urlscan.io logo urlscan.io
SecurityTrails logo

mycard.petroretail.kz Open in urlscan Pro
85.29.132.50  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mycard.petroretail.kz/
Effective URL: https://mycard.petroretail.kz/customers/sign_in?locale=ru
Submission: On May 25 via manual from KZ — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 9 HTTP transactions. The main IP is 85.29.132.50, located in Nur-Sultan, Kazakhstan and belongs to KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ. The main domain is mycard.petroretail.kz.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on March 20th 2022. Valid for: a year.
This is the only time mycard.petroretail.kz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 8 85.29.132.50 21299 (KAR-TEL-A...)
2 2a00:1450:400... 15169 (GOOGLE)
9 2
Apex Domain
Subdomains		 Transfer
8 petroretail.kz
mycard.petroretail.kz
666 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 37
20 KB
9 2
Domain Requested by
8 mycard.petroretail.kz 1 redirects mycard.petroretail.kz
2 www.google-analytics.com mycard.petroretail.kz
www.google-analytics.com
9 2

This site contains links to these domains. Also see Links.

Domain
www.petroretail.kz
Subject Issuer Validity Valid
*.petroretail.kz
Sectigo RSA Domain Validation Secure Server CA		 2022-03-20 -
2023-04-19		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mycard.petroretail.kz/customers/sign_in?locale=ru
Frame ID: 5FACFC2D56761D7ECC0EC83A61309910
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Карты

Page URL History Show full URLs

  1. https://mycard.petroretail.kz/ HTTP 302
    https://mycard.petroretail.kz/customers/sign_in?locale=ru Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

685 kB
Transfer

2989 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mycard.petroretail.kz/ HTTP 302
    https://mycard.petroretail.kz/customers/sign_in?locale=ru Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request sign_in
mycard.petroretail.kz/customers/
Redirect Chain
  • https://mycard.petroretail.kz/
  • https://mycard.petroretail.kz/customers/sign_in?locale=ru
6 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mycard.petroretail.kz/customers/sign_in?locale=ru
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
f67a2f22edee31731c7b910d80066e34a9fbdbcdeb72f9a3b7d2f2f4d2b86264
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self'; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com; object-src 'none'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com 'nonce-kY5YlLjhkfyLoLi6rNmXFg=='; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://sentry.io wss://*.petroretail.kz
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-store
content-encoding
gzip
content-security-policy
default-src 'self'; font-src 'self'; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com; object-src 'none'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com 'nonce-kY5YlLjhkfyLoLi6rNmXFg=='; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://sentry.io wss://*.petroretail.kz
content-type
text/html; charset=utf-8
date
Wed, 25 May 2022 11:56:45 GMT
etag
W/"f67a2f22edee31731c7b910d80066e34"
expires
Mon, 01 Jan 1990 00:00:00 GMT
feature-policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; geolocation 'none'; magnetometer 'none'; accelerometer 'none'
link
</assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css>; rel=preload; as=style; nopush,</packs/js/packages-0b6f0b2093fa730ddd6c.js>; rel=preload; as=script; nopush,</assets/cts/application-fa75e01738db8f896ecf98123bc210f30ab346eaf09af034c02b536063ae1206.js>; rel=preload; as=script; nopush
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=15724800; includeSubdomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
f522f725-1d69-4cb2-ac69-4e7e66aa478a
x-runtime
0.054390
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache
content-security-policy
default-src 'self'; font-src 'self'; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com; object-src 'none'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com 'nonce-yHbrySywoneK4BJOJ0p80Q=='; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://sentry.io wss://*.petroretail.kz
content-type
text/html; charset=utf-8
date
Wed, 25 May 2022 11:56:44 GMT
feature-policy
camera 'none'; gyroscope 'none'; microphone 'none'; usb 'none'; fullscreen 'self'; geolocation 'none'; magnetometer 'none'; accelerometer 'none'
location
https://mycard.petroretail.kz/customers/sign_in?locale=ru
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=15724800; includeSubdomains
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-request-id
1b8f87e0-6ece-4271-948a-d8bde7a54a31
x-runtime
0.017188
x-xss-protection
1; mode=block
kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
mycard.petroretail.kz/assets/cts/ 		172 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
d570d603e5af2fbbaf51406394a13c6d05ed6240c9a27d6557c21158a45348f8
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/customers/sign_in?locale=ru
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 11:56:45 GMT
content-encoding
gzip
last-modified
Tue, 29 Mar 2022 15:45:36 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css
strict-transport-security
max-age=15724800; includeSubdomains
content-length
32069
packages-0b6f0b2093fa730ddd6c.js
mycard.petroretail.kz/packs/js/ 		41 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycard.petroretail.kz/packs/js/packages-0b6f0b2093fa730ddd6c.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
87be94fea06c7922e689d0269b67a4bcbf79c22032a453436e2b89576a5ceea3
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/customers/sign_in?locale=ru
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 11:56:45 GMT
content-encoding
br
last-modified
Tue, 29 Mar 2022 15:47:57 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
strict-transport-security
max-age=15724800; includeSubdomains
content-length
12722
application-fa75e01738db8f896ecf98123bc210f30ab346eaf09af034c02b536063ae1206.js
mycard.petroretail.kz/assets/cts/ 		3 MB
524 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://mycard.petroretail.kz/assets/cts/application-fa75e01738db8f896ecf98123bc210f30ab346eaf09af034c02b536063ae1206.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
6523f36317a64d8fd508a4e8622099dac33aa6fe05252f0d0082c9e0526a49c5
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/customers/sign_in?locale=ru
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 11:56:45 GMT
content-encoding
gzip
last-modified
Tue, 29 Mar 2022 15:45:36 GMT
server
nginx
vary
Accept-Encoding
content-type
application/javascript
strict-transport-security
max-age=15724800; includeSubdomains
content-length
536167
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: mycard.petroretail.kz
URL: https://mycard.petroretail.kz/customers/sign_in?locale=ru
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 13 Apr 2022 21:02:38 GMT
server
Golfe2
age
5857
date
Wed, 25 May 2022 10:19:08 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Wed, 25 May 2022 12:19:08 GMT
collect
www.google-analytics.com/j/ 		2 B
211 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=167437240&t=pageview&_s=1&dl=https%3A%2F%2Fmycard.petroretail.kz%2Fcustomers%2Fsign_in%3Flocale%3Dru&ul=en-us&de=UTF-8&dt=%D0%9A%D0%B0%D1%80%D1%82%D1%8B&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=IEBAAEABAAAAAC~&jid=335575348&gjid=866602844&cid=1552867694.1653479806&tid=UA-116152985-4&_gid=155789740.1653479806&_r=1&_slc=1&z=946962108
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a048e640908046be06e00eab37742b5d5ff80964af58cfd22f7cb2de4dfe375f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://mycard.petroretail.kz/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Wed, 25 May 2022 11:56:45 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://mycard.petroretail.kz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
owner-logo-6a68dc131b60f661718ea5b27a1288cc20ca400142a58807da1cb6e4d6715dc7.png
mycard.petroretail.kz/assets/base/kmg/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycard.petroretail.kz/assets/base/kmg/owner-logo-6a68dc131b60f661718ea5b27a1288cc20ca400142a58807da1cb6e4d6715dc7.png
Requested by
Host: mycard.petroretail.kz
URL: https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
633f357a08a2e1d5f10c9c0e368f88a0e40ef2894e64af8cf43dba46d041bc62
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 11:56:46 GMT
last-modified
Tue, 29 Mar 2022 15:45:36 GMT
server
nginx
content-length
3378
strict-transport-security
max-age=15724800; includeSubdomains
content-type
image/png
login-background-8b68dcfa023aa8200d48f7713e67fe3f5148e13b5db196f3d2b166e2e44f760d.jpg
mycard.petroretail.kz/assets/cts/kmg/ 		82 KB
83 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycard.petroretail.kz/assets/cts/kmg/login-background-8b68dcfa023aa8200d48f7713e67fe3f5148e13b5db196f3d2b166e2e44f760d.jpg
Requested by
Host: mycard.petroretail.kz
URL: https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
2cb6126772385611cd78c0a690317e94fd93f920d7fda1119ac30e8ae6102bf7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 11:56:46 GMT
last-modified
Tue, 29 Mar 2022 15:45:36 GMT
server
nginx
content-length
84302
strict-transport-security
max-age=15724800; includeSubdomains
content-type
image/jpeg
provider-logo-ec314a8e05e1bef60e68bc000cba5255bea1d28195a9bd856008d918dfd480d0.png
mycard.petroretail.kz/assets/base/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mycard.petroretail.kz/assets/base/provider-logo-ec314a8e05e1bef60e68bc000cba5255bea1d28195a9bd856008d918dfd480d0.png
Requested by
Host: mycard.petroretail.kz
URL: https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
85.29.132.50 Nur-Sultan, Kazakhstan, ASN21299 (KAR-TEL-AS Almaty, Republic of Kazakhstan, KZ),
Reverse DNS
comp132-50.2day.kz
Software
nginx /
Resource Hash
cd6839978c4f4284170fe64b778ab34df5abc1476e3a2b07101e71318ecb2617
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubdomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mycard.petroretail.kz/assets/cts/kmg_application-45625ce34cb2e3fb5bab70828af25b4567a0283176009b4d998424edc8896694.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.64 Safari/537.36

