urlscan.io logo urlscan.io
SecurityTrails logo

account.squareup.com Open in urlscan Pro
13.248.205.93  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://rfrtpc7s.r.us-west-2.awstrack.me/L0/https:%2F%2Faccount.squareup.com%2Fmanage-cards-on-file%2F6f927fbaa8e76809a22b7e335e36add8fff...
Effective URL: https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3b...
Submission: On February 26 via manual from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 1 countries across 4 domains to perform 7 HTTP transactions. The main IP is 13.248.205.93, located in United States and belongs to AMAZON-02, US. The main domain is account.squareup.com. The Cisco Umbrella rank of the primary domain is 556828.
TLS certificate: Issued by Amazon RSA 2048 M03 on December 1st 2023. Valid for: a year.
This is the only time account.squareup.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 44.239.60.43 16509 (AMAZON-02)
1 13.248.205.93 16509 (AMAZON-02)
3 13.32.151.64 16509 (AMAZON-02)
1 151.101.129.49 54113 (FASTLY)
2 151.101.1.49 54113 (FASTLY)
7 4
1    44.239.60.43 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-239-60-43.us-west-2.compute.amazonaws.com
rfrtpc7s.r.us-west-2.awstrack.me
1    13.248.205.93 (United States)

ASN16509 (AMAZON-02, US)
PTR: ad42d0847b05b89b1.awsglobalaccelerator.com
account.squareup.com
3    13.32.151.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-151-64.iad66.r.cloudfront.net
d3g64w74of3jgu.cloudfront.net
1    151.101.129.49 (United States)

ASN54113 (FASTLY, US)
square-web-production-f.squarecdn.com
2    151.101.1.49 (United States)

ASN54113 (FASTLY, US)
square-fonts-production-f.squarecdn.com
Apex Domain
Subdomains		 Transfer
3 squarecdn.com
square-web-production-f.squarecdn.com — Cisco Umbrella Rank: 53982
square-fonts-production-f.squarecdn.com — Cisco Umbrella Rank: 43233
124 KB
3 cloudfront.net
d3g64w74of3jgu.cloudfront.net
93 KB
1 squareup.com
account.squareup.com — Cisco Umbrella Rank: 556828
4 KB
1 awstrack.me
rfrtpc7s.r.us-west-2.awstrack.me — Cisco Umbrella Rank: 367020
292 B
7 4
Domain Requested by
3 d3g64w74of3jgu.cloudfront.net account.squareup.com
2 square-fonts-production-f.squarecdn.com d3g64w74of3jgu.cloudfront.net
1 square-web-production-f.squarecdn.com account.squareup.com
1 account.squareup.com
1 rfrtpc7s.r.us-west-2.awstrack.me 1 redirects
7 5

This site contains links to these domains. Also see Links.

Domain
squareup.com
Subject Issuer Validity Valid
api-global.squareup.com
Amazon RSA 2048 M03		 2023-12-01 -
2024-12-30		 a year crt.sh
*.cloudfront.net
Amazon RSA 2048 M01		 2023-10-10 -
2024-09-19		 a year crt.sh
*.squarecdn.com
R3		 2024-01-27 -
2024-04-26		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
Frame ID: 849F664B39CEEF9A8523206C9FD7F3BA
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Card on File with American R & C dba Buchanan Materials & Tri Lakes Redi Mix

Page URL History Show full URLs

  1. https://rfrtpc7s.r.us-west-2.awstrack.me/L0/https:%2F%2Faccount.squareup.com%2Fmanage-cards-on-file%2F6f927fbaa8e7680... HTTP 302
    https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f... Page URL

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

5
Subdomains

4
IPs

1
Countries

222 kB
Transfer

1201 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rfrtpc7s.r.us-west-2.awstrack.me/L0/https:%2F%2Faccount.squareup.com%2Fmanage-cards-on-file%2F6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f/1/0101018de6bb3e96-b0b5372c-7651-4515-aa0a-b5ce7b3ec859-000000/Q2dtlX78XRG0svz9ewbxkF4SgKY=363 HTTP 302
    https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
account.squareup.com/manage-cards-on-file/
Redirect Chain
  • https://rfrtpc7s.r.us-west-2.awstrack.me/L0/https:%2F%2Faccount.squareup.com%2Fmanage-cards-on-file%2F6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d16...
  • https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
8 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.205.93 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ad42d0847b05b89b1.awsglobalaccelerator.com
Software
/
Resource Hash
9bc9f31510b178e8064dd24ec0c88749f32e79dea5084ae3c7c2e549d9346018
Security Headers
Name Value
Strict-Transport-Security max-age=631152000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

cache-control
private, no-store
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Mon, 26 Feb 2024 20:59:41 GMT
etag
W/"9bc9f31510b178e8064dd24ec0c88749"
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=631152000; includeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-envoy-decorator-operation
/**
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
30e8fe2d-0a23-4e54-abcb-e870888db067
x-sq-dc
aws
x-sq-region
us-west-2
x-square
S=receipts-6d7ddd5b59-6bxkg
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
0
Date
Mon, 26 Feb 2024 20:59:40 GMT
Location
https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
card_on_file-013ec7df76e59ecd540cd7e82e8b86de53a9fa51ecbc54bccc25818227b4a17f.css
d3g64w74of3jgu.cloudfront.net/receipts/assets/ 		1 MB
91 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://d3g64w74of3jgu.cloudfront.net/receipts/assets/card_on_file-013ec7df76e59ecd540cd7e82e8b86de53a9fa51ecbc54bccc25818227b4a17f.css
Requested by
Host: account.squareup.com
URL: https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.151.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-151-64.iad66.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4f42e07f2a8352661582d6eb96affc7331b68d939b27838a420be134645db10e

Request headers

accept-language
en-US,en;q=0.9
Referer
https://account.squareup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 01:43:38 GMT
Content-Encoding
gzip
Via
1.1 2f58b5586b40002efa57d2542863b53e.cloudfront.net (CloudFront)
x-amz-version-id
JHAss7wPEIMw_6umhvo8bH_.b1LobW74
X-Amz-Cf-Pop
IAD66-C2
Age
9659764
x-amz-server-side-encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
92230
Last-Modified
Wed, 07 Jun 2023 20:22:20 GMT
Server
AmazonS3
ETag
"ca227419c6c708598cba978eb75f5d48"
Content-Type
text/css
Cache-Control
public, max-age=31557600
Accept-Ranges
bytes
X-Amz-Cf-Id
p3suc8DU8d3jC_BhDm0cfCgFOkzVx97XIJ0lQBruFhHWX13gqefZkQ==
Expires
Fri, 07 Jun 2024 02:22:19 GMT
original.jpeg
square-web-production-f.squarecdn.com/files/3a27b1c5c0d287dddfd0a9e9dfacccf7fef1c7ad/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://square-web-production-f.squarecdn.com/files/3a27b1c5c0d287dddfd0a9e9dfacccf7fef1c7ad/original.jpeg?width=128&height=128&enable=upscale&fit=crop&quality=100&format=png
Requested by
Host: account.squareup.com
URL: https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
773ed464a4609a2fcb336bda43cb29f6e8e3758ffb574a4b5e2d265530d6d9b6

Request headers

accept-language
en-US,en;q=0.9
Referer
https://account.squareup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

