urlscan.io logo urlscan.io
SecurityTrails logo

authenticate.wm.de Open in urlscan Pro
195.243.82.90  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://moje.wmautodily.cz/
Effective URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2a...
Submission: On July 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 3 domains to perform 8 HTTP transactions. The main IP is 195.243.82.90, located in Kurtscheid, Germany and belongs to DTAG Internet service provider operations, DE. The main domain is authenticate.wm.de.
TLS certificate: Issued by GeoTrust TLS RSA CA G1 on December 4th 2023. Valid for: a year.
This is the only time authenticate.wm.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 3 195.192.130.208 25291 (INTERDOTL...)
7 195.243.82.90 3320 (DTAG Inte...)
1 2a04:4e42:600... 54113 (FASTLY)
8 2
Apex Domain
Subdomains		 Transfer
9 wm.de
mein.wm.de
authenticate.wm.de
1 MB
1 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 381
25 KB
1 wmautodily.cz
moje.wmautodily.cz
153 B
8 3
Domain Requested by
7 authenticate.wm.de authenticate.wm.de
2 mein.wm.de 2 redirects
1 cdn.jsdelivr.net authenticate.wm.de
1 moje.wmautodily.cz 1 redirects
8 4

This site contains links to these domains. Also see Links.

Domain
www.wm.de
Subject Issuer Validity Valid
*.wm.de
GeoTrust TLS RSA CA G1		 2023-12-04 -
2024-12-03		 a year crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2023 Q3		 2023-09-27 -
2024-10-28		 a year crt.sh

This page contains 1 frames:

Primary Page: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Frame ID: 47C7201B713EBB24F36F75358D5EDC12
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmeldung bei WMSE

Page URL History Show full URLs

  1. https://moje.wmautodily.cz/ HTTP 302
    https://mein.wm.de/cz/customer HTTP 302
    https://mein.wm.de/cz/connect?referer=https://mein.wm.de/cz/customer HTTP 302
    https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&sta... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //cdn\.jsdelivr\.net/

Page Statistics

8
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

4
Subdomains

2
IPs

2
Countries

1241 kB
Transfer

1636 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://moje.wmautodily.cz/ HTTP 302
    https://mein.wm.de/cz/customer HTTP 302
    https://mein.wm.de/cz/connect?referer=https://mein.wm.de/cz/customer HTTP 302
    https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request auth
authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/
Redirect Chain
  • https://moje.wmautodily.cz/
  • https://mein.wm.de/cz/customer
  • https://mein.wm.de/cz/connect?referer=https://mein.wm.de/cz/customer
  • https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https...
9 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
88df5cbf5aa2e168693d6a3e0dfe74a07ace019e2cf6c3d6f87fc9489c142715
Security Headers
Name Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=157680000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Cache-Control
no-store, must-revalidate, max-age=0
Content-Language
de
Content-Security-Policy
frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Content-Type
text/html;charset=utf-8
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000; includeSubDomains max-age=157680000
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-Robots-Tag
none
X-XSS-Protection
1; mode=block
transfer-encoding
chunked

