urlscan.io logo urlscan.io
SecurityTrails logo

gshub.biz Open in urlscan Pro
88.198.23.190  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://coin-baseairdrop.com/
Effective URL: https://gshub.biz/cityweatherforecasthublp2/
Submission: On March 07 via api from FI — Scanned from FI
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 5 HTTP transactions. The main IP is 88.198.23.190, located in Germany and belongs to HETZNER-AS, DE. The main domain is gshub.biz.
TLS certificate: Issued by R3 on January 13th 2024. Valid for: 3 months.
This is the only time gshub.biz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 170.39.226.155 57695 (MISAKA Mi...)
2 50.16.114.133 14618 (AMAZON-AES)
2 3 18.202.12.61 16509 (AMAZON-02)
2 88.198.23.190 24940 (HETZNER-AS)
5 4
Apex Domain
Subdomains		 Transfer
3 go2cloud.org
wmadv.go2cloud.org — Cisco Umbrella Rank: 805527
3 KB
2 gshub.biz
gshub.biz
378 KB
2 wulfw-ydi.com
wulfw-ydi.com
3 KB
1 coin-baseairdrop.com
coin-baseairdrop.com
299 B
5 4
Domain Requested by
3 wmadv.go2cloud.org 2 redirects wulfw-ydi.com
2 gshub.biz gshub.biz
2 wulfw-ydi.com wulfw-ydi.com
1 coin-baseairdrop.com 1 redirects
5 4

This site contains links to these domains. Also see Links.

Domain
chromewebstore.google.com
weather-globe.com
Subject Issuer Validity Valid
wulfw-ydi.com
Amazon RSA 2048 M03		 2024-01-25 -
2025-02-22		 a year crt.sh
*.go2cloud.org
Amazon RSA 2048 M02		 2024-01-22 -
2025-02-19		 a year crt.sh
gshub.biz
R3		 2024-01-13 -
2024-04-12		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://gshub.biz/cityweatherforecasthublp2/
Frame ID: 367965952E558B2ED94C2BC2C9F13110
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

City Weather Forecast Hub

Page URL History Show full URLs

  1. http://coin-baseairdrop.com/ HTTP 301
    https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0ae... Page URL
  2. https://wulfw-ydi.com/zclkredirect?visitid=04037a53-dca7-11ee-bd6f-0affff7c4481&type=js&browserWid... Page URL
  3. https://wmadv.go2cloud.org/aff_c?offer_id=14953076&aff_id=8719&url_id=9589&aff_sub=zr04037a53dca711eebd... HTTP 302
    https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweathe... Page URL
  4. https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&redirect_pass=1&url=https%3A%2F%2Fgshub.... HTTP 302
    https://gshub.biz/cityweatherforecasthublp2/ Page URL

Page Statistics

5
Requests

100 %
HTTPS

0 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

382 kB
Transfer

588 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://coin-baseairdrop.com/ HTTP 301
    https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7 Page URL
  2. https://wulfw-ydi.com/zclkredirect?visitid=04037a53-dca7-11ee-bd6f-0affff7c4481&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true Page URL
  3. https://wmadv.go2cloud.org/aff_c?offer_id=14953076&aff_id=8719&url_id=9589&aff_sub=zr04037a53dca711eebd6f0affff7c44813921c536d86c404cbf603b2c48e8d03f0804894220ebaf2ea5&source=greige-ostrich_golf-lux-v2wo73ynz2 HTTP 302
    https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732 Page URL
  4. https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&redirect_pass=1&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732 HTTP 302
    https://gshub.biz/cityweatherforecasthublp2/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://coin-baseairdrop.com/ HTTP 301
  • https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7
Request Chain 2
  • https://wmadv.go2cloud.org/aff_c?offer_id=14953076&aff_id=8719&url_id=9589&aff_sub=zr04037a53dca711eebd6f0affff7c44813921c536d86c404cbf603b2c48e8d03f0804894220ebaf2ea5&source=greige-ostrich_golf-lux-v2wo73ynz2 HTTP 302
  • https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732