expires
Tue, 21 Sep 2021 19:03:35 GMT
x-amz-version-id
kEuMt4_xiyUIeJideL8rRPJ7zNuqWVfz
via
1.1 varnish, 1.1 varnish
date
Mon, 26 Feb 2024 20:59:41 GMT
fastly-io-served-by
vpop-kiad7010229
x-amz-request-id
ZH8QJNZ0CSFMV6RZ
age
0
x-cache
HIT, MISS
fastly-io-info
ifsz=183024 idim=2048x802 ifmt=jpeg ofsz=8933 odim=128x128 ofmt=png
fastly-stats
io=1
content-length
8933
x-amz-id-2
lO0hcqnwf3UEckr4RcodY1ZP1xWBm1aFhsCCwWxBVyFHBcVC+bJpn4YgCxsjyVYoB4e8ozryfNI=
x-served-by
cache-lga21978-LGA, cache-yyz4533-YYZ
server
AmazonS3
x-timer
S1708981181.335808,VS0,VE13
etag
"So/jsm2sTUaReZFTgi1iuPgSQ55TlgEG1B734pbY1UY"
content-type
image/png
cache-control
private, no-store
accept-ranges
bytes
x-cache-hits
7, 0
footer-logo-d354ee4f8b2a914ed1959eaa77323e1f444494f53a4d44f56b1abad8f028e8e8.png
d3g64w74of3jgu.cloudfront.net/receipts/assets/ 		769 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d3g64w74of3jgu.cloudfront.net/receipts/assets/footer-logo-d354ee4f8b2a914ed1959eaa77323e1f444494f53a4d44f56b1abad8f028e8e8.png
Requested by
Host: account.squareup.com
URL: https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.151.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-151-64.iad66.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
d354ee4f8b2a914ed1959eaa77323e1f444494f53a4d44f56b1abad8f028e8e8

Request headers

accept-language
en-US,en;q=0.9
Referer
https://account.squareup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Fri, 02 Feb 2024 07:34:21 GMT
x-amz-version-id
hjRojY8FoC1c_vAdaFKz._UnRRv3hrXm
Via
1.1 d4c915561282ddbdd32f1872279fb546.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
IAD66-C2
Age
2121921
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
769
Last-Modified
Wed, 07 Aug 2019 17:06:41 GMT
Server
AmazonS3
ETag
"cfe0e66cd9d93da961078cc73b08078d"
Content-Type
image/png
Cache-Control
public, max-age=31557600
Accept-Ranges
bytes
X-Amz-Cf-Id
vmQzMBu22B5aM9uJw-GQC7UYSarjTeBXZmI-PvIB2JxSo1hELNSpdg==
Expires
Thu, 06 Aug 2020 23:06:40 GMT
card_on_file_modal-82341dabe8092e3c6508423253b158cf497da1dac2193041e6ef6f8c9d8fb101.js
d3g64w74of3jgu.cloudfront.net/receipts/assets/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d3g64w74of3jgu.cloudfront.net/receipts/assets/card_on_file_modal-82341dabe8092e3c6508423253b158cf497da1dac2193041e6ef6f8c9d8fb101.js
Requested by
Host: account.squareup.com
URL: https://account.squareup.com/manage-cards-on-file/6f927fbaa8e76809a22b7e335e36add8ffff7bdce4560966ab1069f9eddb218da6cc0031f3bf0b16a023d914d6c1d1640ae5c0cbe85a40dabfbdc157c3d29b7f
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.32.151.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-151-64.iad66.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
82341dabe8092e3c6508423253b158cf497da1dac2193041e6ef6f8c9d8fb101

Request headers

accept-language
en-US,en;q=0.9
Referer
https://account.squareup.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

Date
Tue, 11 Apr 2023 01:50:43 GMT
Content-Encoding
gzip
Via
1.1 a3cc6ada872dd8799739f0e62dddda7c.cloudfront.net (CloudFront)
x-amz-version-id
SUIP_GASdyg69uTSSYIIQWr7tCU1yTZn
X-Amz-Cf-Pop
IAD66-C2
Age
27803339
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
566
Last-Modified
Wed, 07 Aug 2019 17:05:27 GMT
Server
AmazonS3
ETag
"716dfbade49000e738385f559cdd7ef9"
Content-Type
application/ecmascript
Cache-Control
public, max-age=31557600
Accept-Ranges
bytes
X-Amz-Cf-Id
s0OBGf6iPt4nXNG4zWp7Rrpo5ZLWsLlHCmQJH0lHFCHgzvcdaWCW1g==
Expires
Thu, 06 Aug 2020 23:05:26 GMT
SquareSansDisplay-VF.woff2
square-fonts-production-f.squarecdn.com/square-display/ 		79 KB
80 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://square-fonts-production-f.squarecdn.com/square-display/SquareSansDisplay-VF.woff2
Requested by
Host: d3g64w74of3jgu.cloudfront.net
URL: https://d3g64w74of3jgu.cloudfront.net/receipts/assets/card_on_file-013ec7df76e59ecd540cd7e82e8b86de53a9fa51ecbc54bccc25818227b4a17f.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
cba70d41db343add3f16ae30f5e7f32831fd1e23b00157b7d7bf323708340b30

