQZ1YI-DfhKjD4Gz3w93Dg_6H99LZcYy-wJbYtRfW1GQRRWza3GyIy44xD1lB6HSmqB__QnZySvGUl8130M9JnIOoeYuk7ow71QIbTzT1dggq4VsA3ZQvlZSGbHpg1qu6Kf0_f-BCAerf96LbntwVBy0UfiIrDUsn4_L9dxzTSAj9CtrmVPmfk2EIOmfCmWKX0ygSD5eowNS6e7yoc-dTU6Vmq9gwfJGeCvGBBwpEmmOvfBZh2bNbr3R2pUi3sKHeFe6QtCkO7KYuHpUvCZh0hP1NqJgxf0Djqtloa6YOT9veM4bLAHZUr2Us--rM1JgYCTrXdUb02ZoztzTaUmEm1BL2X6x7xZSCLYlq28TwrFtQcwQXnsOwylXDMCpni9fkmpCjZ05p6JTKVbtYIytXWduAHpbesgQunLNYtbCnMSboxt50WcWHoXc6_RwY40Wcd-4dOGqobWhkiVCmO4oH-WWi3b9IWiuC7iHwrjGAEwffI601EhLVLa2-Ol9lhCp0C6AxzmQPD-40ODewoPcF7sbLQksUWlrj1cHqiyuSxy8sS04OkwZz471AchPz8z2zy1A-mKsnJrwdZ_p5WcXoq6DBaWHnwpeUF5k4dZWO6bDt8KWYhoYlZfddm-mn4dAxA9u1qCIELX4YbCE4rn0ApfJ-s5mrVlS-Trqyawa0XwZjuXXK8Xioeu75IcxA2eOxAD8lda0LYcrfH5HWi99tgbuH5mK-VahTG2SMcePdYjZG_y_WQAzn8k67hV6M1b-a1cujNku_kI257QR6KR_dfHtKNMyu6l4DiWXOM7xH6vjGHJkuqNSYiKryvBUBEg5x1bycPMemWAZ6v9jRV1h44sXxkv-wgYZX7K57FQeDrBLEzskE3AcoMDeswB7BIqTnfqh7o1jyZYpyUY939rqvUaOd3ETAZNCTUqd8XLhuGuBDJPPWo78nHJ7CvxRmz3CbZdSxwLCe728Ae-TjJ3XdyOBrCfh5feYJyuTqmbv9iiInHaQqOaJ4pdXkv0NUjDbXrCwzEL_YEi-NFUMr0tBMXGbTi7IEFBb95CXdMD7gF71MIYcUJ1CkCMpW9RHi02saX7ItyOU5nyKMpkxgZm7T6JC0yRuFZsGrQZxmFMniKTns3A5UFuR7YeCynrsHpxWDZhCVFQOLYHJwVuAOHJSKYCTBVwK1CcJn9iq378qjnkooRNRBVtHEWeis9MxOCP1Ypbs5Xv8aGnKGoAXXlpqr3yoqg63BaKiVt12nR2aenGb8Z6-AvQvdn8sDypGhRNwsFyB75NnmTHguRG-RaadXa2pxxWrhk3HqSY8rUK8p7aa4iLMxU5N-vCoypwHuHahzN89kZh-fawpWTSM5IT1wi1-V4CAa9Nu96rWvevqx8DpssswGcK746_-MfD1H_qE7hbiMR4xPuSRWjVu-Jeib8LGthczkuk7i-GzxHpWfxzJ6wxx67Fc9J3TH8pzc6lric7UxuiY1zlRvQQLBXs5HKck0Jba_PlO5_BfHzUsfQom-eDUXfqk27BHckiAZkFxF9rkODVgGSCiUeeVXfU-zxufzjVkWEpwfnw5ttQwhwTNwG0QbgyoI1-x7mEmG5bNTdaoKSpXY5F7DbF-IyOtFFrncDW4C4zwRAijyKfl6oHdNu4clDd6Ht01VRz9g
fedsso.bankofamerica.com/ Name: PF
Value: iji02KvmpKr3hZUYo37pl2
fedsso.bankofamerica.com/ Name: bac_persist
Value: 1130638757.24515.0000
.bankofamerica.com/ Name: _bofalid
Value: RDPR/TzkBAvoCeZFWy1kLHhkG7jBm++QC17LyzE75D0=
.fedsso.bankofamerica.com/ Name: TS0193529a
Value: 014074c582586be686618ba028585c8235bded7172b1eadb4a0a9399212aa3805a8f2ff2de8f6df2b53f8e6199977912c99a9f70c7
smart-auth.gep.com/ Name: .AspNetCore.Antiforgery.9TtSrW0hzOs
Value: 3X76hML19S2KBWm_lcxO206WZDQs2dNs3zP8cOL8zkQ
smart-auth.gep.com/ Name: XSRF-TOKEN
Value: 3X76hML19S2KBWm_lcxO23KFj09GuMY6KuFOi8rdu7g

5 Console Messages

Source Level URL
Text
security error URL: https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Message:
The Content Security Policy directive 'upgrade-insecure-requests' should be empty, but was delivered with a value of 'default-src 'self''. The directive has been applied, and the value ignored.
security warning URL: https://smart-auth.gep.com/External/Challenge?scheme=boa&returnUrl=%2Fconnect%2Fauthorize%2Fcallback%3Fclient_id%3Durn%253Asmart-auth.gep.com%26redirect_uri%3Dhttps%253A%252F%252Fsmart-sts.gep.com%252Fsignin-oidc%26response_type%3Dcode%26scope%3Dopenid%2520profile%2520email%26code_challenge%3DcwSDz4w4G5Z1zG5qJRdUFD8tIg9xhYHbZqBsOxRgUzo%26code_challenge_method%3DS256%26response_mode%3Dform_post%26nonce%3D638348106886092837.YTA4OThiNjctMDc2MS00NzFjLTlmODMtODJkYTYzYzA3OTAzOTAyN2UyN2EtM2FhMi00YWI2LWE2ODYtM2VhZGM1NmU4ZmIy%26acr_values%3Dtenant%253Aboa%2520returnto%253Ahttps%25253a%25252f%25252fNexxe.gep.com%25252fHome%25253frux%25253dscm%252526_PATH%25253dv3%25252f%252526b%25253d1%252526_PATH1%25253d%25252fcontract_create%25252f2846ff20-10bb-42ea-b51a-cbd38c047989%26state%3DsGugf4e8d7lVIGVp5FI8wXQk2nVF2WqCbTzkiyGfrdsVAcC-_ZCtyDWMUypsHo0LDoAtrYkx3Jjen9x6dY07XOFobvqsN1yrzds0X-7JwZEpJUw-MEb51Ef2Ziff1WuAfFHrgDXlddNVWVhNmI9ivexPOe5-GY5IWyvH1iUzON1hYuRBdRY5coJEUFZb0JGHt-lzUg_hG2IhPIghETjAId_JWOMtQSxPlpVvwteCwiDf_WenXIJu_1oRWVFggKx-Kke3e-eIzUVEvE6rQ-9UDiiQC0axouqp2KukcOy5Kqo4Hefo5l2tZBPjCvy6UmPwUYkBrTPE5D4hsjM1t1VRS0R_rC_XL0oHZni_8RnXbkabFxVzprGEZYyr4ALOodzstAZZL3dIHG9knM0mHK9b5-OSbAw_Twm5UR-co2Xc0rqd_TWvGBvHxZmExfp9iAOfH4OgBmoTVrTWWrpqnQKJMzNdt87GbasMMGe30z4THUSpWYYarAMaqvF9_75mjSVdVnxUOcgWEsp4WJ4S1yrATqw7vJ69L2L-PJATcrzmq9srfMDyPNhLa45YQ5-bB6jAy1WLr-YCr0kx7bZ0-xTSGrGR0A7-8qj62lwLieXw8-I%26x-client-SKU%3DID_NETSTANDARD2_0%26x-client-ver%3D5.5.0.0
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.
network error URL: https://smart-auth.gep.com/login/callback?connection=boa
Message:
Failed to load resource: the server responded with a status of 500 ()
security error URL: https://smart-auth.gep.com/login/callback?connection=boa
Message:
The Content Security Policy directive 'upgrade-insecure-requests' should be empty, but was delivered with a value of 'default-src 'self''. The directive has been applied, and the value ignored.
security warning URL: https://smart-auth.gep.com/login/callback?connection=boa
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: blob: wss: 'unsafe-eval' smart.gep.com static-nexxeuat.gep.com eu.smart.gep.com smartapac.gep.com nexxe.gep.com api-nexxe.gep.com api-smart.gep.com api-leo.gep.com api-click.gep.com d1icd6shlvmxi6.cloudfront.net js-agent.newrelic.com fonts.googleapis.com bam.nr-data.net fonts.gstatic.com static-smart.gep.com static-nexxe.gep.com cloudfront.net nexxeproddirectcdn.azureedge.net nexxecdn.gep.com static.gep.com smart-sts.gep.com smart-idp.gep.com js.pusher.com us-central1-bustling-psyche-221120.cloudfunctions.net cdn.ckeditor.com smartdevdirectstorage.blob.core.windows.net businessnetwork.gep.com businessnetwork-idp.gep.com businessnetwork-sts.gep.com Platform.gep.com Build.gep.com cdnjs.cloudflare.com static2-nexxe.gep.com api-leodsaks.gep.com us-east1-nexxe-ui-prod1.cloudfunctions.net us-east1-nexxe-ui-uat1.cloudfunctions.net us-east1-nexxe-ui-qc.cloudfunctions.net use.typekit.net fonts.googleapis.com plugin-nexxedev.gep.com plugin-nexxeqc.gep.com plugin-nexxeuat.gep.com plugin-nexxe.gep.com atlas.microsoft.com fonts.googleapis.com dc.services.visualstudio.com plugin-nexxeqc.gep.com api-click.gep.com api-clickeu.gep.com api-clickapac.gep.com static-azstorage-us.gep.com static-azstorage-eu.gep.com punchout.gep.com static-azstorage-apac.gep.com static-bofastorage.gep.com api-click.gep.com api-clickeu.gep.com api.ipify.org nexxedirectdatastore.blob.core.windows.net data.smartpendo.gep.com *.pusher.com api-leoaks.gep.com p.typekit.net content.smartpendo.gep.com sockjs-mt1.pusher.com ws-mt1.pusher.com sockjs-eu.pusher.com nexxedevdirectcdn.azureedge.net whatfix.com api-nexxeapac.gep.com api-smartapac.gep.com api-leoapac.gep.com api-leodsaksapac.gep.com api-nexxeeu.gep.com api-smarteu.gep.com api-leoeu.gep.com api-leodsakseu.gep.com nexxe.gep.com static-nexxe.gep.com static-bofastorage.gep.com cdn.whatfix.com m.media-amazon.com static.grainger.com static-doc-storage.gep.com images.staplesadvantage.com smartakseu.gep.com cdn.walkme.com ec.walkme.com s3.walkmeusercontent.com papi.walkme.com rapi.walkme.com playerserver.walkme.com gepsmartmtstorage.blob.core.windows.net nexxeprodapacdatastore.blob.core.windows.net nexxeprodeudatastore.blob.core.windows.net nexxeproddirectdatastore.blob.core.windows.net api-nexxeprodeu.gep.com smartapac.gep.com api-nexxeprodeu.gep.com api-clickuat.gep.com api-clickuateu.gep.com api-clickuatapac.gep.com; frame-src 'self' whatfix.com word-edit.officeapps.live.com cdn.walkme.com ffc-word-edit.officeapps.live.com ffc-onenote.officeapps.live.com FFC-excel.officeapps.live.com FFC-powerpoint.officeapps.live.com FFC-visio.officeapps.live.com FFC-word-view.officeapps.live.com onenote.officeapps.live.com excel.officeapps.live.com powerpoint.officeapps.live.com visio.officeapps.live.com word-view.officeapps.live.com static2.sharepointonline.com appsforoffice.microsoft.com blob: ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block