urlscan.io logo urlscan.io
SecurityTrails logo

test.timeman3.rsitservice.de Open in urlscan Pro
92.194.218.227  Public Scan

Go To Rescan Add Verdict Report
URL: https://test.timeman3.rsitservice.de/
Submission: On April 09 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 13 HTTP transactions. The main IP is 92.194.218.227, located in Mermuth, Germany and belongs to PLUSNET *****************, DE. The main domain is test.timeman3.rsitservice.de.
TLS certificate: Issued by R3 on April 9th 2024. Valid for: 3 months.
This is the only time test.timeman3.rsitservice.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 92.194.218.227 20676 (PLUSNET *...)
13 2
Apex Domain
Subdomains		 Transfer
9 rsitservice.de
test.timeman3.rsitservice.de
4 MB
13 1
Domain Requested by
9 test.timeman3.rsitservice.de test.timeman3.rsitservice.de
13 1

This site contains no links.

Subject Issuer Validity Valid
test.timeman3.rsitservice.de
R3		 2024-04-09 -
2024-07-08		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://test.timeman3.rsitservice.de/
Frame ID: 12A848E2DE82404B3F71F8A1936F39C3
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Timemanager2023-powerd by RS-IT-Service

Page Statistics

13
Requests

69 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

3637 kB
Transfer

3629 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
test.timeman3.rsitservice.de/ 		771 B
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
a9bd6fe3cdc4ddef70fcebe96d7c19f2ef3014f4b08cc30c2cf74bf50f715a3c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
cache-control
max-age=5
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Tue, 09 Apr 2024 09:29:42 GMT
permissions-policy
interest-cohort=()
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-sso-wat
You've just been SSOed
x-xss-protection
1; mode=block
jpro-fullscreen.css
test.timeman3.rsitservice.de/jpro/css/ 		70 B
596 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/jpro/css/jpro-fullscreen.css
Requested by
Host: test.timeman3.rsitservice.de
URL: https://test.timeman3.rsitservice.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
0bdc214e4fe8d29c5c5cdc4741fc6787c2c39680593f154cbaefea52b595661e
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:42 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
70
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
nginx
etag
"0a1232cb27fbda051a9b5063384e850d412fad4e"
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
cache-control
public, max-age=3600
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
accept-ranges
bytes
jpro.css
test.timeman3.rsitservice.de/jpro/css/ 		6 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/jpro/css/jpro.css
Requested by
Host: test.timeman3.rsitservice.de
URL: https://test.timeman3.rsitservice.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
d8777a05c324ebfc004242a1a67e2e5138384244616e1e3ba85bdc278521e664
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:43 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
5805
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
last-modified
Fri, 01 Jan 2010 00:00:00 GMT
server
nginx
etag
"3ef59b38d15f31a4046705e6ad74d5cbcdf7590e"
x-download-options
noopen
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=UTF-8
cache-control
public, max-age=3600
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
accept-ranges
bytes
jpro.js
test.timeman3.rsitservice.de/jpro/js/ 		1 MB
1 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/jpro/js/jpro.js
Requested by
Host: test.timeman3.rsitservice.de
URL: https://test.timeman3.rsitservice.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
a4d6bab3aa65a4cc2e624d284bd3836cfc80a1e70d81194c048631a11a959660
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:42 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
1096524
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
etag
"a27b4ba8f1a5402da5dee976fe5d59a4"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
application/javascript
cache-control
max-age=5
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
ynh_portal.js
test.timeman3.rsitservice.de/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/ynh_portal.js
Requested by
Host: test.timeman3.rsitservice.de
URL: https://test.timeman3.rsitservice.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:42 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
nginx
x-permitted-cross-domain-policies
none
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
x-xss-protection
1; mode=block
ynh_overlay.css
test.timeman3.rsitservice.de/ 		0
0
custom_portal.js
test.timeman3.rsitservice.de/ynhtheme/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/ynhtheme/custom_portal.js
Requested by
Host: test.timeman3.rsitservice.de
URL: https://test.timeman3.rsitservice.de/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:42 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
server
nginx
x-permitted-cross-domain-policies
none
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
text/html
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
x-xss-protection
1; mode=block
custom_overlay.css
test.timeman3.rsitservice.de/ynhtheme/ 		0
0
ynh_overlay.css
test.timeman3.rsitservice.de/ 		0
0
custom_overlay.css
test.timeman3.rsitservice.de/ynhtheme/ 		0
0
favicon.ico
test.timeman3.rsitservice.de/ 		25 B
421 B 		Other
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
bf77b10ddf3b6d2db8bf0e26b120b71187bcbed1e756de154c662b09eb7289fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:43 GMT
content-security-policy
upgrade-insecure-requests
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
x-content-type-options
nosniff
server
nginx
x-permitted-cross-domain-policies
none
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
text/plain; charset=UTF-8
strict-transport-security
max-age=63072000; includeSubDomains; preload
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
content-length
25
x-xss-protection
1; mode=block
Roboto-Regular.ttf
test.timeman3.rsitservice.de/app/default/resourcesencoded/file:/app/hellojpro-maven-jpro/fonts/ 		167 KB
168 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://test.timeman3.rsitservice.de/app/default/resourcesencoded/file:/app/hellojpro-maven-jpro/fonts/Roboto-Regular.ttf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
9e79eaebefe9cb1188defba9413ad6d383cff1f0b4334f0b878634648fb70322
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
Origin
https://test.timeman3.rsitservice.de
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:43 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
170984
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
etag
"18d44f79b3979ec168862093208c6d7d"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
font/ttf
access-control-allow-origin
*
cache-control
max-age=5
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed
Nicht%20benannt-3.png
test.timeman3.rsitservice.de/app/default/resourcesencoded/jar:file:/app/hellojpro-maven-jpro/libs/hellojpro-maven-1.0-SNAPSHOT.jar!/one/jpro/hellojpro/ 		2 MB
2 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://test.timeman3.rsitservice.de/app/default/resourcesencoded/jar:file:/app/hellojpro-maven-jpro/libs/hellojpro-maven-1.0-SNAPSHOT.jar!/one/jpro/hellojpro/Nicht%20benannt-3.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
92.194.218.227 Mermuth, Germany, ASN20676 (PLUSNET *****************, DE),
Reverse DNS
port-92-194-218-227.dynamic.as20676.net
Software
nginx /
Resource Hash
f75f397f3b34d4c985f40d139a19c4e12e2c4ec382cbf00c5694b9d3d166374f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://test.timeman3.rsitservice.de/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 09:29:43 GMT
content-security-policy
upgrade-insecure-requests
x-content-type-options
nosniff
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-permitted-cross-domain-policies
none
content-length
2442218
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin, strict-origin-when-cross-origin
server
nginx
etag
"2f363cb1f29d1adda1ddd266e2be3a8e"
x-download-options
noopen
x-frame-options
SAMEORIGIN
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=5
permissions-policy
interest-cohort=()
x-sso-wat
You've just been SSOed

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
test.timeman3.rsitservice.de
URL
https://test.timeman3.rsitservice.de/ynh_overlay.css
Domain
test.timeman3.rsitservice.de
URL
https://test.timeman3.rsitservice.de/ynhtheme/custom_overlay.css
Domain
test.timeman3.rsitservice.de
URL
https://test.timeman3.rsitservice.de/ynh_overlay.css
Domain
test.timeman3.rsitservice.de
URL
https://test.timeman3.rsitservice.de/ynhtheme/custom_overlay.css

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| jpro object| returnExports object| WebComponents function| __CE_installPolyfill object| ShadyCSS object| Zlib function| JProElementTagSupport object| JProStarter

0 Cookies

11 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Origin trial controlled feature not enabled: 'interest-cohort'.
security error URL: https://test.timeman3.rsitservice.de/
Message:
Refused to apply style from 'https://test.timeman3.rsitservice.de/ynh_overlay.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://test.timeman3.rsitservice.de/
Message:
Refused to apply style from 'https://test.timeman3.rsitservice.de/ynhtheme/custom_overlay.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://test.timeman3.rsitservice.de/ynh_portal.js
Message:
Failed to load resource: the server responded with a status of 404 ()
network error URL: https://test.timeman3.rsitservice.de/ynhtheme/custom_portal.js
Message:
Failed to load resource: the server responded with a status of 404 ()
security error URL: https://test.timeman3.rsitservice.de/
Message:
Refused to execute script from 'https://test.timeman3.rsitservice.de/ynh_portal.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://test.timeman3.rsitservice.de/
Message:
Refused to execute script from 'https://test.timeman3.rsitservice.de/ynhtheme/custom_portal.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
security error URL: https://test.timeman3.rsitservice.de/
Message:
Refused to apply style from 'https://test.timeman3.rsitservice.de/ynh_overlay.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
security error URL: https://test.timeman3.rsitservice.de/
Message:
Refused to apply style from 'https://test.timeman3.rsitservice.de/ynhtheme/custom_overlay.css' because its MIME type ('text/html') is not a supported stylesheet MIME type, and strict MIME checking is enabled.
network error URL: https://test.timeman3.rsitservice.de/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 ()
other warning URL: https://test.timeman3.rsitservice.de/jpro/js/jpro.js(Line 514)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block