Request headers

Referer
https://d3g64w74of3jgu.cloudfront.net/
Origin
https://account.squareup.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
HWUtrCUfQVdvC_cmnCa3Kn2TBhowxKy3
date
Mon, 26 Feb 2024 20:59:41 GMT
via
1.1 varnish
x-amz-request-id
DRCS4N4MFZ9VZQQM
age
302606
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
81220
x-amz-id-2
zOYLItxot+9kWBb+PaYDu0u8b+w8wOaxrRzCl3IU1Vs0241IJULLLTsdoCN/V1bf25w7Qfk6VaM=
x-served-by
cache-yyz4575-YYZ
last-modified
Tue, 17 Oct 2023 21:24:04 GMT
server
AmazonS3
x-timer
S1708981182.519366,VS0,VE0
etag
"0407f3d7df11716cb2ecfa0f87e58f99"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public, stale-while-revalidate
accept-ranges
bytes
x-cache-hits
405
SquareSansText-Upright-VF.woff2
square-fonts-production-f.squarecdn.com/square-text/ 		35 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://square-fonts-production-f.squarecdn.com/square-text/SquareSansText-Upright-VF.woff2
Requested by
Host: d3g64w74of3jgu.cloudfront.net
URL: https://d3g64w74of3jgu.cloudfront.net/receipts/assets/card_on_file-013ec7df76e59ecd540cd7e82e8b86de53a9fa51ecbc54bccc25818227b4a17f.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.49 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
5575694036a2d342f18ca455251396c6dc98214f30641c3c7539d5568aefd6e9

Request headers

Referer
https://d3g64w74of3jgu.cloudfront.net/
Origin
https://account.squareup.com
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.69 Safari/537.36

Response headers

x-amz-version-id
ICZeLost4b0qlpgRJS56Dfpy3XubwVe2
date
Mon, 26 Feb 2024 20:59:41 GMT
via
1.1 varnish
x-amz-request-id
NN6HK2MN6SKGNAV3
age
379703
x-amz-server-side-encryption
AES256
x-cache
HIT
content-length
35844
x-amz-id-2
JduSmMMUF1QicDWs5JN3Ub/ICCEuXdGXuQacZ/3IfYeT8Dc3U2PSgFzj9E25JgVq8tsU5xxVar0=
x-served-by
cache-yyz4575-YYZ
last-modified
Tue, 17 Oct 2023 21:24:04 GMT
server
AmazonS3
x-timer
S1708981182.519352,VS0,VE0
etag
"b4a5ad35b82b05e604dd82769f724078"
content-type
font/woff2
access-control-allow-origin
*
cache-control
max-age=31536000, public, stale-while-revalidate
accept-ranges
bytes
x-cache-hits
109

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| CardOnFileModal object| cardOnFileModal function| updateOverlayText function| setupClickHandler

1 Cookies

Domain/Path Name / Value
account.squareup.com/ Name: _receipts
Value: UFFuSW50MmgyWmlRcnBVQWJSQWlJQWZMYndORGpiakx1b0RIZHVUdzBBdkh0Zk90MHM0Z2dic2MySVdzRXI3MjdJU1cyeUpVcW5EQ3dsRnRRdFpYaVpncnU0ZWFNQ3ZoekFXRXYzNmNnaHp5T1hsTmp5d01qRUlmUlo4OWllUGc1VHo3WTNoQUhhaFliZTEyTW9JaGVnPT0tLS80L1EzWTM2Sm9XdzF4S3JNTmJqN3c9PQ%3D%3D--b66314dededaa6e710278806536228d32f012065

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=631152000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block