5 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
d11f3a10-2cff-11ec-b832-0aea8b85a94f
wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/
Redirect Chain
  • http://coin-baseairdrop.com/
  • https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7
2 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.114.133 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-114-133.compute-1.amazonaws.com
Software
QecRTHBD /
Resource Hash
e8c006862c25495c0526891c002764c80dc8b11d649e33daa86d02fad9481a6d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Thu, 07 Mar 2024 17:20:38 GMT
server
QecRTHBD
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'

Redirect headers

Content-Length
190
Content-Type
text/html; charset=utf-8
Date
Thu, 07 Mar 2024 17:20:38 GMT
Location
https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7
zclkredirect
wulfw-ydi.com/ 		600 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://wulfw-ydi.com/zclkredirect?visitid=04037a53-dca7-11ee-bd6f-0affff7c4481&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true
Requested by
Host: wulfw-ydi.com
URL: https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.16.114.133 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-16-114-133.compute-1.amazonaws.com
Software
mSeYKtkq /
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'

Request headers

Referer
https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

access-control-allow-headers
X-Requested-With,Content-Type,x-exadsrtb-version,x-openrtb-version,x-zerortb-version,X-Flag
access-control-allow-methods
GET,POST,OPTIONS
access-control-allow-origin
*
cache-control
no-store, no-cache, pre-check=0, post-check=0
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
content-type
text/html;charset=UTF-8
date
Thu, 07 Mar 2024 17:20:38 GMT
redirected
JS
server
mSeYKtkq
x-content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline'
x-webkit-csp
default-src 'self'; script-src 'self' 'unsafe-inline'
aff_r
wmadv.go2cloud.org/
Redirect Chain
  • https://wmadv.go2cloud.org/aff_c?offer_id=14953076&aff_id=8719&url_id=9589&aff_sub=zr04037a53dca711eebd6f0affff7c44813921c536d86c404cbf603b2c48e8d03f0804894220ebaf2ea5&source=greige-ostrich_golf-lu...
  • https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732
220 B
622 B 		Document
General
Check archive.org
Download Go to
Full URL
https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732
Requested by
Host: wulfw-ydi.com
URL: https://wulfw-ydi.com/zclkredirect?visitid=04037a53-dca7-11ee-bd6f-0affff7c4481&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
18.202.12.61 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-202-12-61.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
bc8a93a15cd7795ab8b1d8fac89eeb917247ed0b8ac3e3da7c2fbf173661202d

Request headers

Referer
https://wulfw-ydi.com/zclkredirect?visitid=04037a53-dca7-11ee-bd6f-0affff7c4481&type=js&browserWidth=1600&browserHeight=1200&iframeDetected=false&webdriverDetected%20%20%20%20%20%20%20%20=false&usingEventListener=true
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 07 Mar 2024 17:20:39 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Pragma
no-cache
Server
nginx
Transfer-Encoding
chunked
X-Request-Id
22d101d12f31c4363b69a659f381e244

Redirect headers

Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
330
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 07 Mar 2024 17:20:39 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732
P3p
CP="NOI CUR OUR NOR INT"
Pragma
no-cache
Server
nginx
Tracking_id
102fc112ffa8a571ad1b38de70bd8c
X-Request-Id
afdb39d193d2c69d3b9df36d8d379db0
X-Robots-Tag
noindex, nofollow
Primary Request /
gshub.biz/cityweatherforecasthublp2/
Redirect Chain
  • https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&redirect_pass=1&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732
  • https://gshub.biz/cityweatherforecasthublp2/
536 KB
371 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gshub.biz/cityweatherforecasthublp2/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
88.198.23.190 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-23-190.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
2c3c419ef02ba6ea8d473afd09b37939e989dce3db3df34256d30d30fe76161d

Request headers

Referer
https://wmadv.go2cloud.org/aff_r?offer_id=14953076&aff_id=8719&url=https%3A%2F%2Fgshub.biz%2Fcityweatherforecasthublp2%2F&urlauth=335846952129495622309631221732
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 07 Mar 2024 17:20:39 GMT
ETag
W/"65e1df32-85e02"
Last-Modified
Fri, 01 Mar 2024 13:59:14 GMT
Server
nginx/1.18.0 (Ubuntu)
Transfer-Encoding
chunked

Redirect headers

Access-Control-Allow-Headers
Tune-SDK-Version
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
228
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 07 Mar 2024 17:20:39 GMT
Expires
Sat, 26 Jul 1997 05:00:00 GMT
Location
https://gshub.biz/cityweatherforecasthublp2/
Pragma
no-cache
Server
nginx
X-Request-Id
e15bb31b5bc99174616fcd5e5f07fd8c
logo.png
gshub.biz/cityweatherforecasthublp2/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://gshub.biz/cityweatherforecasthublp2/logo.png
Requested by
Host: gshub.biz
URL: https://gshub.biz/cityweatherforecasthublp2/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
88.198.23.190 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.88-198-23-190.clients.your-server.de
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
3c7f26fe2315782d19f9d3926bd1cb42b5ba5a7e25379b1bc0fa67e8d1f9b020

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://gshub.biz/cityweatherforecasthublp2/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Date
Thu, 07 Mar 2024 17:20:40 GMT
Last-Modified
Fri, 01 Mar 2024 13:59:14 GMT
Server
nginx/1.18.0 (Ubuntu)
ETag
"65e1df32-1b50"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
6992
truncated
/ 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
0453a0a49a237c3a9ac4a6e79e084e88e8c0c58f8fda6b10d55d1c15ebdd6971

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		21 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b76fca3a9a76bc787cba62e2376ef320550e337684e1ca090136bf3675822f55

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		17 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2f46d4349ef23c1ee864d67f597bbe9d9a83c6ffc86dc272d22bacad56121351

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.111 Safari/537.36

Response headers

Content-Type
image/png

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

3 Cookies

Domain/Path Name / Value
wmadv.go2cloud.org/ Name: aff_ran_url_14953076
Value: 9589
wmadv.go2cloud.org/ Name: enc_aff_session_14953076
Value: ENC039ddb7bcf02fc8471701768b6d17c7d8248abe96d94498f0f1eaaa4100cdc3d29484d80187d1b40643fe1f71f4ecd98af6023c2fdb18cb924a0a5bacb055ab627fb2db36574ff54c01e08c42356f4310fb3001d228027f44ad4e3c541821ce71bc7f7b475c4943bbffaab7c993ff15a9a66acb30ba12ce33fe2d901e7661fe79de3463570b05d655ce890700e0eb265ffe684ff5262773d9620e38f3f71f50fe6fe09a61d865f07718a7a4ae652d99688b8a77fa8641622d0f21480bc5985513af7770714e0fc821c121ad9b240355862f8fe8e083cc9808405b8f5906bfba9b7c79e0d3db662308ffa298e5440160412d75b43e394e3a88067c4faf071a91de2a06dca3f9dfd26a187d7542de00a69a74737dbfb7d249224d0f1aa210987cd6708822908
wmadv.go2cloud.org/ Name: ho_mob
Value: eyJtb2JpbGVfZGV2aWNlX29zIjoiRGVza3RvcCIsIm1vYmlsZV9vc192ZXJzaW9uIjoiMCIsIm1vYmlsZV9kZXZpY2VfbW9kZWwiOiJDaHJvbWUiLCJtb2JpbGVfZGV2aWNlX2JyYW5kIjoiR29vZ2xlIiwibW9iaWxlX2Jyb3dzZXIiOiJDaHJvbWUgRGVza3RvcCIsIm1vYmlsZV9icm93c2VyX3ZlcnNpb24iOiIxMjIiLCJtb2JpbGVfY2FycmllciI6Ij8iLCJ1c2VyX2FnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IFg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgTGlrZSBHZWNrbykgQ2hyb21lLzEyMi4wLjYyNjEuMTExIFNhZmFyaS81MzcuMzYiLCJhY2NlcHRfbGFuZ3VhZ2UiOiJmaS1GSSxmaTtxPTAuOSIsImNvbm5lY3Rpb25fc3BlZWQiOiJicm9hZGJhbmQifQ==

1 Console Messages

Source Level URL
Text
security error URL: https://wulfw-ydi.com/zclkvisitor/04037a53-dca7-11ee-bd6f-0affff7c4481/d11f3a10-2cff-11ec-b832-0aea8b85a94f?campaignid=74dd8200-d957-11ee-ac4f-123f4a2b6bb7(Line 6)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-Opw3sUXjBEfd/fTJ2JnsDVcoewTItSQXvQRwF8xa2ZQ='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'
X-Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline'