urlscan.io logo urlscan.io
SecurityTrails logo

auth.directory.bankofapis.com Open in urlscan Pro
2600:9000:214f:8600:a:685b:e9c0:93a1  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://ui.directory.bankofapis.com/
Effective URL: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Submission: On June 06 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 6 HTTP transactions. The main IP is 2600:9000:214f:8600:a:685b:e9c0:93a1, located in United States and belongs to AMAZON-02, US. The main domain is auth.directory.bankofapis.com.
TLS certificate: Issued by Amazon on June 6th 2022. Valid for: a year.
This is the only time auth.directory.bankofapis.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

Apex Domain
Subdomains		 Transfer
5 bankofapis.com
ui.directory.bankofapis.com
auth.directory.bankofapis.com
138 KB
3 raidiam.io
cdn.raidiam.io
787 KB
6 2
Domain Requested by
4 auth.directory.bankofapis.com 1 redirects auth.directory.bankofapis.com
3 cdn.raidiam.io auth.directory.bankofapis.com
1 ui.directory.bankofapis.com 1 redirects
6 3

This site contains no links.

Subject Issuer Validity Valid
auth.directory.bankofapis.com
Amazon		 2022-06-06 -
2023-07-05		 a year crt.sh
cdn.raidiam.io
Amazon		 2021-12-19 -
2023-01-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Frame ID: 4426453D29DE5F8A9E3D0B899774B4AC
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign in

Page URL History Show full URLs

  1. https://ui.directory.bankofapis.com/ HTTP 302
    https://auth.directory.bankofapis.com/auth?client_id=12df9e4a-b1a3-11ec-b909-0242ac120002&redirect_uri=https%3A%2F... HTTP 303
    https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+\sdata-v(?:ue)?-

Page Statistics

6
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

923 kB
Transfer

1165 kB
Size

5
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://ui.directory.bankofapis.com/ HTTP 302
    https://auth.directory.bankofapis.com/auth?client_id=12df9e4a-b1a3-11ec-b909-0242ac120002&redirect_uri=https%3A%2F%2Fui.directory.bankofapis.com%2Foauth2%2Fidpresponse&response_type=code&scope=openid%20profile%20directory%3Awebsite%20offline_access%20email&state=4v2qv594OnfvmQSqIHlZjvrwtDrktMoTWFcHJtmW08s8F21MiloDCQ8dvmMbIqm7BpKnt6ciicDtOpx%2BzCQEWwTnkh9sspyxhziUh1JgnIHntEo8HWb9IOGYexxLbZrrudJctOU1F9uIa%2BTXN4%2Bc%2Fw%2BrIsOfLt2jm3KQhpuZTI8GHvRbixuP0Gz2WQra8qXxsJmgz%2BkPaK17O%2BlIm1xbGMgU&prompt=consent HTTP 303
    https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

6 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 9VMrVC9XnPQnMffRESIqT
auth.directory.bankofapis.com/interaction/
Redirect Chain
  • https://ui.directory.bankofapis.com/
  • https://auth.directory.bankofapis.com/auth?client_id=12df9e4a-b1a3-11ec-b909-0242ac120002&redirect_uri=https%3A%2F%2Fui.directory.bankofapis.com%2Foauth2%2Fidpresponse&response_type=code&scope=open...
  • https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
73 KB
29 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:8600:a:685b:e9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
85e13a119d7c36bd5ddb97df20530fd239712334045581b4d8a044dd8f93cf54
Security Headers
Name Value
Content-Security-Policy default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store
content-encoding
gzip
content-security-policy
default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 06 Jun 2022 14:45:12 GMT
etag
W/"123ab-SUZR8V7z1BIFlRM04kqOm1aEWKc"
expect-ct
max-age=0
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
no-referrer
server
awselb/2.0
strict-transport-security
max-age=15552000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-id
x1AAI7OzYQ9zKVCEDIjDXrkWI-wcZFqcyc9IKyYTBBCAEc0wzGlaaA==
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0

Redirect headers

cache-control
no-cache, no-store
content-length
99
content-security-policy
default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
cross-origin-resource-policy
same-origin
date
Mon, 06 Jun 2022 14:45:12 GMT
expect-ct
max-age=0
location
https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
origin-agent-cluster
?1
pragma
no-cache
referrer-policy
no-referrer
server
awselb/2.0
strict-transport-security
max-age=15552000; includeSubDomains
vary
Origin
via
1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
x-amz-cf-id
mLBnzH1kO_uGB38JyB1vr2G-RyIrFCuwQoJu5kuRsrgKTGNTeiXCeA==
x-amz-cf-pop
FRA53-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
vendor.3310073d47db13b0c587.js
auth.directory.bankofapis.com/dist/ 		152 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.directory.bankofapis.com/dist/vendor.3310073d47db13b0c587.js
Requested by
Host: auth.directory.bankofapis.com
URL: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:8600:a:685b:e9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
25a490a79e351b0a1fcd8e3a15d3fdc4c9cea651723cd6e433cd8b4dd9dc2083
Security Headers
Name Value
Content-Security-Policy default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 14:45:12 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA53-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
cross-origin-resource-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Wed, 25 May 2022 11:32:44 GMT
server
awselb/2.0
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
etag
W/"25e47-180fafd9360"
expect-ct
max-age=0
vary
Accept-Encoding, Origin
x-download-options
noopen
content-type
application/javascript; charset=UTF-8
via
1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
origin-agent-cluster
?1
cache-control
public, max-age=2592000
content-security-policy
default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-amz-cf-id
ZoMvOlaadejBR5RYJ3RGvWnLvCMard5awKuyWO7Cg6AxZnNkJLhCGA==
Login.cd1e8c50ee7657e602c8.js
auth.directory.bankofapis.com/dist/ 		141 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://auth.directory.bankofapis.com/dist/Login.cd1e8c50ee7657e602c8.js
Requested by
Host: auth.directory.bankofapis.com
URL: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:214f:8600:a:685b:e9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
awselb/2.0 /
Resource Hash
5935c5c4bf3a12d8a01ebfa98b229e52670875601e016ff1922167f644a43b75
Security Headers
Name Value
Content-Security-Policy default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 14:45:13 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-permitted-cross-domain-policies
none
x-amz-cf-pop
FRA53-C1
x-dns-prefetch-control
off
x-cache
Miss from cloudfront
cross-origin-resource-policy
same-origin
strict-transport-security
max-age=15552000; includeSubDomains
x-xss-protection
0
referrer-policy
no-referrer
last-modified
Wed, 25 May 2022 11:32:44 GMT
server
awselb/2.0
cross-origin-opener-policy
same-origin
x-frame-options
SAMEORIGIN
etag
W/"23283-180fafd9360"
expect-ct
max-age=0
vary
Accept-Encoding, Origin
x-download-options
noopen
content-type
application/javascript; charset=UTF-8
via
1.1 a3c2566f9e36ad3cdf79fc6307fcf566.cloudfront.net (CloudFront)
origin-agent-cluster
?1
cache-control
public, max-age=2592000
content-security-policy
default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
x-amz-cf-id
HpC8uFvJfup4m9Rpq5pW6OGczKRwG_-KdqUxnRalwbk8AqHKUwW8WQ==
logo.png
cdn.raidiam.io/openid-ui/brand/natwest/0.1.1.359/assets/images/ 		65 KB
65 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.raidiam.io/openid-ui/brand/natwest/0.1.1.359/assets/images/logo.png
Requested by
Host: auth.directory.bankofapis.com
URL: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:1600:11:2e0c:5380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
287cec00903c3d347c894851b8b94a190e190b8fe3be7d0a451fd23e4739f38d

Request headers

Referer
Origin
https://auth.directory.bankofapis.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 14:45:14 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-length
66352
last-modified
Wed, 25 May 2022 11:34:31 GMT
server
AmazonS3
etag
"c1b509ea58040bbfaa691da956cdf6eb"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
HvgpFqWoSZ2Tk149UHi3Q6BS7XdBPaMn
access-control-allow-origin
*
accept-ranges
bytes
content-type
image/png
x-amz-cf-id
iRa8NerxXCA3pWXVqiUwPguetJSMd-WdN0Jyp-PKjkg9t9KyDQIt3g==
full-logo-white.png
cdn.raidiam.io/openid-ui/brand/natwest/0.1.1.359/assets/images/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.raidiam.io/openid-ui/brand/natwest/0.1.1.359/assets/images/full-logo-white.png
Requested by
Host: auth.directory.bankofapis.com
URL: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:1600:11:2e0c:5380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
4324ec1cffcc13841b49a2289a521890ad5fa3086a20b894c62c1a0df34e237f

Request headers

Referer
Origin
https://auth.directory.bankofapis.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 14:45:14 GMT
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
content-length
13654
last-modified
Wed, 25 May 2022 11:34:31 GMT
server
AmazonS3
etag
"b5287104fb4e5b26fee482fcead6b37c"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
Wba9rO7VmAhlzQfYOhpCymAVw9mw.W1T
access-control-allow-origin
*
accept-ranges
bytes
content-type
image/png
x-amz-cf-id
3rh_UiuoI4C0fVRghygLmDNyE__Kv4T8UqMMWL_BWxIOHJcYBglHSg==
truncated
/ 		14 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6eae6de5b723c6c0cf13b6a210c4621a6acbf1404e7839f2a0d9f2c1feba3c1c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		2 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
74b3985e9e60f90666a81f59bd9275c058fd5df2a729faeac3c80d1178f0fe21

Request headers

Referer
Origin
https://auth.directory.bankofapis.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type
image/png
background-raidiam.jpg
cdn.raidiam.io/openid-ui/assets/images/ 		706 KB
708 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.raidiam.io/openid-ui/assets/images/background-raidiam.jpg
Requested by
Host: auth.directory.bankofapis.com
URL: https://auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:1600:11:2e0c:5380:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
3ea934ac7cd7491ec369714a3285c98fc427be3fe3492a70ace7f269a951b99a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://auth.directory.bankofapis.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 06 Jun 2022 14:45:14 GMT
via
1.1 32e4d419823b7f8df8417a8b18c9602c.cloudfront.net (CloudFront)
last-modified
Tue, 16 Nov 2021 12:48:19 GMT
server
AmazonS3
x-amz-cf-pop
FRA50-C1
etag
"b100ea930791c2de80e7fc3a552497b7"
x-cache
Miss from cloudfront
x-amz-version-id
eiGRL.9hi3dDrnWhWB_IgRJox3PU.tdo
x-amz-replication-status
COMPLETED
accept-ranges
bytes
content-type
image/jpeg
content-length
723117
x-amz-cf-id
s88QosVRwhE28p1L7wmYqoPy3Ff_oLHdjq44NcJnm4lLe4koOMLNsw==

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| __INITIAL_STATE__ object| __INITIAL_MESSAGES__ string| __LANG__ object| webpackJsonp function| setImmediate function| clearImmediate

5 Cookies

Domain/Path Name / Value
auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT Name: _interaction.sig
Value: KJ-5XG9BZXqwFDHRX0lUphcsgnU
auth.directory.bankofapis.com/interaction/9VMrVC9XnPQnMffRESIqT Name: _interaction
Value: 9VMrVC9XnPQnMffRESIqT
auth.directory.bankofapis.com/auth/9VMrVC9XnPQnMffRESIqT Name: _interaction_resume.sig
Value: 1ScPT3Jz4UIgdGjCF1KM2Ndn7S0
auth.directory.bankofapis.com/auth/9VMrVC9XnPQnMffRESIqT Name: _interaction_resume
Value: 9VMrVC9XnPQnMffRESIqT
auth.directory.bankofapis.com/interaction Name: lang
Value: en

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' cdn.raidiam.io;img-src 'self' data: https:;script-src 'self' cdn.raidiam.io 'unsafe-inline';form-action 'self' https: https://auth.directory.bankofapis.com;base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';object-src 'none';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0