Submitted URL: https://27.90.205.89/
Effective URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Submission Tags: krdprod
Submission: On September 23 via api from JP — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 27.90.205.89, located in Ushiku, Japan and belongs to KDDI KDDI CORPORATION, JP. The main domain is master.kddi.com.
TLS certificate: Issued by p-prod-gweb-wb1-M15511788 on August 11th 2015. Valid for: a year.
This is the only time master.kddi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 10 27.90.205.89 2516 (KDDI KDDI...)
8 1
Apex Domain
Subdomains
Transfer
9 kddi.com
master.kddi.com
203 KB
8 1
Domain Requested by
9 master.kddi.com 1 redirects master.kddi.com
8 1

This site contains no links.

Subject Issuer Validity Valid
p-prod-gweb-wb1-M15511788
p-prod-gweb-wb1-M15511788
2015-08-11 -
2016-08-10
a year crt.sh

This page contains 1 frames:

Primary Page: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Frame ID: 757274E336D2361E5B4FC888CFCA97BC
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

KDDI ローカルマスターサイト Login

Page URL History Show full URLs

  1. https://27.90.205.89/ HTTP 301
    http://master.kddi.com/ HTTP 302
    https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

8
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

202 kB
Transfer

302 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://27.90.205.89/ HTTP 301
    http://master.kddi.com/ HTTP 302
    https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set /
master.kddi.com/management/login/login/
Redirect Chain
  • https://27.90.205.89/
  • http://master.kddi.com/
  • https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
7 KB
7 KB
Document
General
Full URL
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
87e6b27ace3dec49ed7e886d90a850e20f0dfbabc9a0ab5497e1ee0810b21f3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
master.kddi.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Server
nginx
Date
Thu, 23 Sep 2021 15:15:42 GMT
Content-Type
text/html; charset=utf-8
Content-Length
6832
Connection
keep-alive
Vary
Accept-Encoding,User-Agent User-Agent
Set-Cookie
_lang=de; expires=Fri, 23-Sep-2022 15:15:42 GMT; path=/ RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5; path=/; secure; HttpOnly recent_management_menus=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/management/
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
X-Permitted-Cross-Domain-Policies
master-only