Redirect headers

cache-control
max-age=0, must-revalidate, private
content-type
text/html; charset=UTF-8
date
Mon, 01 Jul 2024 07:37:21 GMT
expires
Mon, 01 Jul 2024 07:37:21 GMT
location
https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
strict-transport-security
max-age=31536000; includeSubDomains
login-wm.css
authenticate.wm.de/auth/resources/bau0s/login/wm/css/ 		397 KB
54 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://authenticate.wm.de/auth/resources/bau0s/login/wm/css/login-wm.css
Requested by
Host: authenticate.wm.de
URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
a183f5fbbd995a2718f4b623c35bd7c58ef0f9fc153d4a661033d6a98dab4a7d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=157680000
Content-Encoding
gzip
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
transfer-encoding
chunked
Content-Type
text/css;charset=UTF-8
Cache-Control
max-age=2592000
X-XSS-Protection
1; mode=block
wm_logo.svg
authenticate.wm.de/auth/resources/bau0s/login/wm/img/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://authenticate.wm.de/auth/resources/bau0s/login/wm/img/wm_logo.svg
Requested by
Host: authenticate.wm.de
URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
c4eea19559452f8a137e43f16c954b976bb8dee1dee24ab62270861cbfad713a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=157680000
Content-Encoding
gzip
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Content-Type
image/svg+xml
Cache-Control
max-age=2592000
content-length
991
X-XSS-Protection
1; mode=block
no%20pic
authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/ 		143 B
143 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/no%20pic
Requested by
Host: authenticate.wm.de
URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
9050c4e5d88ec70c5788e6dd2d11bff686d017f6d964729f7b798793290f17dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=157680000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=157680000
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
content-length
143
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
Content-Type
application/json
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/ 		79 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js
Requested by
Host: authenticate.wm.de
URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9520018fa5d81f4e4dc9d06afb576f90cbbaba209cfcc6cb60e1464647f7890b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://authenticate.wm.de
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Mon, 01 Jul 2024 07:37:22 GMT
x-content-type-options
nosniff
content-encoding
br
age
5896632
x-jsd-version
5.2.3
x-cache
HIT, HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
24659
x-served-by
cache-fra-etou8220135-FRA, cache-mxp6961-MXP
x-jsd-version-type
version
etag
W/"13a24-kNFQNu9I/LM2oTW66BK0VmnxkEQ"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
accept-ranges
bytes
timing-allow-origin
*
wm_fallback_background.jpg
authenticate.wm.de/auth/resources/bau0s/login/wm/img/ 		1020 KB
1022 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://authenticate.wm.de/auth/resources/bau0s/login/wm/img/wm_fallback_background.jpg
Requested by
Host: authenticate.wm.de
URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/auth?ui_locales=cz&scope=openid&state=c647c2c6c3e26ef2aba87a56d0e98f0d&response_type=code&approval_prompt=auto&redirect_uri=https%3A%2F%2Fmein.wm.de%2Fcz%2Fconnect%2Fcheck&client_id=portal
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
f193c500b91edb20cd40ff8059834eddfb2d1d7c92be7ee888058f7178deb323
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=157680000
Cache-Control
max-age=2592000
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
transfer-encoding
chunked
Content-Type
image/jpeg
HelveticaNeue.woff2
authenticate.wm.de/auth/resources/bau0s/login/wm/fonts/HelveticaNeue/ 		129 KB
128 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://authenticate.wm.de/auth/resources/bau0s/login/wm/fonts/HelveticaNeue/HelveticaNeue.woff2
Requested by
Host: authenticate.wm.de
URL: https://authenticate.wm.de/auth/resources/bau0s/login/wm/css/login-wm.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
58d357928ab12b86685e6b87f27ab9d82529c311e6abaf454675e376c41f6eb3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Origin
https://authenticate.wm.de
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=157680000
Content-Encoding
gzip
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
transfer-encoding
chunked
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
X-XSS-Protection
1; mode=block
favicon.ico
authenticate.wm.de/auth/resources/bau0s/login/wm/img/ 		627 B
992 B 		Other
General
Check archive.org
Download Go to
Full URL
https://authenticate.wm.de/auth/resources/bau0s/login/wm/img/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_CBC
Server
195.243.82.90 Kurtscheid, Germany, ASN3320 (DTAG Internet service provider operations, DE),
Reverse DNS
Software
/
Resource Hash
47dcf1f1a8f1afd68297a294a263849069a7a62b2e86550241416c2cc56c5676
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains, max-age=157680000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains, max-age=157680000
Content-Encoding
gzip
Referrer-Policy
no-referrer
X-Content-Type-Options
nosniff
Content-Type
application/octet-stream
Cache-Control
max-age=2592000
content-length
650
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| event object| fence object| sharedStorage number| uidEvent object| bootstrap

4 Cookies

Domain/Path Name / Value
authenticate.wm.de/auth/realms/WMSE/ Name: AUTH_SESSION_ID_LEGACY
Value: ba838e0a-dce0-40dc-857e-1bed75340ce2.b1c98731e752-16814
authenticate.wm.de/auth/realms/WMSE/ Name: AUTH_SESSION_ID
Value: ba838e0a-dce0-40dc-857e-1bed75340ce2.b1c98731e752-16814
authenticate.wm.de/auth/realms/WMSE/ Name: KC_RESTART
Value: eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJhODQ0MDQ4NS05OGEzLTQyYzUtYjNkNi1iMjBiYTRiOTkyMzcifQ.eyJjaWQiOiJwb3J0YWwiLCJwdHkiOiJvcGVuaWQtY29ubmVjdCIsInJ1cmkiOiJodHRwczovL21laW4ud20uZGUvY3ovY29ubmVjdC9jaGVjayIsImFjdCI6IkFVVEhFTlRJQ0FURSIsIm5vdGVzIjp7InNjb3BlIjoib3BlbmlkIiwiaXNzIjoiaHR0cHM6Ly9hdXRoZW50aWNhdGUud20uZGUvYXV0aC9yZWFsbXMvV01TRSIsInJlc3BvbnNlX3R5cGUiOiJjb2RlIiwiY2xpZW50X3JlcXVlc3RfcGFyYW1fYXBwcm92YWxfcHJvbXB0IjoiYXV0byIsInJlZGlyZWN0X3VyaSI6Imh0dHBzOi8vbWVpbi53bS5kZS9jei9jb25uZWN0L2NoZWNrIiwic3RhdGUiOiJjNjQ3YzJjNmMzZTI2ZWYyYWJhODdhNTZkMGU5OGYwZCJ9fQ.4q7KBq-WxzgKZPWk1RVwq9diECOwZ9JnBsOrcTbV4ug
mein.wm.de/ Name: WM_SE_PORTAL_SESSION_ID
Value: 0c30e722ea659160797afc04ec8426e4

1 Console Messages

Source Level URL
Text
network error URL: https://authenticate.wm.de/auth/realms/WMSE/protocol/openid-connect/no%20pic
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src 'self'; frame-ancestors 'self'; object-src 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains max-age=157680000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block