urlscan.io logo urlscan.io
SecurityTrails logo

portal.mvp.bafin.de Open in urlscan Pro
217.111.31.183  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e2s1
Effective URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Submission: On March 02 via api from RU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 217.111.31.183, located in Frankfurt am Main, Germany and belongs to COLT COLT Technology Services Group Limited, GB. The main domain is portal.mvp.bafin.de. The Cisco Umbrella rank of the primary domain is 627931.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on June 29th 2023. Valid for: a year.
This is the only time portal.mvp.bafin.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 15 217.111.31.183 8220 (COLT COLT...)
13 1
Apex Domain
Subdomains		 Transfer
15 bafin.de
portal.mvp.bafin.de — Cisco Umbrella Rank: 627931
191 KB
13 1
Domain Requested by
15 portal.mvp.bafin.de 2 redirects portal.mvp.bafin.de
13 1

This site contains no links.

Subject Issuer Validity Valid
portal.mvp.bafin.de
GlobalSign RSA OV SSL CA 2018		 2023-06-29 -
2024-07-30		 a year crt.sh

This page contains 1 frames:

Primary Page: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Frame ID: 8F5606C24028EE7AC21BD54D0A081702
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

BaFin - MVP Portal

Page URL History Show full URLs

  1. https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e2s1 HTTP 302
    https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html HTTP 302
    https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1 Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

13
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

187 kB
Transfer

257 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e2s1 HTTP 302
    https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html HTTP 302
    https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request benutzerPasswortAnfordern.html
portal.mvp.bafin.de/MvpPortalWeb/app/
Redirect Chain
  • https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e2s1
  • https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html
  • https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
4 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
f637a3062b7f95e1b3faaf9975d84cdfcf9a11945c250d86ccf22310c04da075
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
private, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Content-Type
text/html
Expires
Thu, 01 Dec 1994 16:00 GMT
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Backside-Transport
OK OK
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Permitted-Cross-Domain-Policies
master-only
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
private, must-revalidate
Connection
Keep-Alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Content-Type
text/xml
Expires
Thu, 01 Dec 1994 16:00 GMT
Location
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Referrer-Policy
same-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Transfer-Encoding
chunked
X-Backside-Transport
OK OK
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Permitted-Cross-Domain-Policies
master-only
X-XSS-Protection
1; mode=block
reset.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/reset.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
c1294bdf063296c4dfd9b5462237703a8ad24b0b10832d5573be4c42db0a96e5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
main.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/ 		30 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/main.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
fda1ef02c9858886c63230b53f48d9937b6699b375de9f181680b75b3b6027fd
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
styles.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/ 		9 KB
4 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/styles.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
3caafc391f350fe18cb2bb15d95e352c4cd490a9e7ef8ae49015ffd6423fa8ed
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
displaytag.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/ 		3 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/displaytag.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
b827930baabe3703ba714b2a2cf04b7e5469c930eb4e911acc9cef53a9fb7f58
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
icons.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/icon-font/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/icon-font/icons.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
125115512395815f6bf3c08ff24c5e19841e1e1ab81e488623810601fb73f974
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
secure_pro.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/secure-code-pro-font/ 		104 B
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/secure-code-pro-font/secure_pro.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
6a84a9a62a2e007499b219631b4dd0eb9eee67537674827ae3241e9080afbdd1
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
jquery-3.5.1.min.js
portal.mvp.bafin.de/MvpPortalWeb/static/js/thirdparty/jquery/ 		87 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/js/thirdparty/jquery/jquery-3.5.1.min.js
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
f36844906ad2309877aae3121b87fb15b9e09803cb4c333adc7e1e35ac92e14b
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
application/javascript
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
bafin_logo.png
portal.mvp.bafin.de/MvpPortalWeb/static/images/corporate/ 		9 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/images/corporate/bafin_logo.png
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
ce5a35253e0be8533d08200816cb841167eb45b780bafb93a6c3964596d5588a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
image/png
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
print.css
portal.mvp.bafin.de/MvpPortalWeb/static/css/ 		1 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/print.css
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
68845d96a8ad11e013954334a66b1317e9736842c300e0dfe87363735d9b720f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/app/benutzerPasswortAnfordern.html?execution=e1s1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/css
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
background.png
portal.mvp.bafin.de/MvpPortalWeb/static/images/corporate/ 		58 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/images/corporate/background.png
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
be2f596c4eaf8e399a01adff1aabf9160f9b108770b95b3990e8c906bc486617
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
image/png
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
information.png
portal.mvp.bafin.de/MvpPortalWeb/static/images/ 		2 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/images/information.png
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/static/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
bcf9b788408bd931205a5a69fa660d99326bcd5588753362d4e0e9f4a109526f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/main.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
image/png
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT
SourceCodePro-Regular.ttf.woff2
portal.mvp.bafin.de/MvpPortalWeb/static/css/secure-code-pro-font/TTF/ 		51 KB
52 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/secure-code-pro-font/TTF/SourceCodePro-Regular.ttf.woff2
Requested by
Host: portal.mvp.bafin.de
URL: https://portal.mvp.bafin.de/MvpPortalWeb/static/css/secure-code-pro-font/secure_pro.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
217.111.31.183 Frankfurt am Main, Germany, ASN8220 (COLT COLT Technology Services Group Limited, GB),
Reverse DNS
Software
/
Resource Hash
b1e8dca6e4125313089ab2bbef8276880cafa72676dc7bf0df84b0324e08ce7f
Security Headers
Name Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://portal.mvp.bafin.de/MvpPortalWeb/static/css/secure-code-pro-font/secure_pro.css
Origin
https://portal.mvp.bafin.de
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.94 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
X-Content-Type-Options
nosniff
Referrer-Policy
same-origin
Content-Encoding
gzip
X-Permitted-Cross-Domain-Policies
master-only
Transfer-Encoding
chunked
X-Frame-Options
sameorigin
Content-Type
text/plain
X-Backside-Transport
OK OK
Cache-Control
private, must-revalidate
Permissions-Policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(self), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(self), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(self), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
Connection
Keep-Alive
X-XSS-Protection
1; mode=block
Expires
Thu, 01 Dec 1994 16:00 GMT

Verdicts & Comments Add Verdict or Comment

3 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery function| flowSubmit

1 Cookies

Domain/Path Name / Value
portal.mvp.bafin.de/ Name: MvpSession
Value: U9/O9tjvmz8l2chzLu/3D++KpxZrd7AGPk1QkECOP3vQbdSFepFJVOf6QKgPBt+g2vnEhFdzwfH8GxEzJ4DQHWnZJEGjOKpVy59BRvjN23g=

9 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'battery'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-not-rendered'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'execution-while-out-of-viewport'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'layout-animations'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'legacy-image-formats'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'navigation-override'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'web-share'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; base-uri 'self'; child-src 'self'; manifest-src 'self'; connect-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'self'; img-src 'self'; media-src 'self'; object-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block