Redirect headers

Server
nginx
Date
Thu, 23 Sep 2021 15:15:41 GMT
Content-Type
text/html; charset=UTF-8
Content-Length
0
Connection
keep-alive
Vary
Host User-Agent
Set-Cookie
_lang=de; expires=Fri, 23-Sep-2022 15:15:41 GMT; path=/ RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; path=/; HttpOnly
Location
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
font-awesome.min.css
master.kddi.com/css/management/font-awesome/4.2.0/css/
21 KB
6 KB
Stylesheet
General
Full URL
https://master.kddi.com/css/management/font-awesome/4.2.0/css/font-awesome.min.css
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
0fb1bbca73646e8e2b93c82e8d8b219647b13d4b440c48e338290b9a685b8de1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:12 GMT
Server
nginx
ETag
W/"56cf3178-55e0"
Vary
Accept-Encoding
Content-Type
text/css
X-Permitted-Cross-Domain-Policies
: master-only
Transfer-Encoding
chunked
Connection
keep-alive
default.css
master.kddi.com/css/management/
110 KB
26 KB
Stylesheet
General
Full URL
https://master.kddi.com/css/management/default.css
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
10bc116d86801a23be239caa6c881da0fc4963a368eb77cf02c4209378b63d9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:42 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:12 GMT
Server
nginx
ETag
W/"56cf3178-1b65d"
Vary
Accept-Encoding
Content-Type
text/css
X-Permitted-Cross-Domain-Policies
: master-only
Transfer-Encoding
chunked
Connection
keep-alive
layout.css
master.kddi.com/css/management/
359 B
536 B
Stylesheet
General
Full URL
https://master.kddi.com/css/management/layout.css
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
741cb281fc9904c3f70a53807693b5811bfcfa2b20c9b37cf3cada919315b83e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:12 GMT
Server
nginx
ETag
W/"56cf3178-167"
Vary
Accept-Encoding
Content-Type
text/css
X-Permitted-Cross-Domain-Policies
: master-only
Transfer-Encoding
chunked
Connection
keep-alive
classic.css
master.kddi.com/css/management/theme/
3 KB
2 KB
Stylesheet
General
Full URL
https://master.kddi.com/css/management/theme/classic.css
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
cfcdd118d03cad053070c2bcfd8c9b4e98186fd3f02820f698f0ba28eb93e236
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:43 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:12 GMT
Server
nginx
ETag
W/"56cf3178-d6a"
Vary
Accept-Encoding
Content-Type
text/css
X-Permitted-Cross-Domain-Policies
: master-only
Transfer-Encoding
chunked
Connection
keep-alive
default.v2.4.js
master.kddi.com/js/management/
3 KB
3 KB
Script
General
Full URL
https://master.kddi.com/js/management/default.v2.4.js
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
a06cc77bb35707bd9bcc30d52254b3c26db02563a1ca6d1f70d628415565f727
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:13 GMT
Server
nginx
ETag
"56cf3179-ba8"
Content-Type
application/javascript
X-Permitted-Cross-Domain-Policies
: master-only
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2984
jquery.min.js
master.kddi.com/js/jquery/1.11.1/
94 KB
94 KB
Script
General
Full URL
https://master.kddi.com/js/jquery/1.11.1/jquery.min.js
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
24262baafef17092927c3dafe764aaa52a2a371b83ed2249cca7e414df99fac1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://master.kddi.com/management/login/login/?err=page_auth&Retrun_URL=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:43 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:13 GMT
Server
nginx
ETag
"56cf3179-17629"
Content-Type
application/javascript
X-Permitted-Cross-Domain-Policies
: master-only
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
95785
fontawesome-webfont.woff
master.kddi.com/css/management/font-awesome/4.2.0/fonts/
64 KB
64 KB
Font
General
Full URL
https://master.kddi.com/css/management/font-awesome/4.2.0/fonts/fontawesome-webfont.woff?v=4.2.0
Requested by
Host: master.kddi.com
URL: https://master.kddi.com/css/management/font-awesome/4.2.0/css/font-awesome.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
27.90.205.89 Ushiku, Japan, ASN2516 (KDDI KDDI CORPORATION, JP),
Reverse DNS
S089205090027.userreverse.cloud-platform.kddi.ne.jp
Software
nginx /
Resource Hash
199411f659f41aaccb959bacb1b0de30e54f244352a48c6f9894e65ae0f8a9a1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://master.kddi.com
Accept-Encoding
gzip, deflate, br
Host
master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://master.kddi.com/css/management/font-awesome/4.2.0/css/font-awesome.min.css
Cookie
_lang=de; RCMSSESS=m78h4ql0jo63c6onptnfsb5hr3; RCMSSESS-SSL=hkis4gdrqgll8994sfpv4n8oq5
Connection
keep-alive
Referer
https://master.kddi.com/css/management/font-awesome/4.2.0/css/font-awesome.min.css
Origin
https://master.kddi.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.63 Safari/537.36

Response headers

Date
Thu, 23 Sep 2021 15:15:44 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 25 Feb 2016 16:53:12 GMT
Server
nginx
ETag
"56cf3178-ffac"
Content-Type
application/font-woff
X-Permitted-Cross-Domain-Policies
: master-only
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
65452

Verdicts & Comments Add Verdict or Comment

18 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster function| getCookie function| setCookie object| Cookie function| display function| openWindow function| AllChecked undefined| contents_obj function| SPAW_updateInput function| changeHankaku function| hover function| swapSibling function| DelayDoFunction undefined| $ function| jQuery function| j$ string| this_management_url

5 Cookies

Domain/Path Name / Value
27.90.205.89/ Name: _lang
Value: de
27.90.205.89/ Name: RCMSSESS-SSL
Value: 78ipuk9d222as9plf2sckr1hs0
master.kddi.com/ Name: _lang
Value: de
master.kddi.com/ Name: RCMSSESS
Value: m78h4ql0jo63c6onptnfsb5hr3
master.kddi.com/ Name: RCMSSESS-SSL
Value: hkis4gdrqgll8994sfpv4n8oq5

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block