ID scansione:
953c1def-f6e0-4f14-a48a-2ea911d1cb19Fatto
URL inviato:
https://a856-exams.nyc.gov/OASysWeb/exams
Report terminato:
Pubblico

Cookie · 4 trovati

Copia link

I cookie sono piccoli file di testo memorizzati sul dispositivo di un utente, spesso utilizzati per ricordare le preferenze dell'utente e consentire esperienze personalizzate

NomeValoreDominioPercorsoScade (UTC)SicuroSolo HTTP
_gcl_au1.1.1930602742.1746470925.nyc.gov/NoNo
_gaGA1.1.1371527229.1746470925.nyc.gov/NoNo
_ga_KDZP9PQP8PGS1.1.1746470925.1.1.1746470925.0.0.0.nyc.gov/NoNo
_ga_JEWX4LES8GGS2.1.s1746470925$o1$g0$t1746470925$j0$l0$h0.nyc.gov/NoNo

Variabili JavaScript · 243 trovate

Copia link

Le variabili JavaScript globali caricate sull'oggetto finestra di una pagina sono variabili dichiarate all'esterno delle funzioni e accessibili da qualsiasi punto del codice nell'ambito corrente

NomeTipo
0object
1object
2object
3object
onbeforetoggleobject
documentPictureInPictureobject
onpageswapobject
onpagerevealobject
onscrollendobject
gtagfunction

Messaggi di log della console · 13 trovati

Copia link

Messaggi registrati nella console Web

LivelloOrigineMessaggio
errorsecurity
URL
https://www.googletagmanager.com/gtm.js?id=GTM-T9JWWJBX
Testo
Refused to load the script 'https://connect.facebook.net/en_US/fbevents.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
errorsecurity
URL
https://a856-exams.nyc.gov/OASysWeb/polyfills.59f6d031a2018c9c9223.js
Testo
Refused to connect to 'https://ad.doubleclick.net/activity;src=13992923;type=landi0;cat=retar0;ord=3642808423525;npa=0;auiddc=1930602742.1746470925;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KlA;gtm=45fe5510h1v9188121765z89209763928za200zb9209763928;gcd=13l3l3l3l1l1;dma=0;dc_fmt=3;tag_exp=101509157~102015666~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646;ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646;epver=2;dc_random=1746470924850;~oref=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams?' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://a856-exams.nyc.gov/OASysWeb/polyfills.59f6d031a2018c9c9223.js
Testo
Refused to connect to 'https://ad.doubleclick.net/activity;src=13992923;type=landi0;cat=retar0;ord=3642808423525;npa=0;auiddc=1930602742.1746470925;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KlA;gtm=45fe5510h1v9188121765z89209763928za200zb9209763928;gcd=13l3l3l3l1l1;dma=0;dc_fmt=3;tag_exp=101509157~102015666~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646;ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646;epver=2;dc_random=1746470924850;~oref=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams?' because it violates the document's Content Security Policy.
errorsecurity
URL
https://a856-exams.nyc.gov/OASysWeb/exams
Testo
Refused to load the image 'https://ad.doubleclick.net/activity;src=13992923;type=landi0;cat=retar0;ord=3642808423525;npa=0;auiddc=1930602742.1746470925;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KlA;gtm=45fe5510h1v9188121765z89209763928za200zb9209763928;gcd=13l3l3l3l1l1;dma=0;dc_fmt=11;tag_exp=101509157~102015666~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646;ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646;epver=2;dc_random=1746470924850;~oref=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams?' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://www.googletagmanager.com/gtag/js?id=AW-11426691503&l=dataLayer&cx=c&gtm=45He5510h1v9209763928za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646
Testo
Refused to load the script 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11426691503/?random=1746470924964&cv=11&fst=1746470924964&bg=ffffff&guid=ON&async=1&gtm=45be5510h1z89209763928za200zb9209763928&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646&ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646&u_w=1&u_h=1&url=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams&hn=www.googleadservices.com&frm=0&tiba=OAsys%20-%20OAsys&npa=0&pscdl=noapi&auid=1930602742.1746470925&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dgtag.config&rfmt=3&fmt=4' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
errorsecurity
URL
https://www.googletagmanager.com/gtag/js?id=AW-11426691503&l=dataLayer&cx=c&gtm=45He5510h1v9209763928za200&tag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646
Testo
Refused to load the script 'https://googleads.g.doubleclick.net/pagead/viewthroughconversion/11426691503/?random=1746470925040&cv=11&fst=1746470925040&bg=ffffff&guid=ON&async=1&gtm=45be5510h1z89209763928za200zb9209763928&gcd=13l3l3l3l1l1&dma=0&tag_exp=101509157~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646&ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646&u_w=1&u_h=1&url=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams&hn=www.googleadservices.com&frm=0&tiba=OAsys%20-%20OAsys&npa=0&pscdl=noapi&auid=1930602742.1746470925&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&_tu=Cg&rfmt=3&fmt=4' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
errorsecurity
URL
https://www.googletagmanager.com/
Testo
Refused to frame 'https://13992923.fls.doubleclick.net/' because it violates the following Content Security Policy directive: "default-src 'self' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://www.googletagmanager.com/gtm.js?id=GTM-T9JWWJBX
Testo
Refused to load the script 'https://connect.facebook.net/en_US/fbevents.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
errorsecurity
URL
https://a856-exams.nyc.gov/OASysWeb/polyfills.59f6d031a2018c9c9223.js
Testo
Refused to connect to 'https://ad.doubleclick.net/activity;src=13992923;type=landi0;cat=retar0;ord=2462985981204;npa=0;auiddc=1930602742.1746470925;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KlA;gtm=45fe5510h1v9188121765z89209763928za200zb9209763928;gcd=13l3l3l3l1l1;dma=0;dc_fmt=3;tag_exp=101509157~102015666~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646;ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646;epver=2;dc_random=1746470925328;~oref=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams?' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
errorsecurity
URL
https://a856-exams.nyc.gov/OASysWeb/polyfills.59f6d031a2018c9c9223.js
Testo
Refused to connect to 'https://ad.doubleclick.net/activity;src=13992923;type=landi0;cat=retar0;ord=2462985981204;npa=0;auiddc=1930602742.1746470925;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;_tu=KlA;gtm=45fe5510h1v9188121765z89209763928za200zb9209763928;gcd=13l3l3l3l1l1;dma=0;dc_fmt=3;tag_exp=101509157~102015666~103101747~103101749~103116026~103200004~103233427~103251618~103251620~103252644~103252646;ptag_exp=101509156~103101750~103101752~103116026~103200004~103233424~103251618~103251620~103252644~103252646;epver=2;dc_random=1746470925328;~oref=https%3A%2F%2Fa856-exams.nyc.gov%2FOASysWeb%2Fexams?' because it violates the document's Content Security Policy.

Intestazioni di sicurezza · 5 trovate

Copia link

Intestazioni di risposta HTTP che possono rafforzare la sicurezza di un'applicazione Web

Ulteriori informazioni...
NomeValoreSupportoInfo
Strict-Transport-Securitymax-age=5184000; includeSubDomains; preloadBuonoDichiara che un sito Web è accessibile solo tramite una connessione sicura (HTTPS).

Fai clic per saperne di più...
X-Frame-OptionsBuonoIndica se a un browser deve essere consentito di eseguire il rendering di una pagina in un <frame>, <iframe>, <embed> o <object>.

Fai clic per saperne di più...
X-Content-Type-OptionsnosniffBuonoIndica che i tipi MIME pubblicizzati nelle intestazioni Content-Type devono essere seguiti e non modificati.

Fai clic per saperne di più...
Content-Security-Policydefault-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*; object-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*; script-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*; style-src 'self' 'unsafe-eval' 'unsafe-inline' data: *.gstatic.com:* *.google.com:* *.googleapis.com:* https://a856-exams.nyc.gov:* https://www.googletagmanager.com:* http://www.nyc.gov:* https://www.google-analytics.com:* https://msswva-dcsidvp.csc.nycnet:*; BuonoControlla le risorse che l'agente utente può caricare per una determinata pagina.

Fai clic per saperne di più...
Referrer-Policystrict-origin-when-cross-originBuonoControlla la quantità di informazioni sul referrer che devono essere incluse nelle richieste.

Fai clic per saperne di più...
Clear-Site-DataBuonoControlla i dati memorizzati da un browser client per le loro origini.

Fai clic per saperne di più...
X-Permitted-Cross-Domain-PoliciesBuonoControlla se un client Web come Adobe Flash Player o Adobe Acrobat dispone dell'autorizzazione per gestire i dati tra domini.

Fai clic per saperne di più...
Permissions-PolicyNuovoConsenti e nega l'uso delle funzionalità del browser in un documento o iframe.

Fai clic per saperne di più...
Cross-Origin-Embedder-PolicyNuovoConfigura l'incorporamento di risorse multiorigine nel documento.

Fai clic per saperne di più...
Cross-Origin-Opener-PolicyNuovoAssicurati che un documento di livello superiore non condivida un gruppo di contesti di navigazione con documenti di più origini.

Fai clic per saperne di più...
Cross-Origin-Resource-PolicyNuovoRichiedere che il browser blocchi le richieste multiorigine/tra siti no-cor alla risorsa specificata.

Fai clic per saperne di più...
X-XSS-Protection1; mode=blockObsoletoObsoleto. Impedisce il caricamento delle pagine quando rilevano attacchi XSS (cross-site scripting) riflessi.

Fai clic per saperne di più...
Feature-PolicyObsoletoObsoleto. Sostituito dall'intestazione Permissions-Policy.

Fai clic per saperne di più...
Expect-CTObsoletoObsoleto. Accetta la segnalazione e/o l'applicazione dei requisiti di trasparenza dei certificati.

Fai clic per saperne di più...
Public-Key-PinsObsoletoObsoleto. Consente ai siti Web HTTPS di resistere alla rappresentazione da parte di autori di attacchi che utilizzano certificati emessi erroneamente o altrimenti fraudolenti.

Fai clic per saperne di più...

Tempi di navigazione delle prestazioni

Copia link

L'interfaccia PerformanceNavigationTiming fornisce parametri relativi agli eventi di navigazione dei documenti del browser

Ulteriori informazioni...

Evento di scaricamento del processo

EventoTempo (ms)
unloadEventStart0
unloadEventEnd0

Reindirizza

EventoTempo (ms)
redirectStart0
redirectEnd0

Init. Service Worker

EventoTempo (ms)
workerStart0

Evento di recupero dei Service Worker

EventoTempo (ms)
fetchStart1

DNS

EventoTempo (ms)
domainLookupStart1
domainLookupEnd1

TCP

EventoTempo (ms)
connectStart48
secureConnectionStart60
connectEnd1103

Richiesta

EventoTempo (ms)
requestStart1104

Risposta

EventoTempo (ms)
responseStart1610
responseEnd1626

Elaborazione in corso

EventoTempo (ms)
domInteractive2686
domContentLoadedEventStart2906
domContentLoadedEventEnd2908
domComplete4703

Carica

EventoTempo (ms)
loadEventStart4704
loadEventEnd4706