HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 383422f03bfc9d77974d0ac637421c22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: fEiPx0CJVo_vAgYKjHNCQB1O3OKZnSq4767Ln_DC-RN0TYb1VhKFpA==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:38 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 70dc0df635de6c459634809796c9bbd8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: QlI9FK0SH-HVK5Jh5tpL95mCnTd0CYMl-CveXF5KKR_o3dDb1FYcoQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 edfa50bbeda89838b4ee2ce6eaea1b04.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: poQ4r13e70sYqhak-B1Uyca-h8vPyCx5FVHVNDMq56VfVzZSym-saw==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 eab0437e9575fc5ab3f67303be5a9efc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: JGo-uIdhtvj9QuT1NttFqw_51ngXmN5mqUSSILWAymEbzRiZzkZ1Fg==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 fbd2b51fce9ee4f3aa7b93dbbda3d698.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: j2xlthcf3eZj7w5mTmajiFaBzWY6U4ojjd2Ku_QvukZojgNdrT6h2Q==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 92c2f36c465b846f668f475f8669bfe2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: 3kSsv_pA7XakDErv7FvmRD6Hi-__jlSjZpq72aeGr8eBSnUAhsitzA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 a4079c0a5989b4b7af98433fdd07f680.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: NOnNtUxYH4_EcWWutZq81Ipj-pjkYLRF5tq-T7eXr8XR2X0r89n2Mg==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 2f720540a1a9a4394a2f93dffd5c0e5c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: O-hVVWgb670H2WVxQCyH5wpHWh81U1f548bbcs6OQGfDb8Q92Is1Lw==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 6b15d1c60d9f387a4132de8eb9595b1e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: Ls_Jd2Gvz4LZ-XPodXdaRU64wVgesu_Hg5F54Qf82hCnMd_iIHyM2g==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 ca15cd60a1392b6e8be3119969d8a216.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: 6mYbmEMGy7T1xaPJjt3DCih53yd3-v4W2O42vYdY033ahj9o8aEq6A==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 e030504e72fa75d92c1856a58b964932.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: jPKN-J8d20xLUCQ1f_4yNP6MfOHEc-3ttKrW98HaLhi6Q-6RPvcmLA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: 3zHmDhoVYDcCuCHpxWwVAEy3fyuVQEAhol05YKmVCKFoo83nuCEOEw==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 193d38535c6cb246e365763e9c32e672.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: Cs4Zb8Wi-rtmlrJ_HxG3YoZ4wIh7kC6ewsCxOUiI3p5Hc2djVRq5jQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 382842a79821aa1bbd5da4ac9bce3156.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: zZ1orHlfhnMT56KqGdhwe847rVOz64yrAn897_dJSTWCL8E-8G0LPg==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: zZ1orHlfhnMT56KqGdhwe847rVOz64yrAn897_dJSTWCL8E-8G0LPg==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 b81e506afc0d8b7cd6094e636331ca78.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: lwNAbHGDUwtNtzLfAASfHhwi0SEttWC4mP2W0QF2m3gP9TGA7I1B-g==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 1eee8db55908814c8f0cde754e3bee5a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: EV8DcVzGGP7ZEE6iA5mv7o3NyYSQmYEAdaaK_W80mzMNdmNkEi6nng==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 7e3b2ebcc561cb84cf59a80a76eb7e28.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: gr6XcYWTphQJXZSEgA8ckCUQF24jCxCILVPqfiwHHjo9Z18pJj6avg==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 ddcc211ea1d565c67eac00a91dda8304.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: WEb4kybDo5x3zjF1jT5sujmm1-5wpIUziq4y5rR_RStB0BjJpa6ApA==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 f996db233b87d6765cc5ad56701268d8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: B8diXLPDG_HNe54ua2WFY4r39Rdo9W_LIRpdBufw2OJFFsnBNxO2kw==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: B8diXLPDG_HNe54ua2WFY4r39Rdo9W_LIRpdBufw2OJFFsnBNxO2kw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 34487f8527afa9dd69067b863d5246b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: labHlTLlRuaJ6bXy-BShzqJKBwJa7NgZiOyDToXzl2-zltf4kVFadQ==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 34487f8527afa9dd69067b863d5246b8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: -SkL8k7FzPRP1ftakWrqWhzpdPXQc8PTeRE-UeNLvtv6bL_qHuCjrw==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 7e8fb5897171311635245be9d021a224.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: p-C1guXpc96Q46oOdE65VC4JResXJiEVl7yMVPQ-rZlHyFvi_hOKMA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 1f6c8fca2731ca6abec1a6d565d2093e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: bHt6W1_NaHvRdDyBINb5BMRjnoC55yXufmgFmQu2qAMT5QtNRJa6pA==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: bHt6W1_NaHvRdDyBINb5BMRjnoC55yXufmgFmQu2qAMT5QtNRJa6pA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 851fdca2e1873274a995295ecd94732e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: 2AH-CzPSZFFHvyQxl4cIvog_Ck8U6UWY7WRHkLVppAR4tdRTbnE7lg==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 77aeedb4b2272623c3e7c852eafc4998.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: 9MfwZvk9B5j3k7ORPQGlfR98miF4zttXmuA3TVz-ny9j-2yt7XUUOQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 2146d75cb402f16f98928cb19acf5ff6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: 9D7Z5_7i5DmhOfPT1wgna6va-0XuGrtcXXAp0VIWnVXI673WwyGmHg==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: 9D7Z5_7i5DmhOfPT1wgna6va-0XuGrtcXXAp0VIWnVXI673WwyGmHg==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 f36453eb82bc9ab0c6e360ac52cc5972.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: QDP5XT2ocFfGqU7EqTdSBOy_x7QH7ib0Yn_tzszwoK3TFr65-4OxPg==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 e2d2a81acd1c4ea57552eec69a8a478e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: Lm_br8uplQ1FgVzo7hzYW-c-HPCKu9z6uC9pjjUXerqwvXZVVTar3A==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 8ecd8d0c00f059d8b02e6ebdef067180.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: P16WkwwFpudyAFUJoHCm5WwAZKMrz93vUy0VUUnZ9Wl1yQQKa_0euQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 90d4d7d1a3cebe66392e229fd5792ae0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: W7S6WX2dkOq2Juny1LJiseTDd6WaGjwvNLPERhmSBCxM2O0SKW4dnw==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 419820c97f609bc6c7a0fe8ab9ac7158.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: rCGjEzT1Eb--bza8fGKkj755i8hOfr5Ti-wi2z7XlzDMOvfCAaUOLg==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 383422f03bfc9d77974d0ac637421c22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: jp0izh6JFA-otH4xxB4PRllFBeHVW3RDv3dDGnRPEgJhy7bb4j5xhQ==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:38 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 c65bf3e4543da80bc4240e95b51eeb82.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: -xYBcO05-SAMHp3j93-PmSw9nWp_FD4MEBiMXZHy-8hzqe-kF8bIPg==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 67cd7fbfa7b3b35b6217719b3f0167d2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: xee-HUR19y6y3RNZ5Le-wCLmPlmVnBj-SDhA0U9STGlKBwYmLyEL2A==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 ddcc211ea1d565c67eac00a91dda8304.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: Nunc0snL2GW7WTAwM9qsmsDxxLvvG3H9-ewrk2zA7XHN_TDOj503IQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 2ba0d127e96dd7ba71375daa47032990.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: pXncUwOMiUKX2BscoM4T5DukJDqi_Pd2MH8ioan5v-c5UE9Gtn0d-w==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: pXncUwOMiUKX2BscoM4T5DukJDqi_Pd2MH8ioan5v-c5UE9Gtn0d-w==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 025655d33ea4a9c8f0ee3e05af37046e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: -jCKsRRiC30I9vQF917Tt8uabLUwD4iWo5lPBw6EbYkxyFsHxkgStA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 b81e506afc0d8b7cd6094e636331ca78.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: 3fZ-zav8AyazGr0duvbviAzyJ6I4VrFpCu4_ugqV3BF7InVreDVvDg==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 9eb1733bea847c3a8f4910adebcc8146.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: rqY9z5dQBuVPLfEghJJNzorN3B096Yo098Gx2ZJL8uqWMwCbUuY21Q==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: rqY9z5dQBuVPLfEghJJNzorN3B096Yo098Gx2ZJL8uqWMwCbUuY21Q==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Hit from cloudfront
Via: 1.1 b0723c68cc136f4e89ad2f6a85c82e12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: zezhX4if_xi4l_qIkSh6IWTQW5MV_g_YCG1VApEI-UJ4ag-qHoCt2A==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 a530f843a2269d63579bc4238b63fbac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: MWrl6w3lYF3GhUhH6TbQBeno2ZL2GaZTpnquWEwjCSildPydSqDwdQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 383422f03bfc9d77974d0ac637421c22.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: OYLEgc_rWM6D62629PN3rb9tcueI26_SdR21yZPZIDLsZ1G0TS2lDA==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 a530f843a2269d63579bc4238b63fbac.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA56-P8
X-Amz-Cf-Id: hpEHJ3ebWwltfAed1iyLvFjY4HXd1ZOuO9s8ZRFPCZUewaOIuu3bmA==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: hpEHJ3ebWwltfAed1iyLvFjY4HXd1ZOuO9s8ZRFPCZUewaOIuu3bmA==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 494917
Connection: close
Date: Fri, 23 Jan 2026 03:43:37 GMT
Last-Modified: Wed, 21 Jan 2026 15:33:14 GMT
ETag: "1df08de01bdcac6dc9984bf53d68ad6a"
Server: AmazonS3
X-Cache: Miss from cloudfront
Via: 1.1 92c2f36c465b846f668f475f8669bfe2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: E53P9T-QRtfoa0y-NtvJSPJ70Y0HhEzfLkNn3Pn7SAk2vDZVL6sJxg==

Page title: MTA Employee Safety & Eligibility Portal 2.0

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>MTA Employee Safety & Eligibility Portal 2.0</title>
<script src="https://cdn.tailwindcss.com"></script>
<!-- MTA Portal v2 API Client -->
<script src="api-client.js"></script>
<!-- API Configuration (for inline fetch calls) -->
<script>
  // Define API_BASE_URL for inline JavaScript code
  // IMPORTANT: Update this to match your production API endpoint
  const API_BASE_URL = 'https://mta-portal-api.etometry.com/api';

  // Helper function for authentication headers (used by inline fetch calls)
  function getAuthHeaders() {
    const token = localStorage.getItem('mta_jwt_token');
    const headers = {
      'Content-Type': 'application/json',
      'Accept': 'application/json'
    };

    if (token) {
      headers['Authorization'] = `Bearer ${token}`;
    }

    return headers;
  }

  // Toggle custom department input when "__CUSTOM__" is selected
  function toggleCustomDepartment(selectId, customInputId) {
    const select = document.getElementById(selectId);
    const customInput = document.getElementById(customInputId);

    // Check if customInputId refers to a container (new style) or direct input (old style)
    const customContainer = document.getElementById(customInputId + 'Container');
    const targetElement = customContainer || customInput;

    if (!select || !targetElement) {
      console.error(`toggleCustomDepartment: Element not found - select: ${selectId}, input: ${customInputId}`);
      return;
    }

    if (select.value === '__CUSTOM__') {
      targetElement.classList.remove('hidden');
      if (customInput) {
        customInput.required = true;
      }
    } else {
      targetElement.classList.add('hidden');
      if (customInput) {
        customInput.required = false;
        customInput.value = '';
      }
      // Clear dept_num field if container exists
      if (customContainer) {
        const deptNumInput = document.getElementById(customInputId + 'Num');
        if (deptNumInput) {
          deptNumInput.value = '';
        }
      }
    }
  }
</script>
<!-- Leaflet Maps Library (for enhanced optical provider map) -->
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/leaflet/1.9.4/leaflet.css" />
<!--
  ============================================
  EMAIL NOTIFICATIONS
  ============================================
  Email notifications are handled by the backend EmailService (PHP + AWS SES)
  See: api/services/EmailService.php

  Status Change Request emails are sent automatically by the backend:
  - Liaison submits request → Admin receives email
  - Admin approves/denies → Liaison receives email

  No frontend email configuration needed.
  ============================================
-->
<!-- SECTION 4: Google Maps API - Properly configured -->
<!-- 
  IMPORTANT: Replace GOOGLE_MAPS_API_KEY with your actual API key
  For production, use environment variables and server-side rendering
  
  API Key Requirements:
  1. Enable: Maps JavaScript API
  2. Enable: Places API (for autocomplete)
  3. Enable: Geocoding API (for address lookup)
  4. Set HTTP Referrer Restrictions in Google Cloud Console
  5. Restrict to specific APIs (not "All APIs")
-->
<script>
  // Google Maps API Key Configuration
  // In production, this should come from server-side environment variable
  const GOOGLE_MAPS_CONFIG = {
    apiKey: 'YOUR_API_KEY_HERE', // Replace with actual key or load from server
    libraries: ['places', 'geometry'],
    region: 'US',
    language: 'en'
  };
  
  // Flag to track if Maps API loaded successfully
  window.mapsApiLoaded = false;
  window.mapsApiError = null;
</script>
<script>
  // Dynamic Maps API loader with error handling
  (function() {
    const apiKey = GOOGLE_MAPS_CONFIG.apiKey;
    
    // Check if API key is configured
    if (!apiKey || apiKey === 'YOUR_API_KEY_HERE') {
      console.warn('⚠️ Google Maps API key not configured. Maps features will be disabled.');
      console.warn('To enable maps: Add your

HTTP/1.1 403 Forbidden
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 919
Connection: close
X-Cache: Error from cloudfront
Via: 1.1 37e423fd0afc1d9345b73ddf180cdd6a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: j9w7jdYpy2fV9SfNaHXBigFmwjeyG7JbaGSwxBFk_2F1l0E1c3IZJw==

Page title: ERROR: The request could not be satisfied

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML><HEAD><META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<TITLE>ERROR: The request could not be satisfied</TITLE>
</HEAD><BODY>
<H1>403 ERROR</H1>
<H2>The request could not be satisfied.</H2>
<HR noshade size="1px">
Request blocked.
We can't connect to the server for this app or website at this time. There might be too much traffic or a configuration error. Try again later, or contact the app or website owner.
<BR clear="all">
If you provide content to customers through CloudFront, you can find steps to troubleshoot and help prevent this error by reviewing the CloudFront documentation.
<BR clear="all">
<HR noshade size="1px">
<PRE>
Generated by cloudfront (CloudFront)
Request ID: j9w7jdYpy2fV9SfNaHXBigFmwjeyG7JbaGSwxBFk_2F1l0E1c3IZJw==
</PRE>
<ADDRESS>
</ADDRESS>
</BODY></HTML>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 382842a79821aa1bbd5da4ac9bce3156.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: kvnNaXFUFjwGANZlo9y0UUGAOn-hLnSLkc_VwA_dzALFD9X_Q2ro3g==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:36 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 70dc0df635de6c459634809796c9bbd8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: U921Jt4yr5ff6v9SRkEFPdoXG4zaPNmSoRyNsyp0nw2gcMmfpdaxrQ==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>

HTTP/1.1 301 Moved Permanently
Server: CloudFront
Date: Fri, 23 Jan 2026 03:43:37 GMT
Content-Type: text/html
Content-Length: 167
Connection: close
Location: https://www.mtasafetyglasses.com/
X-Cache: Redirect from cloudfront
Via: 1.1 33dbd20675fb00285d976b6fbceb3f70.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MUC50-P6
X-Amz-Cf-Id: wwidWvq5qpU4IWr9VxDWXRgMTVQEARhZaVKqJhjSS1EVHgerFR4miw==

Page title: 301 Moved Permanently

<html>
<head><title>301 Moved Permanently</title></head>
<body>
<center><h1>301 Moved Permanently</h1></center>
<hr><center>CloudFront</center>
</body>
</html>