Response headers

date
Wed, 25 May 2022 11:56:46 GMT
last-modified
Tue, 29 Mar 2022 15:45:36 GMT
server
nginx
content-length
6648
strict-transport-security
max-age=15724800; includeSubdomains
content-type
image/png

Verdicts & Comments Add Verdict or Comment

67 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone function| getScreenDetails string| GoogleAnalyticsObject function| ga object| Raven object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| _classCallCheck function| _toConsumableArray function| _inherits object| runtime function| _createClass function| SentryMonitor function| App function| CheckList function| CollapsibleBlock function| EpaymentForm function| FilterForm function| LoginForm function| PhoneInput function| PrefixedInput function| QrModal function| SiteHierarchyInputs function| Table function| Helpers function| Alerts function| Disabler function| DateRangePicker function| FilterFormWithAccountAndCard function| NewCardForm function| PaymentOrderForm function| ShowSwitcher function| TransactionItemTotals function| TransferForm function| _get object| __core-js_shared__ object| core object| global object| System function| asap function| Observable function| setImmediate function| clearImmediate function| Dict function| delay object| _ object| regeneratorRuntime function| $ function| jQuery object| Rails boolean| _rails_loaded function| moment object| I18n function| Cookies object| Registration object| Session object| PredefinedRanges object| Accounts object| AccountsCards object| Agreements object| Cards object| Transfers object| app

5 Cookies

Domain/Path Name / Value
.petroretail.kz/ Name: __Secure-mw_session
Value: 8b06e1e61985f5579b9889634e9b28c8
.petroretail.kz/ Name: _ga
Value: GA1.2.1552867694.1653479806
.petroretail.kz/ Name: _gid
Value: GA1.2.155789740.1653479806
.petroretail.kz/ Name: _gat
Value: 1
mycard.petroretail.kz/ Name: mw_login_tab
Value: .customer-login-form

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; font-src 'self'; img-src 'self' data: https://www.google-analytics.com https://ssl.google-analytics.com; object-src 'none'; script-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com 'nonce-kY5YlLjhkfyLoLi6rNmXFg=='; frame-ancestors 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://www.google-analytics.com https://ssl.google-analytics.com https://sentry.io wss://*.petroretail.kz
Strict-Transport-Security max-age=15724800; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block