owasp.org
Open in
urlscan Pro
2606:4700:10::ac43:a27
Public Scan
Submission: On October 01 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 4th 2022. Valid for: a year.
This is the only time owasp.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
29 | 2606:4700:10:... 2606:4700:10::ac43:a27 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:400d:806::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:50c0:800... 2606:50c0:8003::153 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700:303... 2606:4700:3035::6815:30f1 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 140.82.121.4 140.82.121.4 | 36459 (GITHUB) (GITHUB) | |
1 | 140.82.121.5 140.82.121.5 | 36459 (GITHUB) (GITHUB) | |
36 | 6 |
ASN36459 (GITHUB, US)
PTR: lb-140-82-121-5-fra.github.com
api.github.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
29 |
owasp.org
owasp.org — Cisco Umbrella Rank: 177889 |
627 KB |
4 |
github.com
github.com — Cisco Umbrella Rank: 3088 api.github.com — Cisco Umbrella Rank: 5558 |
14 KB |
1 |
shields.io
img.shields.io — Cisco Umbrella Rank: 41809 |
1 KB |
1 |
github.io
buttons.github.io — Cisco Umbrella Rank: 62739 |
7 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 28 |
20 KB |
36 | 5 |
Domain | Requested by | |
---|---|---|
29 | owasp.org |
owasp.org
|
3 | github.com |
owasp.org
|
1 | api.github.com |
buttons.github.io
|
1 | img.shields.io |
owasp.org
|
1 | buttons.github.io |
owasp.org
|
1 | www.google-analytics.com |
owasp.org
|
36 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2022-06-04 - 2023-06-03 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2022-09-12 - 2022-12-05 |
3 months | crt.sh |
*.github.com DigiCert TLS RSA SHA256 2020 CA1 |
2022-04-07 - 2023-04-07 |
a year | crt.sh |
github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2022-03-15 - 2023-03-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://owasp.org/www-project-secure-headers/
Frame ID: AECF0901DC0FD7851FDA7116E150E5BA
Requests: 36 HTTP requests in this frame
Screenshot
Page Title
OWASP Secure Headers Project | OWASP FoundationDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
254 Outgoing links
These are links going to different origins than the main page.
Title: Start a New Project...
Search URL Search Domain Scan URL
Title: Start a Local Chapter...
Search URL Search Domain Scan URL
Title: OWASP AppSec NZ
Search URL Search Domain Scan URL
Title: OWASP Global AppSec AsiaPac Virtual 2022
Search URL Search Domain Scan URL
Title: OWASP September Webinar
Search URL Search Domain Scan URL
Title: OWASP October Webinar
Search URL Search Domain Scan URL
Title: OWASP Global AppSec San Francisco 2022
Search URL Search Domain Scan URL
Title: OWASP Global AppSec Dublin 2023
Search URL Search Domain Scan URL
Title: Membership Portal
Search URL Search Domain Scan URL
Title: Video
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Statistics
Search URL Search Domain Scan URL
Title: REST API
Search URL Search Domain Scan URL
Title: GitHub organization
Search URL Search Domain Scan URL
Title: OWASP Spotlight Youtube playlist
Search URL Search Domain Scan URL
Title: Application Security Podcast Youtube playlist
Search URL Search Domain Scan URL
Title: old website
Search URL Search Domain Scan URL
Title: GitHub OWASP organization
Search URL Search Domain Scan URL
Title: headers
Search URL Search Domain Scan URL
Title: headers-ui-container
Search URL Search Domain Scan URL
Title: venom
Search URL Search Domain Scan URL
Title: this GitHub project
Search URL Search Domain Scan URL
Title: dashboard
Search URL Search Domain Scan URL
Title: discussions feature
Search URL Search Domain Scan URL
Title: project feature
Search URL Search Domain Scan URL
Title: Adam Averay
Search URL Search Domain Scan URL
Title: Jim Manico
Search URL Search Domain Scan URL
Title: Apache 2.0 License
Search URL Search Domain Scan URL
Title: RFC 6797
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/rfc6797
Search URL Search Domain Scan URL
Title: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
Search URL Search Domain Scan URL
Title: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Search URL Search Domain Scan URL
Title: https://www.chromium.org/hsts
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
Search URL Search Domain Scan URL
Title: https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html
Search URL Search Domain Scan URL
Title: https://blogs.windows.com/msedgedev/2015/06/09/http-strict-transport-security-comes-to-internet-explorer-11-on-windows-8-1-and-windows-7/
Search URL Search Domain Scan URL
Title: clickjacking
Search URL Search Domain Scan URL
Title: frame-ancestors
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/rfc7034
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/draft-ietf-websec-frame-options-00
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Search URL Search Domain Scan URL
Title: https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
Search URL Search Domain Scan URL
Title: https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx
Search URL Search Domain Scan URL
Title: https://blogs.msdn.microsoft.com/ie/2008/09/02/ie8-security-part-vi-beta-2-update/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Search URL Search Domain Scan URL
Title: https://www.w3.org/TR/CSP/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/Security/CSP
Search URL Search Domain Scan URL
Title: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/content-security-policy-an-introduction/
Search URL Search Domain Scan URL
Title: https://report-uri.io
Search URL Search Domain Scan URL
Title: https://content-security-policy.com
Search URL Search Domain Scan URL
Title: https://report-uri.com/home/generate
Search URL Search Domain Scan URL
Title: https://csp-evaluator.withgoogle.com/
Search URL Search Domain Scan URL
Title: https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html
Search URL Search Domain Scan URL
Title: https://danielnixon.org/http-security-headers/
Search URL Search Domain Scan URL
Title: https://rorsecurity.info/portfolio/new-http-headers-for-more-security
Search URL Search Domain Scan URL
Title: https://github.com/twitter/secureheaders/issues/88
Search URL Search Domain Scan URL
Title: https://gf.dev/cross-domain-policy-test
Search URL Search Domain Scan URL
Title: https://www.w3.org/TR/referrer-policy/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: https://w3c.github.io/webappsec-clear-site-data/
Search URL Search Domain Scan URL
Title: https://www.chromestatus.com/feature/4713262029471744
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-clear-site-data
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-clear-site-data/tree/master/demo
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: CORS
Search URL Search Domain Scan URL
Title: Cross-Origin-Resource-Policy
Search URL Search Domain Scan URL
Title: https://html.spec.whatwg.org/multipage/origin.html#coep
Search URL Search Domain Scan URL
Title: https://caniuse.com/?search=Cross-Origin-Embedder-Policy
Search URL Search Domain Scan URL
Title: https://web.dev/coop-coep/
Search URL Search Domain Scan URL
Title: https://web.dev/why-coop-coep/
Search URL Search Domain Scan URL
Title: https://web.dev/cross-origin-isolation-guide/
Search URL Search Domain Scan URL
Title: XS-Leaks
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
Search URL Search Domain Scan URL
Title: https://github.com/xsleaks/xsleaks
Search URL Search Domain Scan URL
Title: https://portswigger.net/daily-swig/xs-leak
Search URL Search Domain Scan URL
Title: https://portswigger.net/research/xs-leak-detecting-ids-using-portal
Search URL Search Domain Scan URL
Title: side-channel attacks
Search URL Search Domain Scan URL
Title: Spectre
Search URL Search Domain Scan URL
Title: Cross-Site Script Inclusion (XSSI)
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: Site
Search URL Search Domain Scan URL
Title: Origin
Search URL Search Domain Scan URL
Title: CORP header is not specified
Search URL Search Domain Scan URL
Title: https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header
Search URL Search Domain Scan URL
Title: https://resourcepolicy.fyi/
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: exposure of information via the cache
Search URL Search Domain Scan URL
Title: Expires
Search URL Search Domain Scan URL
Title: Pragma
Search URL Search Domain Scan URL
Title: HTTP caching standards document
Search URL Search Domain Scan URL
Title: table
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching
Search URL Search Domain Scan URL
Title: https://cwe.mitre.org/data/definitions/524.html
Search URL Search Domain Scan URL
Title: https://portswigger.net/web-security/web-cache-poisoning
Search URL Search Domain Scan URL
Title: https://portswigger.net/research/practical-web-cache-poisoning
Search URL Search Domain Scan URL
Title: https://portswigger.net/research/web-cache-entanglement
Search URL Search Domain Scan URL
Title: Chrome platform status
Search URL Search Domain Scan URL
Title: page
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives
Search URL Search Domain Scan URL
Title: https://caniuse.com/permissions-policy
Search URL Search Domain Scan URL
Title: https://www.w3.org/TR/permissions-policy-1/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Search URL Search Domain Scan URL
Title: https://www.permissionspolicy.com/
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: https://w3c.github.io/webappsec-feature-policy/
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/a-new-security-header-feature-policy/
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-feature-policy/blob/master/features.md
Search URL Search Domain Scan URL
Title: https://caniuse.com/feature-policy
Search URL Search Domain Scan URL
Title: source
Search URL Search Domain Scan URL
Title: Expect-CT Extension for HTTP
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/a-new-security-header-expect-ct/
Search URL Search Domain Scan URL
Title: HPKP Suicide and Ransom PKP
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/rfc7469
Search URL Search Domain Scan URL
Title: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
Search URL Search Domain Scan URL
Title: https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
Search URL Search Domain Scan URL
Title: https://labs.detectify.com/2016/07/05/what-hpkp-is-but-isnt/
Search URL Search Domain Scan URL
Title: https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/im-giving-up-on-hpkp/
Search URL Search Domain Scan URL
Title: https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Search URL Search Domain Scan URL
Title: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Search URL Search Domain Scan URL
Title: https://www.chromestatus.com/feature/5021976655560704
Search URL Search Domain Scan URL
Title: https://bugzilla.mozilla.org/show_bug.cgi?id=528661
Search URL Search Domain Scan URL
Title: https://blogs.windows.com/windowsexperience/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
Search URL Search Domain Scan URL
Title: https://github.com/zaproxy/zaproxy/issues/5849
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/security-headers-updates/#removing-the-x-xss-protection-header
Search URL Search Domain Scan URL
Title: https://portswigger.net/daily-swig/google-chromes-xss-auditor-goes-back-to-filter-mode
Search URL Search Domain Scan URL
Title: https://www.virtuesecurity.com/blog/understanding-xss-auditor/
Search URL Search Domain Scan URL
Title: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
Search URL Search Domain Scan URL
Title: http://zinoui.com/blog/security-http-headers#x-xss-protection
Search URL Search Domain Scan URL
Title: https://caniuse.com/stricttransportsecurity
Search URL Search Domain Scan URL
Title: https://caniuse.com/x-frame-options
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_x-content-type-options
Search URL Search Domain Scan URL
Title: https://caniuse.com/?search=content-security-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/referrer-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/publickeypinning
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_expect-ct
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_x-xss-protection
Search URL Search Domain Scan URL
Title: https://caniuse.com/?search=Clear-Site-Data
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cross-origin-opener-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cross-origin-resource-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cache-control
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_pragma
Search URL Search Domain Scan URL
Title: Trap bad guys in your browser with HTTP security headers
Search URL Search Domain Scan URL
Title: https://github.com/riramar/hsecscan
Search URL Search Domain Scan URL
Title: https://github.com/rfc-st/humble
Search URL Search Domain Scan URL
Title: https://securityheaders.com/
Search URL Search Domain Scan URL
Title: https://observatory.mozilla.org/
Search URL Search Domain Scan URL
Title: https://github.com/mozilla/http-observatory/
Search URL Search Domain Scan URL
Title: https://github.com/mozilla/http-observatory-website/
Search URL Search Domain Scan URL
Title: https://chrome.google.com/webstore/detail/recx-security-analyser/ljafjhbjenhgcgnikniijchkngljgjda
Search URL Search Domain Scan URL
Title: https://github.com/drwetter/testssl.sh
Search URL Search Domain Scan URL
Title: https://github.com/Santandersecurityresearch/DrHeader
Search URL Search Domain Scan URL
Title: https://github.com/AmitKulkarni9/API-Security
Search URL Search Domain Scan URL
Title: https://github.com/google/csp-evaluator
Search URL Search Domain Scan URL
Title: https://docs.spring.io/spring-security/reference/features/exploits/headers.html
Search URL Search Domain Scan URL
Title: https://docs.nwebsec.com
Search URL Search Domain Scan URL
Title: https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders
Search URL Search Domain Scan URL
Title: https://github.com/github/secure_headers
Search URL Search Domain Scan URL
Title: https://github.com/aidantwoods/SecureHeaders
Search URL Search Domain Scan URL
Title: https://github.com/bepsvpt/secure-headers
Search URL Search Domain Scan URL
Title: https://github.com/frodsan/rack-secure_headers
Search URL Search Domain Scan URL
Title: https://github.com/helmetjs/helmet
Search URL Search Domain Scan URL
Title: https://github.com/rwjblue/ember-cli-content-security-policy/
Search URL Search Domain Scan URL
Title: https://github.com/nlf/blankie
Search URL Search Domain Scan URL
Title: https://github.com/mozilla/django-csp
Search URL Search Domain Scan URL
Title: https://github.com/sdelements/django-security
Search URL Search Domain Scan URL
Title: https://github.com/TypeError/secure
Search URL Search Domain Scan URL
Title: https://github.com/goddtriffin/helmet
Search URL Search Domain Scan URL
Title: https://docs.rs/crate/owasp-headers/latest
Search URL Search Domain Scan URL
Title: one
Search URL Search Domain Scan URL
Title: documentation
Search URL Search Domain Scan URL
Title: disclosure of technical information
Search URL Search Domain Scan URL
Title: reverse proxy
Search URL Search Domain Scan URL
Title: web application firewall
Search URL Search Domain Scan URL
Title: Server
Search URL Search Domain Scan URL
Title: Liferay-Portal
Search URL Search Domain Scan URL
Title: Liferay
Search URL Search Domain Scan URL
Title: X-Turbo-Charged-By
Search URL Search Domain Scan URL
Title: X-Powered-By
Search URL Search Domain Scan URL
Title: X-Server-Powered-By
Search URL Search Domain Scan URL
Title: X-Powered-CMS
Search URL Search Domain Scan URL
Title: CMS
Search URL Search Domain Scan URL
Title: SourceMap
Search URL Search Domain Scan URL
Title: source map
Search URL Search Domain Scan URL
Title: X-AspNetMvc-Version
Search URL Search Domain Scan URL
Title: X-AspNet-Version
Search URL Search Domain Scan URL
Title: X-SourceFiles
Search URL Search Domain Scan URL
Title: X-Redirect-By
Search URL Search Domain Scan URL
Title: Wikipedia
Search URL Search Domain Scan URL
Title: X-Generator
Search URL Search Domain Scan URL
Title: X-Generated-By
Search URL Search Domain Scan URL
Title: X-CMS
Search URL Search Domain Scan URL
Title: X-Powered-By-Plesk
Search URL Search Domain Scan URL
Title: Plesk
Search URL Search Domain Scan URL
Title: X-Php-Version
Search URL Search Domain Scan URL
Title: PHP
Search URL Search Domain Scan URL
Title: Powered-By
Search URL Search Domain Scan URL
Title: X-Content-Encoded-By
Search URL Search Domain Scan URL
Title: Product
Search URL Search Domain Scan URL
Title: X-CF-Powered-By
Search URL Search Domain Scan URL
Title: X-Framework
Search URL Search Domain Scan URL
Title: Content-Disposition
Search URL Search Domain Scan URL
Title: SVG file
Search URL Search Domain Scan URL
Title: stored cross-site scripting
Search URL Search Domain Scan URL
Title: forbidden header names
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: XS-Leaks
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: mode
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-dest
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-mode
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-user
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-site
Search URL Search Domain Scan URL
Title: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/#are-site-and-origin-interchangeable
Search URL Search Domain Scan URL
Title: https://portswigger.net/daily-swig/firefox-becomes-latest-browser-to-support-fetch-metadata-request-headers
Search URL Search Domain Scan URL
Title: Cloud.gov
Search URL Search Domain Scan URL
Title: Amazon AWS
Search URL Search Domain Scan URL
Title: Salesforce
Search URL Search Domain Scan URL
Title: Black Hills Information Security
Search URL Search Domain Scan URL
Title: Progress
Search URL Search Domain Scan URL
Title: Bloomreach
Search URL Search Domain Scan URL
Title: CrashTest Security
Search URL Search Domain Scan URL
Title: Nmap
Search URL Search Domain Scan URL
Title: Edit on GitHub
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
36 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
owasp.org/www-project-secure-headers/ |
148 KB 37 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.cookie.js
owasp.org/www--site-theme/assets/js/ |
4 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
49 KB 20 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
owasp.org/www--site-theme/assets/css/ |
127 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
owasp.org/www--site-theme/assets/js/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
owasp.org/www--site-theme/assets/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yaml.min.js
owasp.org/www--site-theme/assets/js/ |
42 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
luxon.min.js
owasp.org/www--site-theme/assets/js/ |
68 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kjua.min.js
owasp.org/www--site-theme/assets/js/ |
28 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttons.js
buttons.github.io/ |
20 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
owasp.org/assets/images/ |
11 KB 13 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owasp-lab-yellow.svg
img.shields.io/badge/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 840 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
owasp.org/assets/fontawesome/ |
74 KB 74 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ubuntu-regular.woff2
owasp.org/assets/font/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ubuntu-medium.woff2
owasp.org/assets/font/ |
28 KB 30 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
owasp.org/assets/fontawesome/ |
73 KB 73 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner-data.yml
owasp.org/www-project-secure-headers/assets/sitedata/ |
734 B 2 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popup-data.yml
owasp.org/www-project-secure-headers/assets/sitedata/ |
1 KB 2 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menus.json
owasp.org/www--site-theme/assets/sitedata/ |
6 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
events.yml
owasp.org/assets/sitedata/ |
3 KB 3 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
corp_members.yml
owasp.org/assets/sitedata/ |
104 KB 104 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
gitlab.png
owasp.org/assets/images/corp-member-logo/ |
16 KB 17 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Coalfire.png
owasp.org/assets/images/corp-member-logo/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GitGuardian_Logo_Vertical.png
owasp.org/assets/images/corp-member-logo/ |
26 KB 27 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
proack_logo_main_rgb_72dpi.png
owasp.org/assets/images/corp-member-logo/ |
16 KB 16 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GrammarlyLogo.png
owasp.org/assets/images/corp-member-logo/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fortify_logo_owasp.png
owasp.org/assets/images/corp-member-logo/ |
7 KB 7 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KPMG_Logo.jpeg
owasp.org/assets/images/corp-member-logo/ |
7 KB 9 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
salesforce.png
owasp.org/assets/images/corp-member-logo/ |
6 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
qualys.png
owasp.org/assets/images/corp-member-logo/ |
18 KB 18 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ub-secure.png
owasp.org/assets/images/corp-member-logo/ |
7 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www-project-secure-headers
api.github.com/repos/owasp/ |
7 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
35 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| Cookies function| handleOutboundLinkClicks function| $ function| jQuery function| YAML object| luxon function| kjua object| events object| members object| plat_indices object| gold_indices object| other_indices function| get_next_member object| banneryaml object| popyaml string| url object| eventsyml string| e string| evnt object| member number| chosenIndex number| pIndex number| cycleIndex object| google_tag_data function| ga object| gaplugins0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.github.com
buttons.github.io
github.com
img.shields.io
owasp.org
www.google-analytics.com
140.82.121.4
140.82.121.5
2606:4700:10::ac43:a27
2606:4700:3035::6815:30f1
2606:50c0:8003::153
2a00:1450:400d:806::200e
03448ffc9e3b2aa76851f9487a804e6d540300ccbd5721af9876ece77f214cae
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e9fa8a99754184ca80fd32d5220a592f1f82092b8ffc46015f598cc1b7058ee
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2dacea04efc7fe966dee2876314784878d4fee036dde51464ff843d316c43dfd
357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298
3c4f4ae1fa5555d51d8232941c6b752dc461e3874c40fe9918efb1efff15cf2a
3e3351cf49f3196ee3eb5bef6fe234e98077f6b447419ee6d102a75db75ec2d4
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
5b741fe5f6080e1593a351a04b8f376296497f31d0cc30fb42b4f1b12f308341
6ee3ab9e8a475b94af29eadf5e1d255d12c9e6fdd463fcade3fe2cc76b7d3491
78834b11897ddc090a4776c6a4a63d3edbe6eeb999ff10685834b3c14432d65f
7be903edafc2fca82e32b2a96c222f0354336f85aa68647b01d2a913fd68dec3
7d515c0862c758debefe4dfbae52305d10a9c253035c12ae1e9904a943bb4233
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
889850c939bd8424253a67211f9eda5d2939ca0126d93814bd904e0dc09538a9
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
898161741c152b0b73f4f58253bfab2242fb56e975e863c8e32f09b5a9c34dc1
901808d90bc8e7715edcf12e86aff6de261beaf70cc6697407dc6042fcd90885
9b27f88df0096830f8202207b01da2f55e7aa8a221afac11c125705fd2b130ec
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
b3f1503362ca1a657a09ad0f0507a7119dfa48ffcc9bca34b911534bef3a3f5e
b58b9cbeb9cf337f96ed8bf5fcfccd9d99dcd1140e07685616526ede8979e73d
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
b99660d51cd8a2850bf72971ae1547abc4a30991c6d50d0eeee18631b47fbc87
c1d1cb2d38cc8407900c7fb68f95f29c18f1dea83d8b4b6ca409c18909cd426c
c5a828d372761288a94a939ff36a93328ced615fa040d55af6805242649e01f0
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
e7b304732ddf3f6625a82d4ff8c3c5544ba390cd3f73486890f65d09b0409384
e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5
ea7b775f0f003a40ed003d5f8a9c125a9baf76d3738ccf3046f46579fce1cca4
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce