owasp.org Open in urlscan Pro
2606:4700:10::ac43:a27 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://owasp.org/www-project-secure-headers/
Submission: On October 01 via api (October 1st 2022, 4:07:46 am UTC) from US — Scanned from DE

Summary HTTP 36 Redirects Links 254 Behaviour Indicators

Summary

This website contacted 6 IPs in 2 countries across 5 domains to perform 36 HTTP transactions. The main IP is 2606:4700:10::ac43:a27, located in United States and belongs to CLOUDFLARENET, US. The main domain is owasp.org. The Cisco Umbrella rank of the primary domain is 177889.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on June 4th 2022. Valid for: a year.

This is the only time owasp.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
29	2606:4700:10:... 2606:4700:10::ac43:a27	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400d:806::200e	15169 (GOOGLE) (GOOGLE)
1	2606:50c0:800... 2606:50c0:8003::153	54113 (FASTLY) (FASTLY)
1	2606:4700:303... 2606:4700:3035::6815:30f1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	140.82.121.4 140.82.121.4	36459 (GITHUB) (GITHUB)
1	140.82.121.5 140.82.121.5	36459 (GITHUB) (GITHUB)
36	6

29 2606:4700:10::ac43:a27 (United States)

ASN13335 (CLOUDFLARENET, US)

owasp.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400d:806::200e (Ireland)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:50c0:8003::153 (United States)

ASN54113 (FASTLY, US)

buttons.github.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:30f1 (United States)

ASN13335 (CLOUDFLARENET, US)

img.shields.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 140.82.121.4 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-4-fra.github.com

github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 140.82.121.5 (United States)

ASN36459 (GITHUB, US)
PTR: lb-140-82-121-5-fra.github.com

api.github.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
29	owasp.org owasp.org — Cisco Umbrella Rank: 177889	627 KB
4	github.com github.com — Cisco Umbrella Rank: 3088 api.github.com — Cisco Umbrella Rank: 5558	14 KB
1	shields.io img.shields.io — Cisco Umbrella Rank: 41809	1 KB
1	github.io buttons.github.io — Cisco Umbrella Rank: 62739	7 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 28	20 KB
36	5

	Domain	Requested by
29	owasp.org	owasp.org
3	github.com	owasp.org
1	api.github.com	buttons.github.io
1	img.shields.io	owasp.org
1	buttons.github.io	owasp.org
1	www.google-analytics.com	owasp.org
36	6

This site contains links to these domains. Also see Links.

Domain
owasporg.atlassian.net
appsec.org.nz
whova.com
www.eventbrite.com
sf.globalappsec.org
dublin.globalappsec.org
members.owasp.org
www.youtube.com
github.com
wiki.owasp.org
twitter.com
www.apache.org
www.rfc-editor.org
tools.ietf.org
cheatsheetseries.owasp.org
en.wikipedia.org
www.chromium.org
developer.mozilla.org
raymii.org
blogs.windows.com
portswigger.net
blogs.msdn.microsoft.com
msdn.microsoft.com
www.w3.org
scotthelme.co.uk
report-uri.io
content-security-policy.com
report-uri.com
csp-evaluator.withgoogle.com
www.adobe.com
danielnixon.org
rorsecurity.info
gf.dev
w3c.github.io
www.chromestatus.com
html.spec.whatwg.org
caniuse.com
web.dev
xsleaks.dev
spectreattack.com
www.scip.ch
resourcepolicy.fyi
fetch.spec.whatwg.org
cwe.mitre.org
datatracker.ietf.org
www.permissionspolicy.com
labs.detectify.com
blog.qualys.com
groups.google.com
bugzilla.mozilla.org
www.virtuesecurity.com
www.veracode.com
zinoui.com
speakerdeck.com
securityheaders.com
observatory.mozilla.org
chrome.google.com
docs.spring.io
docs.nwebsec.com
docs.rs
docs.microsoft.com
www.nginx.com
webtechsurvey.com
www.liferay.com
www.plesk.com
www.php.net
ghostlulz.com
jub0bs.com
cloud.gov
docs.aws.amazon.com
documentation.b2c.commercecloud.salesforce.com
www.blackhillsinfosec.com
www.progress.com
documentation.bloomreach.com
crashtest-security.com
about.gitlab.com
coalfire.com
gitguardian.com
proacksecurity.com
grammarly.com
www.microfocus.com
www.kpmg.com
www.salesforce.com
www.qualys.com
www.ubsecure.jp
www.facebook.com
www.linkedin.com

Subject Issuer	Validity	Valid
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2022-06-04` - `2023-06-03`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-09-12` - `2022-12-05`	3 months	crt.sh
*.github.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-07` - `2023-04-07`	a year	crt.sh
github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-15` - `2023-03-15`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://owasp.org/www-project-secure-headers/
Frame ID: AECF0901DC0FD7851FDA7116E150E5BA
Requests: 36 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

OWASP Secure Headers Project | OWASP Foundation

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

36
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

668 kB
Transfer

1063 kB
Size

0
Cookies

254 Outgoing links

These are links going to different origins than the main page.

URL: https://owasporg.atlassian.net/servicedesk/customer/portal/7/create/70?src=-1419759666
Title: Start a New Project...

Search URL Search Domain Scan URL

URL: https://owasporg.atlassian.net/servicedesk/customer/portal/8/group/20/create/90?src=-1419759666
Title: Start a Local Chapter...

Search URL Search Domain Scan URL

URL: https://appsec.org.nz/conference
Title: OWASP AppSec NZ

Search URL Search Domain Scan URL

URL: https://whova.com/web/S01MAxzRa49H60XWA6U3vkikTxPUTwLpY4t6Ro00Hx0%3D/
Title: OWASP Global AppSec AsiaPac Virtual 2022

Search URL Search Domain Scan URL

URL: https://www.eventbrite.com/e/247416939727
Title: OWASP September Webinar

Search URL Search Domain Scan URL

URL: https://www.eventbrite.com/e/247450760887
Title: OWASP October Webinar

Search URL Search Domain Scan URL

URL: https://sf.globalappsec.org/
Title: OWASP Global AppSec San Francisco 2022

Search URL Search Domain Scan URL

URL: https://dublin.globalappsec.org/
Title: OWASP Global AppSec Dublin 2023

Search URL Search Domain Scan URL

URL: https://members.owasp.org/
Title: Membership Portal

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/OWASPGLOBAL/videos
Title: Video

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml

Search URL Search Domain Scan URL

URL: https://github.com/oshp/oshp-stats
Title: Statistics

Search URL Search Domain Scan URL

URL: https://github.com/oshp/oshp-tracking/issues/2
Title: REST API

Search URL Search Domain Scan URL

URL: https://github.com/oshp/
Title: GitHub organization

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=N4F3VWQYU9E
Title: OWASP Spotlight Youtube playlist

Search URL Search Domain Scan URL

URL: https://www.youtube.com/watch?v=0SNU9clVhKU
Title: Application Security Podcast Youtube playlist

Search URL Search Domain Scan URL

URL: https://wiki.owasp.org/index.php/OWASP_Secure_Headers_Project
Title: old website

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-secure-headers
Title: GitHub OWASP organization

Search URL Search Domain Scan URL

URL: https://github.com/oshp/headers
Title: headers

Search URL Search Domain Scan URL

URL: https://github.com/oshp/headers-ui-container
Title: headers-ui-container

Search URL Search Domain Scan URL

URL: https://github.com/ovh/venom
Title: venom

Search URL Search Domain Scan URL

URL: https://github.com/oshp/oshp-validator
Title: this GitHub project

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-secure-headers/blob/master/monitoring_technical_references_dashboard.md
Title: dashboard

Search URL Search Domain Scan URL

URL: https://github.com/oshp/oshp-tracking/discussions
Title: discussions feature

Search URL Search Domain Scan URL

URL: https://github.com/orgs/oshp/projects/2
Title: project feature

Search URL Search Domain Scan URL

URL: https://github.com/adamaveray
Title: Adam Averay

Search URL Search Domain Scan URL

URL: https://twitter.com/manicode
Title: Jim Manico

Search URL Search Domain Scan URL

URL: https://www.apache.org/licenses/LICENSE-2.0
Title: Apache 2.0 License

Search URL Search Domain Scan URL

URL: https://www.rfc-editor.org/rfc/rfc6797
Title: RFC 6797

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc6797
Title: https://tools.ietf.org/html/rfc6797

Search URL Search Domain Scan URL

URL: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
Title: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Title: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security

Search URL Search Domain Scan URL

URL: https://www.chromium.org/hsts
Title: https://www.chromium.org/hsts

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
Title: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security

Search URL Search Domain Scan URL

URL: https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html
Title: https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html

Search URL Search Domain Scan URL

URL: https://blogs.windows.com/msedgedev/2015/06/09/http-strict-transport-security-comes-to-internet-explorer-11-on-windows-8-1-and-windows-7/
Title: https://blogs.windows.com/msedgedev/2015/06/09/http-strict-transport-security-comes-to-internet-explorer-11-on-windows-8-1-and-windows-7/

Search URL Search Domain Scan URL

URL: https://portswigger.net/web-security/clickjacking
Title: clickjacking

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
Title: frame-ancestors

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc7034
Title: https://tools.ietf.org/html/rfc7034

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01
Title: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/draft-ietf-websec-frame-options-00
Title: https://tools.ietf.org/html/draft-ietf-websec-frame-options-00

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

Search URL Search Domain Scan URL

URL: https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
Title: https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/

Search URL Search Domain Scan URL

URL: https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx
Title: https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx

Search URL Search Domain Scan URL

URL: https://blogs.msdn.microsoft.com/ie/2008/09/02/ie8-security-part-vi-beta-2-update/
Title: https://blogs.msdn.microsoft.com/ie/2008/09/02/ie8-security-part-vi-beta-2-update/

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options

Search URL Search Domain Scan URL

URL: https://www.w3.org/TR/CSP/
Title: https://www.w3.org/TR/CSP/

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/Security/CSP
Title: https://developer.mozilla.org/en-US/docs/Web/Security/CSP

Search URL Search Domain Scan URL

URL: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
Title: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/content-security-policy-an-introduction/
Title: https://scotthelme.co.uk/content-security-policy-an-introduction/

Search URL Search Domain Scan URL

URL: https://report-uri.io/
Title: https://report-uri.io

Search URL Search Domain Scan URL

URL: https://content-security-policy.com/
Title: https://content-security-policy.com

Search URL Search Domain Scan URL

URL: https://report-uri.com/home/generate
Title: https://report-uri.com/home/generate

Search URL Search Domain Scan URL

URL: https://csp-evaluator.withgoogle.com/
Title: https://csp-evaluator.withgoogle.com/

Search URL Search Domain Scan URL

URL: https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html
Title: https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html

Search URL Search Domain Scan URL

URL: https://danielnixon.org/http-security-headers/
Title: https://danielnixon.org/http-security-headers/

Search URL Search Domain Scan URL

URL: https://rorsecurity.info/portfolio/new-http-headers-for-more-security
Title: https://rorsecurity.info/portfolio/new-http-headers-for-more-security

Search URL Search Domain Scan URL

URL: https://github.com/twitter/secureheaders/issues/88
Title: https://github.com/twitter/secureheaders/issues/88

Search URL Search Domain Scan URL

URL: https://gf.dev/cross-domain-policy-test
Title: https://gf.dev/cross-domain-policy-test

Search URL Search Domain Scan URL

URL: https://www.w3.org/TR/referrer-policy/
Title: https://www.w3.org/TR/referrer-policy/

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Clear-Site-Data
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://w3c.github.io/webappsec-clear-site-data/
Title: https://w3c.github.io/webappsec-clear-site-data/

Search URL Search Domain Scan URL

URL: https://www.chromestatus.com/feature/4713262029471744
Title: https://www.chromestatus.com/feature/4713262029471744

Search URL Search Domain Scan URL

URL: https://github.com/w3c/webappsec-clear-site-data
Title: https://github.com/w3c/webappsec-clear-site-data

Search URL Search Domain Scan URL

URL: https://github.com/w3c/webappsec-clear-site-data/tree/master/demo
Title: https://github.com/w3c/webappsec-clear-site-data/tree/master/demo

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Embedder-Policy
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Title: CORS

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)
Title: Cross-Origin-Resource-Policy

Search URL Search Domain Scan URL

URL: https://html.spec.whatwg.org/multipage/origin.html#coep
Title: https://html.spec.whatwg.org/multipage/origin.html#coep

Search URL Search Domain Scan URL

URL: https://caniuse.com/?search=Cross-Origin-Embedder-Policy
Title: https://caniuse.com/?search=Cross-Origin-Embedder-Policy

Search URL Search Domain Scan URL

URL: https://web.dev/coop-coep/
Title: https://web.dev/coop-coep/

Search URL Search Domain Scan URL

URL: https://web.dev/why-coop-coep/
Title: https://web.dev/why-coop-coep/

Search URL Search Domain Scan URL

URL: https://web.dev/cross-origin-isolation-guide/
Title: https://web.dev/cross-origin-isolation-guide/

Search URL Search Domain Scan URL

URL: https://xsleaks.dev/
Title: XS-Leaks

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
Title: https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies

Search URL Search Domain Scan URL

URL: https://github.com/xsleaks/xsleaks
Title: https://github.com/xsleaks/xsleaks

Search URL Search Domain Scan URL

URL: https://portswigger.net/daily-swig/xs-leak
Title: https://portswigger.net/daily-swig/xs-leak

Search URL Search Domain Scan URL

URL: https://portswigger.net/research/xs-leak-detecting-ids-using-portal
Title: https://portswigger.net/research/xs-leak-detecting-ids-using-portal

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Side-channel_attack
Title: side-channel attacks

Search URL Search Domain Scan URL

URL: https://spectreattack.com/
Title: Spectre

Search URL Search Domain Scan URL

URL: https://www.scip.ch/en/?labs.20160414
Title: Cross-Site Script Inclusion (XSSI)

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Resource-Policy
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Glossary/Site
Title: Site

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Glossary/Origin
Title: Origin

Search URL Search Domain Scan URL

URL: https://resourcepolicy.fyi/#corp-and-isolation
Title: CORP header is not specified

Search URL Search Domain Scan URL

URL: https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header
Title: https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header

Search URL Search Domain Scan URL

URL: https://resourcepolicy.fyi/
Title: https://resourcepolicy.fyi/

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/525.html
Title: exposure of information via the cache

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Expires
Title: Expires

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Pragma
Title: Pragma

Search URL Search Domain Scan URL

URL: https://datatracker.ietf.org/doc/html/rfc7234
Title: HTTP caching standards document

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#browser_compatibility
Title: table

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/524.html
Title: https://cwe.mitre.org/data/definitions/524.html

Search URL Search Domain Scan URL

URL: https://portswigger.net/web-security/web-cache-poisoning
Title: https://portswigger.net/web-security/web-cache-poisoning

Search URL Search Domain Scan URL

URL: https://portswigger.net/research/practical-web-cache-poisoning
Title: https://portswigger.net/research/practical-web-cache-poisoning

Search URL Search Domain Scan URL

URL: https://portswigger.net/research/web-cache-entanglement
Title: https://portswigger.net/research/web-cache-entanglement

Search URL Search Domain Scan URL

URL: https://www.chromestatus.com/feature/5745992911552512
Title: Chrome platform status

Search URL Search Domain Scan URL

URL: https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
Title: page

Search URL Search Domain Scan URL

URL: https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md
Title: https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives

Search URL Search Domain Scan URL

URL: https://caniuse.com/permissions-policy
Title: https://caniuse.com/permissions-policy

Search URL Search Domain Scan URL

URL: https://www.w3.org/TR/permissions-policy-1/
Title: https://www.w3.org/TR/permissions-policy-1/

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy

Search URL Search Domain Scan URL

URL: https://www.permissionspolicy.com/
Title: https://www.permissionspolicy.com/

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://w3c.github.io/webappsec-feature-policy/
Title: https://w3c.github.io/webappsec-feature-policy/

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/a-new-security-header-feature-policy/
Title: https://scotthelme.co.uk/a-new-security-header-feature-policy/

Search URL Search Domain Scan URL

URL: https://github.com/w3c/webappsec-feature-policy/blob/master/features.md
Title: https://github.com/w3c/webappsec-feature-policy/blob/master/features.md

Search URL Search Domain Scan URL

URL: https://caniuse.com/feature-policy
Title: https://caniuse.com/feature-policy

Search URL Search Domain Scan URL

URL: https://www.chromestatus.com/feature/5677171733430272
Title: source

Search URL Search Domain Scan URL

URL: https://datatracker.ietf.org/doc/html/rfc9163
Title: Expect-CT Extension for HTTP

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/a-new-security-header-expect-ct/
Title: https://scotthelme.co.uk/a-new-security-header-expect-ct/

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/using-security-features-to-do-bad-things/
Title: HPKP Suicide and Ransom PKP

Search URL Search Domain Scan URL

URL: https://tools.ietf.org/html/rfc7469
Title: https://tools.ietf.org/html/rfc7469

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
Title: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
Title: https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning

Search URL Search Domain Scan URL

URL: https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
Title: https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html

Search URL Search Domain Scan URL

URL: https://labs.detectify.com/2016/07/05/what-hpkp-is-but-isnt/
Title: https://labs.detectify.com/2016/07/05/what-hpkp-is-but-isnt/

Search URL Search Domain Scan URL

URL: https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead
Title: https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/im-giving-up-on-hpkp/
Title: https://scotthelme.co.uk/im-giving-up-on-hpkp/

Search URL Search Domain Scan URL

URL: https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Title: https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ

Search URL Search Domain Scan URL

URL: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Title: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html

Search URL Search Domain Scan URL

URL: https://www.chromestatus.com/feature/5021976655560704
Title: https://www.chromestatus.com/feature/5021976655560704

Search URL Search Domain Scan URL

URL: https://bugzilla.mozilla.org/show_bug.cgi?id=528661
Title: https://bugzilla.mozilla.org/show_bug.cgi?id=528661

Search URL Search Domain Scan URL

URL: https://blogs.windows.com/windowsexperience/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
Title: https://blogs.windows.com/windowsexperience/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/

Search URL Search Domain Scan URL

URL: https://github.com/zaproxy/zaproxy/issues/5849
Title: https://github.com/zaproxy/zaproxy/issues/5849

Search URL Search Domain Scan URL

URL: https://scotthelme.co.uk/security-headers-updates/#removing-the-x-xss-protection-header
Title: https://scotthelme.co.uk/security-headers-updates/#removing-the-x-xss-protection-header

Search URL Search Domain Scan URL

URL: https://portswigger.net/daily-swig/google-chromes-xss-auditor-goes-back-to-filter-mode
Title: https://portswigger.net/daily-swig/google-chromes-xss-auditor-goes-back-to-filter-mode

Search URL Search Domain Scan URL

URL: https://www.virtuesecurity.com/blog/understanding-xss-auditor/
Title: https://www.virtuesecurity.com/blog/understanding-xss-auditor/

Search URL Search Domain Scan URL

URL: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
Title: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers

Search URL Search Domain Scan URL

URL: https://zinoui.com/blog/security-http-headers#x-xss-protection
Title: http://zinoui.com/blog/security-http-headers#x-xss-protection

Search URL Search Domain Scan URL

URL: https://caniuse.com/stricttransportsecurity
Title: https://caniuse.com/stricttransportsecurity

Search URL Search Domain Scan URL

URL: https://caniuse.com/x-frame-options
Title: https://caniuse.com/x-frame-options

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_x-content-type-options
Title: https://caniuse.com/mdn-http_headers_x-content-type-options

Search URL Search Domain Scan URL

URL: https://caniuse.com/?search=content-security-policy
Title: https://caniuse.com/?search=content-security-policy

Search URL Search Domain Scan URL

URL: https://caniuse.com/referrer-policy
Title: https://caniuse.com/referrer-policy

Search URL Search Domain Scan URL

URL: https://caniuse.com/publickeypinning
Title: https://caniuse.com/publickeypinning

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_expect-ct
Title: https://caniuse.com/mdn-http_headers_expect-ct

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_x-xss-protection
Title: https://caniuse.com/mdn-http_headers_x-xss-protection

Search URL Search Domain Scan URL

URL: https://caniuse.com/?search=Clear-Site-Data
Title: https://caniuse.com/?search=Clear-Site-Data

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy
Title: https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_cross-origin-opener-policy
Title: https://caniuse.com/mdn-http_headers_cross-origin-opener-policy

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_cross-origin-resource-policy
Title: https://caniuse.com/mdn-http_headers_cross-origin-resource-policy

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_cache-control
Title: https://caniuse.com/mdn-http_headers_cache-control

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_pragma
Title: https://caniuse.com/mdn-http_headers_pragma

Search URL Search Domain Scan URL

URL: https://speakerdeck.com/righettod/trap-bad-guys-in-your-browser-with-http-security-headers
Title: Trap bad guys in your browser with HTTP security headers

Search URL Search Domain Scan URL

URL: https://github.com/riramar/hsecscan
Title: https://github.com/riramar/hsecscan

Search URL Search Domain Scan URL

URL: https://github.com/rfc-st/humble
Title: https://github.com/rfc-st/humble

Search URL Search Domain Scan URL

URL: https://securityheaders.com/
Title: https://securityheaders.com/

Search URL Search Domain Scan URL

URL: https://observatory.mozilla.org/
Title: https://observatory.mozilla.org/

Search URL Search Domain Scan URL

URL: https://github.com/mozilla/http-observatory/
Title: https://github.com/mozilla/http-observatory/

Search URL Search Domain Scan URL

URL: https://github.com/mozilla/http-observatory-website/
Title: https://github.com/mozilla/http-observatory-website/

Search URL Search Domain Scan URL

URL: https://chrome.google.com/webstore/detail/recx-security-analyser/ljafjhbjenhgcgnikniijchkngljgjda
Title: https://chrome.google.com/webstore/detail/recx-security-analyser/ljafjhbjenhgcgnikniijchkngljgjda

Search URL Search Domain Scan URL

URL: https://github.com/drwetter/testssl.sh
Title: https://github.com/drwetter/testssl.sh

Search URL Search Domain Scan URL

URL: https://github.com/Santandersecurityresearch/DrHeader
Title: https://github.com/Santandersecurityresearch/DrHeader

Search URL Search Domain Scan URL

URL: https://github.com/AmitKulkarni9/API-Security
Title: https://github.com/AmitKulkarni9/API-Security

Search URL Search Domain Scan URL

URL: https://github.com/google/csp-evaluator
Title: https://github.com/google/csp-evaluator

Search URL Search Domain Scan URL

URL: https://docs.spring.io/spring-security/reference/features/exploits/headers.html
Title: https://docs.spring.io/spring-security/reference/features/exploits/headers.html

Search URL Search Domain Scan URL

URL: https://docs.nwebsec.com/
Title: https://docs.nwebsec.com

Search URL Search Domain Scan URL

URL: https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders
Title: https://github.com/andrewlock/NetEscapades.AspNetCore.SecurityHeaders

Search URL Search Domain Scan URL

URL: https://github.com/github/secure_headers
Title: https://github.com/github/secure_headers

Search URL Search Domain Scan URL

URL: https://github.com/aidantwoods/SecureHeaders
Title: https://github.com/aidantwoods/SecureHeaders

Search URL Search Domain Scan URL

URL: https://github.com/bepsvpt/secure-headers
Title: https://github.com/bepsvpt/secure-headers

Search URL Search Domain Scan URL

URL: https://github.com/frodsan/rack-secure_headers
Title: https://github.com/frodsan/rack-secure_headers

Search URL Search Domain Scan URL

URL: https://github.com/helmetjs/helmet
Title: https://github.com/helmetjs/helmet

Search URL Search Domain Scan URL

URL: https://github.com/rwjblue/ember-cli-content-security-policy/
Title: https://github.com/rwjblue/ember-cli-content-security-policy/

Search URL Search Domain Scan URL

URL: https://github.com/nlf/blankie
Title: https://github.com/nlf/blankie

Search URL Search Domain Scan URL

URL: https://github.com/mozilla/django-csp
Title: https://github.com/mozilla/django-csp

Search URL Search Domain Scan URL

URL: https://github.com/sdelements/django-security
Title: https://github.com/sdelements/django-security

Search URL Search Domain Scan URL

URL: https://github.com/TypeError/secure
Title: https://github.com/TypeError/secure

Search URL Search Domain Scan URL

URL: https://github.com/goddtriffin/helmet
Title: https://github.com/goddtriffin/helmet

Search URL Search Domain Scan URL

URL: https://docs.rs/crate/owasp-headers/latest
Title: https://docs.rs/crate/owasp-headers/latest

Search URL Search Domain Scan URL

URL: https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md#appendix-big-changes-since-this-was-called-feature-policy
Title: one

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpprotocol/customheaders/
Title: documentation

Search URL Search Domain Scan URL

URL: https://cwe.mitre.org/data/definitions/200.html
Title: disclosure of technical information

Search URL Search Domain Scan URL

URL: https://www.nginx.com/resources/glossary/reverse-proxy-server/
Title: reverse proxy

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Web_application_firewall
Title: web application firewall

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/server
Title: Server

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/liferay-portal
Title: Liferay-Portal

Search URL Search Domain Scan URL

URL: https://www.liferay.com/
Title: Liferay

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-turbo-charged-by
Title: X-Turbo-Charged-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-powered-by
Title: X-Powered-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-server-powered-by
Title: X-Server-Powered-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-powered-cms
Title: X-Powered-CMS

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Content_management_system
Title: CMS

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/SourceMap
Title: SourceMap

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Tools/Debugger/How_to/Use_a_source_map
Title: source map

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-aspnetmvc-version
Title: X-AspNetMvc-Version

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-aspnet-version
Title: X-AspNet-Version

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-sourcefiles
Title: X-SourceFiles

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-redirect-by
Title: X-Redirect-By

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Title: Wikipedia

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-generator
Title: X-Generator

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-generated-by
Title: X-Generated-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-cms
Title: X-CMS

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-powered-by-plesk
Title: X-Powered-By-Plesk

Search URL Search Domain Scan URL

URL: https://www.plesk.com/
Title: Plesk

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-php-version
Title: X-Php-Version

Search URL Search Domain Scan URL

URL: https://www.php.net/
Title: PHP

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/powered-by
Title: Powered-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-content-encoded-by
Title: X-Content-Encoded-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/product
Title: Product

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-cf-powered-by
Title: X-CF-Powered-By

Search URL Search Domain Scan URL

URL: https://webtechsurvey.com/response-header/x-framework
Title: X-Framework

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Disposition
Title: Content-Disposition

Search URL Search Domain Scan URL

URL: http://ghostlulz.com/xss-svg/
Title: SVG file

Search URL Search Domain Scan URL

URL: https://portswigger.net/web-security/cross-site-scripting/stored
Title: stored cross-site scripting

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Glossary/Forbidden_header_name
Title: forbidden header names

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Glossary/Fetch_metadata_request_header
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://xsleaks.dev/docs/defenses/opt-in/fetch-metadata/
Title: XS-Leaks

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest#directives
Title: here

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/API/Request/mode
Title: mode

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode#directives
Title: here

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Mode
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-User
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site#directives
Title: here

Search URL Search Domain Scan URL

URL: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Site
Title: Mozilla MDN

Search URL Search Domain Scan URL

URL: https://web.dev/same-site-same-origin/
Title: here

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_sec-fetch-dest
Title: https://caniuse.com/mdn-http_headers_sec-fetch-dest

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_sec-fetch-mode
Title: https://caniuse.com/mdn-http_headers_sec-fetch-mode

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_sec-fetch-user
Title: https://caniuse.com/mdn-http_headers_sec-fetch-user

Search URL Search Domain Scan URL

URL: https://caniuse.com/mdn-http_headers_sec-fetch-site
Title: https://caniuse.com/mdn-http_headers_sec-fetch-site

Search URL Search Domain Scan URL

URL: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/#are-site-and-origin-interchangeable
Title: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/#are-site-and-origin-interchangeable

Search URL Search Domain Scan URL

URL: https://portswigger.net/daily-swig/firefox-becomes-latest-browser-to-support-fetch-metadata-request-headers
Title: https://portswigger.net/daily-swig/firefox-becomes-latest-browser-to-support-fetch-metadata-request-headers

Search URL Search Domain Scan URL

URL: https://cloud.gov/docs/management/headers/
Title: Cloud.gov

Search URL Search Domain Scan URL

URL: https://docs.aws.amazon.com/whitepapers/latest/secure-content-delivery-amazon-cloudfront/improving-security-by-enabling-security-specific-headers.html
Title: Amazon AWS

Search URL Search Domain Scan URL

URL: https://documentation.b2c.commercecloud.salesforce.com/DOC1/topic/com.demandware.dochelp/content/b2c_commerce/topics/b2c_security_best_practices/b2c_declarative_security_via_http_headers.html?resultof=%22%68%65%61%64%65%72%73%22%20%22%68%65%61%64%65%72%22%20
Title: Salesforce

Search URL Search Domain Scan URL

URL: https://www.blackhillsinfosec.com/fixing-content-security-policies-with-cloudflare-workers/
Title: Black Hills Information Security

Search URL Search Domain Scan URL

URL: https://www.progress.com/documentation/sitefinity-cms/110/predefined-security-headers-in-http-response
Title: Progress

Search URL Search Domain Scan URL

URL: https://documentation.bloomreach.com/14/library/concepts/security/configure-security-response-headers.html
Title: Bloomreach

Search URL Search Domain Scan URL

URL: https://crashtest-security.com/enable-security-headers/
Title: CrashTest Security

Search URL Search Domain Scan URL

URL: https://github.com/nmap/nmap/blob/master/scripts/http-security-headers.nse
Title: Nmap

Search URL Search Domain Scan URL

URL: https://github.com/OWASP/www-project-secure-headers/blob/master/index.md
Title: Edit on GitHub

Search URL Search Domain Scan URL

URL: https://about.gitlab.com/

Search URL Search Domain Scan URL

URL: http://coalfire.com/

Search URL Search Domain Scan URL

URL: http://gitguardian.com/

Search URL Search Domain Scan URL

URL: https://proacksecurity.com/

Search URL Search Domain Scan URL

URL: http://grammarly.com/security

Search URL Search Domain Scan URL

URL: https://www.microfocus.com/en-us/cyberres/application-security

Search URL Search Domain Scan URL

URL: http://www.kpmg.com/us/cyber

Search URL Search Domain Scan URL

URL: https://www.salesforce.com/

Search URL Search Domain Scan URL

URL: https://www.qualys.com/

Search URL Search Domain Scan URL

URL: https://www.ubsecure.jp/en/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/OWASPFoundation

Search URL Search Domain Scan URL

URL: https://twitter.com/owasp

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/owasp/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/OWASPGLOBAL

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
owasp.org/www-project-secure-headers/ 148 KB
37 KB 284ms
177ms Document
text/html 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901808d90bc8e7715edcf12e86aff6de261beaf70cc6697407dc6042fcd90885

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-origin: *
age: 0
cache-control: max-age=600
cf-cache-status: DYNAMIC
cf-ray: 753255323faf9bb0-FRA
content-encoding: br
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
content-type: text/html; charset=utf-8
date: Sat, 01 Oct 2022 04:07:41 GMT
expires: Sat, 01 Oct 2022 04:17:41 GMT
last-modified: Wed, 28 Sep 2022 12:18:50 GMT
permissions-policy: geolocation=(self)
referrer-policy: same-origin
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 varnish
x-cache: MISS
x-cache-hits: 0
x-content-type-options: nosniff
x-fastly-request-id: a811165abaae6850c9c1176c75301b4babcc5ed7
x-frame-options: SAMEORIGIN
x-github-request-id: A9A0:A114:36BA62:38DFBA:6337BD0D
x-proxy-cache: MISS
x-served-by: cache-fra19179-FRA
x-timer: S1664597261.178428,VS0,VE95

GET
H2 200 js.cookie.js Show response
owasp.org/www--site-theme/assets/js/ 4 KB
3 KB 72ms
71ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/js.cookie.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 4d0763cc9ee20278f34247641e412332e0e72824
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: MISS
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:06:04 GMT
x-served-by: cache-hhn4068-HHN
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: 0808:2AFC:A2897F:A79BB7:6332FB17
x-timer: S1664285463.194005,VS0,VE100
etag: W/"6332f95a-fce"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 75325533792b9bb0-FRA
x-cache-hits: 0

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 199ms
52ms Script
text/javascript 2a00:1450:400d:806::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400d:806::200e , Ireland, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sat, 01 Oct 2022 02:27:31 GMT
last-modified: Sun, 11 Sep 2022 13:50:09 GMT
server: Golfe2
age: 6010
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 19826
expires: Sat, 01 Oct 2022 04:27:31 GMT

GET
H2 200 styles.css
owasp.org/www--site-theme/assets/css/ 127 KB
26 KB 82ms
81ms Stylesheet
text/css 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/css/styles.css

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5b741fe5f6080e1593a351a04b8f376296497f31d0cc30fb42b4f1b12f308341

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 8972ff516812d6cc8947eacf22d701c9c95b47ab
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
cf-polished: origSize=130427
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:07:05 GMT
x-served-by: cache-fra19170-FRA
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:44 GMT
cf-bgj: minify
x-github-request-id: D894:8D56:A6CA3C:ABD787:6332FB17
x-timer: S1664285463.194375,VS0,VE106
server: cloudflare
etag: W/"6332f960-1fd7b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 75325533792e9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 jquery-3.4.1.min.js Show response
owasp.org/www--site-theme/assets/js/ 86 KB
31 KB 68ms
67ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/jquery-3.4.1.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 4190caaffbf9a52451976bf85cbe4ea05570c504
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:06:11 GMT
x-served-by: cache-hhn4064-HHN
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: BB9C:A226:A83FE9:AD60BA:6332FB17
x-timer: S1664285463.209505,VS0,VE104
etag: W/"6332f95a-15851"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7532553379339bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 util.js Show response
owasp.org/www--site-theme/assets/js/ 2 KB
1 KB 79ms
78ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/util.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 11406568396e1e39fe4ce9b9dad42190f2d1e04c
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:06:46 GMT
x-served-by: cache-fra19158-FRA
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: 0810:AA93:B32BF6:B8440F:6332FB17
x-timer: S1664285463.192277,VS0,VE103
etag: W/"6332f95a-89b"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7532553379349bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 yaml.min.js Show response
owasp.org/www--site-theme/assets/js/ 42 KB
11 KB 70ms
69ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/yaml.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 21b531a05172431b46662e889f010cae74294c89
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: MISS
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 03:59:33 GMT
x-served-by: cache-hhn4054-HHN
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: 0804:111B:A69A11:ABAEAE:6332FB17
x-timer: S1664285463.196975,VS0,VE94
etag: W/"6332f95a-a944"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7532553379359bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 luxon.min.js Show response
owasp.org/www--site-theme/assets/js/ 68 KB
21 KB 104ms
104ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/luxon.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 89e2145a92019b7fbe46c389be4fa1f0b28b589e
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: MISS
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:05:45 GMT
x-served-by: cache-hhn4073-HHN
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: 081F:2AFC:A209EF:A7190E:6332FA19
x-timer: S1664285209.195345,VS0,VE108
etag: W/"6332f95a-111e3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7532553379379bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 kjua.min.js Show response
owasp.org/www--site-theme/assets/js/ 28 KB
11 KB 74ms
73ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/js/kjua.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: d2ac4fbc235a01d8cddbff84f639fd9cc8a7bb7b
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: MISS
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:10:54 GMT
x-served-by: cache-fra19141-FRA
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: 0805:D637:A26244:A768E6:6332FB17
x-timer: S1664285463.198712,VS0,VE94
etag: W/"6332f95a-6f0d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
cf-ray: 7532553379389bb0-FRA
x-cache-hits: 0

GET
H2 200 buttons.js Show response
buttons.github.io/ 20 KB
7 KB 131ms
41ms Script
application/javascript 2606:50c0:8003::153
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons.github.io/buttons.js
Requested by: Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:50c0:8003::153 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: GitHub.com /
Resource Hash: 898161741c152b0b73f4f58253bfab2242fb56e975e863c8e32f09b5a9c34dc1

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 55e8618414b5532ac818c1cc1f765c7e1150e07f
date: Sat, 01 Oct 2022 04:07:41 GMT
content-encoding: gzip
via: 1.1 varnish
x-cache-hits: 4
age: 474
x-cache: HIT
x-proxy-cache: HIT
content-length: 6868
x-served-by: cache-fra19144-FRA
last-modified: Wed, 28 Sep 2022 15:41:39 GMT
server: GitHub.com
x-github-request-id: F99E:A226:13CA788:1465984:63346B48
x-timer: S1664597262.578051,VS0,VE1
etag: W/"63346b33-4e11"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: interest-cohort=()
accept-ranges: bytes
x-origin-cache: HIT
expires: Wed, 28 Sep 2022 15:51:58 GMT

GET
H2 200 logo.png
owasp.org/assets/images/ 11 KB
13 KB 55ms
54ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/logo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: e8ef09abe5230cd5a4516de0e81f5a83d4bc0910
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 407
x-cache: HIT
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:00:43 GMT
content-length: 11091
x-served-by: cache-hhn4041-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:05 GMT
server: cloudflare
x-github-request-id: 901A:84BF:32CBCC:34E2CD:6337B913
x-timer: S1664596855.994315,VS0,VE1
etag: "6337b875-2b53"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 753255344a0e9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 owasp-lab-yellow.svg
img.shields.io/badge/ 1 KB
1 KB 132ms
44ms Image
image/svg+xml 2606:4700:3035::6815:30f1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://img.shields.io/badge/owasp-lab-yellow.svg
Requested by: Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3035::6815:30f1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e7b304732ddf3f6625a82d4ff8c3c5544ba390cd3f73486890f65d09b0409384

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 04:07:41 GMT
via: 2 fly.io
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age: 48812
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified: Fri, 30 Sep 2022 12:12:27 GMT
fly-request-id: 01GE7D3B5EF36FHR9DYXGNV9N4-fra
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jPxd5BzzsIipGTi74UWb8LpXSnojVrm8UrVLLmbuNv0WVYbRyb%2BYNMAJBTvwqF%2FTyDgIVer6ABWsmQ3mhOaThxxlKkGz3vJKsABnbNuWDVcbNLd72t%2FKZ4UdZNi55I0yKSlWm5O3JNeBxEhULQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: image/svg+xml;charset=utf-8
access-control-allow-origin: *
cache-control: max-age=86400, s-maxage=86400
cf-ray: 75325534df809c0a-FRA

GET
H2 200 badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml/ 2 KB
4 KB 339ms
253ms Image
image/svg+xml 140.82.121.4
GITHUB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml/badge.svg?branch=master

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.4 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-4-fra.github.com

Software

GitHub.com /

Resource Hash

3e3351cf49f3196ee3eb5bef6fe234e98077f6b447419ee6d102a75db75ec2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events .actions.githubusercontent.com wss://.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1004
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
x-github-request-id: A84C:D71A:B2BD78:B99F13:6337BD0D
etag: W/"3e3351cf49f3196ee3eb5bef6fe234e9"
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: image/svg+xml; charset=utf-8
cache-control: max-age=300, private
accept-ranges: bytes

GET
H2 200 badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml/ 2 KB
4 KB 354ms
268ms Image
image/svg+xml 140.82.121.4
GITHUB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml/badge.svg?branch=master

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.4 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-4-fra.github.com

Software

GitHub.com /

Resource Hash

78834b11897ddc090a4776c6a4a63d3edbe6eeb999ff10685834b3c14432d65f

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events .actions.githubusercontent.com wss://.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1000
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
x-github-request-id: A84C:D71A:B2BD78:B99F14:6337BD0D
etag: W/"78834b11897ddc090a4776c6a4a63d3e"
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: image/svg+xml; charset=utf-8
cache-control: max-age=300, private
accept-ranges: bytes

GET
H2 200 badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/ 2 KB
4 KB 316ms
230ms Image
image/svg+xml 140.82.121.4
GITHUB

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/badge.svg?branch=master

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.4 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-4-fra.github.com

Software

GitHub.com /

Resource Hash

03448ffc9e3b2aa76851f9487a804e6d540300ccbd5721af9876ece77f214cae

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events .actions.githubusercontent.com wss://.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'; base-uri 'self'; block-all-mixed-content; child-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com objects-origin.githubusercontent.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com cdn.optimizely.com logx.optimizely.com/v1/events *.actions.githubusercontent.com wss://*.actions.githubusercontent.com online.visualstudio.com/api/v1/locations github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: github.githubassets.com identicons.github.com github-cloud.s3.amazonaws.com secured-user-images.githubusercontent.com/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; worker-src github.com/assets-cdn/worker/ gist.github.com/assets-cdn/worker/
content-encoding: gzip
content-length: 1012
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
server: GitHub.com
x-github-request-id: A84C:D71A:B2BD78:B99F15:6337BD0D
etag: W/"03448ffc9e3b2aa76851f9487a804e6d"
expect-ct: max-age=2592000, report-uri="https://api.github.com/_private/browser/errors"
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: image/svg+xml; charset=utf-8
cache-control: max-age=300, private
accept-ranges: bytes

GET
H2 200 email-decode.min.js Show response
owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ 1 KB
840 B 40ms
40ms Script
application/javascript 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 04:07:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 26 Sep 2022 11:11:52 GMT
server: cloudflare
etag: W/"633188f8-4d7"
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/javascript
cache-control: max-age=172800, public
cf-ray: 7532553429fb9bb0-FRA
expires: Mon, 03 Oct 2022 04:07:41 GMT

GET
H2 200 fa-solid-900.woff2
owasp.org/assets/fontawesome/ 74 KB
74 KB 54ms
53ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/fontawesome/fa-solid-900.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: be1632d52469b863e55a6ab17129b9d7e5068365
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 406
x-cache: HIT
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:00:27 GMT
content-length: 75440
x-served-by: cache-fra19179-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:05 GMT
server: cloudflare
x-github-request-id: 0828:199D:31DD4A:33F731:6337B903
x-timer: S1664596855.149745,VS0,VE84
etag: "6337b875-126b0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 753255344a189bb0-FRA
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 ubuntu-regular.woff2
owasp.org/assets/font/ 29 KB
29 KB 56ms
56ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/font/ubuntu-regular.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: bec088c5f69867bffc69801a421305ac9896c5c2
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 406
x-cache: HIT
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:00:43 GMT
content-length: 29476
x-served-by: cache-fra19157-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:05 GMT
server: cloudflare
x-github-request-id: 0813:199D:31DF91:33F9B4:6337B913
x-timer: S1664596855.165106,VS0,VE1
etag: "6337b875-7324"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 753255344a199bb0-FRA
x-origin-cache: HIT
x-cache-hits: 2

GET
H2 200 ubuntu-medium.woff2
owasp.org/assets/font/ 28 KB
30 KB 56ms
54ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/font/ubuntu-medium.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 39d52e985b2761f42f07dce2dc412f7eebeb2341
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 406
x-cache: HIT
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:04:44 GMT
content-length: 28576
x-served-by: cache-hhn4027-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:05 GMT
server: cloudflare
x-github-request-id: A340:B584:346D49:368A6F:6337BA41
x-timer: S1664596855.247889,VS0,VE2
etag: "6337b875-6fa0"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 753255349a8a9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 fa-brands-400.woff2
owasp.org/assets/fontawesome/ 73 KB
73 KB 58ms
56ms Font
font/woff2 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/fontawesome/fa-brands-400.woff2

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/css/styles.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://owasp.org/www--site-theme/assets/css/styles.css
Origin: https://owasp.org
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: ddde0d3de6509fa329379fbfc6899db260249ab2
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 406
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:10:55 GMT
content-length: 74508
x-served-by: cache-fra19134-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:05 GMT
server: cloudflare
x-github-request-id: 6C5A:56D1:3443A2:366016:6337BB77
x-timer: S1664596855.256630,VS0,VE96
etag: "6337b875-1230c"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: font/woff2
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 753255349a8b9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 banner-data.yml Show response
owasp.org/www-project-secure-headers/assets/sitedata/ 734 B
2 KB 170ms
170ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-secure-headers/assets/sitedata/banner-data.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 611ed273c3b04c26129403b5d558e1f1025a516f
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 0
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:17:41 GMT
x-served-by: cache-fra19169-FRA
referrer-policy: same-origin
last-modified: Wed, 28 Sep 2022 12:18:46 GMT
server: cloudflare
x-github-request-id: 082F:5BF1:3560DB:378433:6337BD0D
x-timer: S1664597262.565356,VS0,VE101
etag: W/"63343ba6-2de"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 753255349a919bb0-FRA
x-cache-hits: 0

GET
H2 200 popup-data.yml Show response
owasp.org/www-project-secure-headers/assets/sitedata/ 1 KB
2 KB 157ms
156ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www-project-secure-headers/assets/sitedata/popup-data.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: eb9d70673901f2d445d1451f9efa6fd3bf41b5cc
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 0
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:17:41 GMT
x-served-by: cache-fra19179-FRA
referrer-policy: same-origin
last-modified: Wed, 28 Sep 2022 12:18:46 GMT
server: cloudflare
x-github-request-id: 082E:A511:3583F2:37AA2B:6337BD0D
x-timer: S1664597262.737222,VS0,VE102
etag: W/"63343ba6-539"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 75325535cbd59bb0-FRA
x-cache-hits: 0

GET
H2 200 menus.json Show response
owasp.org/www--site-theme/assets/sitedata/ 6 KB
3 KB 60ms
59ms XHR
application/json 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/www--site-theme/assets/sitedata/menus.json

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/jquery-3.4.1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c1d1cb2d38cc8407900c7fb68f95f29c18f1dea83d8b4b6ca409c18909cd426c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://owasp.org/www-project-secure-headers/
X-Requested-With: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 6f2fab4172a4054e3daa00ff4467fdcae43c499a
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 9
x-cache: HIT
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:15:18 GMT
x-served-by: cache-hhn4038-HHN
referrer-policy: same-origin
last-modified: Tue, 27 Sep 2022 13:23:38 GMT
server: cloudflare
x-github-request-id: B3CA:D086:3489F0:36ACD8:6337BC9D
x-timer: S1664597262.901408,VS0,VE1
etag: W/"6332f95a-16ac"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 75325536cccf9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 events.yml Show response
owasp.org/assets/sitedata/ 3 KB
3 KB 55ms
55ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/sitedata/events.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3f1503362ca1a657a09ad0f0507a7119dfa48ffcc9bca34b911534bef3a3f5e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 24e5dccbc4897530ca8ea04e750a61bd9c44742d
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 9
x-cache: HIT
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:04:51 GMT
x-served-by: cache-hhn4043-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 0805:CA6C:359284:37B7B1:6337BD05
x-timer: S1664597262.899463,VS0,VE1
etag: W/"6337b872-b9d"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 75325536ccd09bb0-FRA
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 corp_members.yml Show response
owasp.org/assets/sitedata/ 104 KB
104 KB 65ms
64ms XHR
text/yaml 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://owasp.org/assets/sitedata/corp_members.yml

Requested by

Host: owasp.org
URL: https://owasp.org/www--site-theme/assets/js/yaml.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7be903edafc2fca82e32b2a96c222f0354336f85aa68647b01d2a913fd68dec3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: c96a92964b1911f1bbfee1faa446b8cdde05b9f7
date: Sat, 01 Oct 2022 04:07:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 8
x-cache: HIT
x-proxy-cache: HIT
expires: Sat, 01 Oct 2022 04:15:19 GMT
x-served-by: cache-hhn4043-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 0808:B6A8:34696B:368DA6:6337BC9D
x-timer: S1664597262.965390,VS0,VE2
etag: W/"6337b872-19e77"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/yaml
access-control-allow-origin: *
cache-control: max-age=600
permissions-policy: geolocation=(self)
cf-ray: 753255372d449bb0-FRA
x-origin-cache: HIT
x-cache-hits: 1

GET
H2 200 gitlab.png
owasp.org/assets/images/corp-member-logo/ 16 KB
17 KB 169ms
166ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/gitlab.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6ee3ab9e8a475b94af29eadf5e1d255d12c9e6fdd463fcade3fe2cc76b7d3491

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: fbcd0f8490de065c2f68bf56565f9a47bbf28014
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sat, 01 Oct 2022 04:17:42 GMT
content-length: 16618
x-served-by: cache-fra19133-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 0846:D086:349E16:36C26D:6337BD0E
x-timer: S1664597262.075213,VS0,VE91
etag: "6337b872-40ea"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537cdf99bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 Coalfire.png
owasp.org/assets/images/corp-member-logo/ 8 KB
8 KB 58ms
55ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/Coalfire.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ea7b775f0f003a40ed003d5f8a9c125a9baf76d3738ccf3046f46579fce1cca4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 0a672a648a572b0b2a84b045614aef7713ed0d44
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 405
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:10:57 GMT
content-length: 8113
x-served-by: cache-hhn4021-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 29DA:6C01:32CBD5:34E94A:6337BB79
x-timer: S1664596857.105046,VS0,VE103
etag: "6337b872-1fb1"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537cdfc9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 GitGuardian_Logo_Vertical.png
owasp.org/assets/images/corp-member-logo/ 26 KB
27 KB 188ms
186ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/GitGuardian_Logo_Vertical.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c5a828d372761288a94a939ff36a93328ced615fa040d55af6805242649e01f0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: fd51ae0bc7620dcf2c6bf866508cf45682cfaf9e
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sat, 01 Oct 2022 04:17:42 GMT
content-length: 27067
x-served-by: cache-fra19177-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: C038:B6A8:347F7A:36A516:6337BD0E
x-timer: S1664597262.073112,VS0,VE95
etag: "6337b872-69bb"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537cdfd9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 proack_logo_main_rgb_72dpi.png
owasp.org/assets/images/corp-member-logo/ 16 KB
16 KB 165ms
163ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/proack_logo_main_rgb_72dpi.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b58b9cbeb9cf337f96ed8bf5fcfccd9d99dcd1140e07685616526ede8979e73d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: c84d04ed7c19de235e1b53c4350e7b4c2c0e2e6a
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sat, 01 Oct 2022 04:17:42 GMT
content-length: 15923
x-served-by: cache-hhn4064-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 0812:B6A8:347F7A:36A515:6337BD0E
x-timer: S1664597262.068128,VS0,VE99
etag: "6337b872-3e33"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce009bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 GrammarlyLogo.png
owasp.org/assets/images/corp-member-logo/ 35 KB
35 KB 161ms
159ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/GrammarlyLogo.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7d515c0862c758debefe4dfbae52305d10a9c253035c12ae1e9904a943bb4233

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 1950d8262c3a9d7ce5d20c0bdd16086870d12fba
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: HIT
x-cache: MISS
expires: Sat, 01 Oct 2022 04:15:49 GMT
content-length: 35528
x-served-by: cache-hhn4032-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 0806:7D5B:3611CC:3833CB:6337BD0E
x-timer: S1664597262.071528,VS0,VE94
etag: "6337b872-8ac8"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce029bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 fortify_logo_owasp.png
owasp.org/assets/images/corp-member-logo/ 7 KB
7 KB 61ms
59ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/fortify_logo_owasp.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c4f4ae1fa5555d51d8232941c6b752dc461e3874c40fe9918efb1efff15cf2a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 8c1c7bdb8756301e4ac788f6f7189492fa66728b
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 375
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:11:27 GMT
content-length: 6728
x-served-by: cache-hhn4023-HHN
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 080C:D086:345655:367623:6337BB97
x-timer: S1664596887.247896,VS0,VE99
etag: "6337b872-1a48"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce049bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 KPMG_Logo.jpeg
owasp.org/assets/images/corp-member-logo/ 7 KB
9 KB 178ms
177ms Image
image/jpeg 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/KPMG_Logo.jpeg

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9b27f88df0096830f8202207b01da2f55e7aa8a221afac11c125705fd2b130ec

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: a6e21b90e0afe9639f8a5095bd830897c69d0200
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: REVALIDATED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sat, 01 Oct 2022 04:17:42 GMT
content-length: 7056
x-served-by: cache-fra19133-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
cf-bgj: h2pri
x-github-request-id: 080E:100B1:338324:359730:6337B941
x-timer: S1664596289.248737,VS0,VE90
server: cloudflare
etag: "6337b872-1b90"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/jpeg
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce069bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 salesforce.png
owasp.org/assets/images/corp-member-logo/ 6 KB
8 KB 58ms
56ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/salesforce.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

889850c939bd8424253a67211f9eda5d2939ca0126d93814bd904e0dc09538a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: 9ba52b6e9cda3deed86d4354edf480de10aac1f7
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: HIT
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
age: 375
x-cache: MISS
x-proxy-cache: MISS
expires: Sat, 01 Oct 2022 04:11:27 GMT
content-length: 6446
x-served-by: cache-fra19128-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: E23A:199D:324AEB:346CFB:6337BB97
x-timer: S1664596887.239037,VS0,VE94
etag: "6337b872-192e"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce079bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 qualys.png
owasp.org/assets/images/corp-member-logo/ 18 KB
18 KB 179ms
178ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/qualys.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b99660d51cd8a2850bf72971ae1547abc4a30991c6d50d0eeee18631b47fbc87

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: c45079a33480f44d0f20fd1dfb76edd857db9707
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sat, 01 Oct 2022 04:17:42 GMT
content-length: 17920
x-served-by: cache-fra19143-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 0820:B584:34F7CF:371DC6:6337BD0E
x-timer: S1664597262.070177,VS0,VE104
etag: "6337b872-4600"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce099bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 ub-secure.png
owasp.org/assets/images/corp-member-logo/ 7 KB
8 KB 162ms
161ms Image
image/png 2606:4700:10::ac43:a27
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://owasp.org/assets/images/corp-member-logo/ub-secure.png

Requested by

Host: owasp.org
URL: https://owasp.org/www-project-secure-headers/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::ac43:a27 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0e9fa8a99754184ca80fd32d5220a592f1f82092b8ffc46015f598cc1b7058ee

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://owasp.org/www-project-secure-headers/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

x-fastly-request-id: aab64e9e4977455cf77d7f81a5a098306b04171c
date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 varnish
cf-cache-status: EXPIRED
x-content-type-options: nosniff
content-security-policy: default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com
x-proxy-cache: MISS
x-cache: MISS
expires: Sat, 01 Oct 2022 04:17:42 GMT
content-length: 6819
x-served-by: cache-fra19179-FRA
referrer-policy: same-origin
last-modified: Sat, 01 Oct 2022 03:48:02 GMT
server: cloudflare
x-github-request-id: 40AA:6C01:33142A:353689:6337BD0E
x-timer: S1664597262.071775,VS0,VE94
etag: "6337b872-1aa3"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: image/png
access-control-allow-origin: *
cache-control: max-age=14400
permissions-policy: geolocation=(self)
accept-ranges: bytes
cf-ray: 75325537ce0a9bb0-FRA
x-origin-cache: HIT
x-cache-hits: 0

GET
H2 200 www-project-secure-headers Show response
api.github.com/repos/owasp/ 7 KB
3 KB 274ms
188ms XHR
application/json 140.82.121.5
GITHUB

General

Check archive.org

Show headers Download Go to

Full URL

https://api.github.com/repos/owasp/www-project-secure-headers

Requested by

Host: buttons.github.io
URL: https://buttons.github.io/buttons.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

140.82.121.5 , United States, ASN36459 (GITHUB, US),

Reverse DNS

lb-140-82-121-5-fra.github.com

Software

GitHub.com /

Resource Hash

2dacea04efc7fe966dee2876314784878d4fee036dde51464ff843d316c43dfd

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	deny
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.61 Safari/537.36

Response headers

date: Sat, 01 Oct 2022 04:07:42 GMT
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-content-type-options: nosniff
content-security-policy: default-src 'none'
content-encoding: gzip
x-ratelimit-used: 1
x-github-media-type: github.v3; format=json
content-length: 1492
x-xss-protection: 0
referrer-policy: origin-when-cross-origin, strict-origin-when-cross-origin
last-modified: Thu, 15 Sep 2022 13:30:36 GMT
server: GitHub.com
x-github-request-id: AE48:161C:1F0958F:1F85E55:6337BD0E
etag: W/"5ad6824286021f87d8dae0c63126506ba3d6c2d73fa74d3892db71014f7a3b1e"
vary: Accept, Accept-Encoding, Accept, X-Requested-With
x-frame-options: deny
content-type: application/json; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset
cache-control: public, max-age=60, s-maxage=60
x-ratelimit-resource: core
x-ratelimit-reset: 1664600862
x-ratelimit-limit: 60
accept-ranges: bytes
x-ratelimit-remaining: 59

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' https://api.github.com https://.githubusercontent.com https://.google-analytics.com https://owaspadmin.azurewebsites.net https://.twimg.com https://platform.twitter.com https://www.youtube.com https://.doubleclick.net; frame-ancestors 'self'; frame-src https://.vuejs.org https://.stripe.com https://.wufoo.com https://.sched.com https://.google.com https://.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://.vuejs.org https://.stripe.com https://.wufoo.com https://.youtube.com https://.meetup.com https://.sched.com https://.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://.gstatic.com https://.twitter.com https://.twimg.com; style-src 'self' 'unsafe-inline' https://.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://.twitter.com https://github.githubassets.com https://.twimg.com https://platform.twitter.com https://.githubusercontent.com https://.vercel.app https://.cloudfront.net https://.coreinfrastructure.org https://.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://.googleapis.com https://.google.com https://*.gstatic.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.github.com
buttons.github.io
github.com
img.shields.io
owasp.org
www.google-analytics.com
140.82.121.4
140.82.121.5
2606:4700:10::ac43:a27
2606:4700:3035::6815:30f1
2606:50c0:8003::153
2a00:1450:400d:806::200e
03448ffc9e3b2aa76851f9487a804e6d540300ccbd5721af9876ece77f214cae
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0e9fa8a99754184ca80fd32d5220a592f1f82092b8ffc46015f598cc1b7058ee
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
2dacea04efc7fe966dee2876314784878d4fee036dde51464ff843d316c43dfd
357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298
3c4f4ae1fa5555d51d8232941c6b752dc461e3874c40fe9918efb1efff15cf2a
3e3351cf49f3196ee3eb5bef6fe234e98077f6b447419ee6d102a75db75ec2d4
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
5b741fe5f6080e1593a351a04b8f376296497f31d0cc30fb42b4f1b12f308341
6ee3ab9e8a475b94af29eadf5e1d255d12c9e6fdd463fcade3fe2cc76b7d3491
78834b11897ddc090a4776c6a4a63d3edbe6eeb999ff10685834b3c14432d65f
7be903edafc2fca82e32b2a96c222f0354336f85aa68647b01d2a913fd68dec3
7d515c0862c758debefe4dfbae52305d10a9c253035c12ae1e9904a943bb4233
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
889850c939bd8424253a67211f9eda5d2939ca0126d93814bd904e0dc09538a9
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
898161741c152b0b73f4f58253bfab2242fb56e975e863c8e32f09b5a9c34dc1
901808d90bc8e7715edcf12e86aff6de261beaf70cc6697407dc6042fcd90885
9b27f88df0096830f8202207b01da2f55e7aa8a221afac11c125705fd2b130ec
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
b3f1503362ca1a657a09ad0f0507a7119dfa48ffcc9bca34b911534bef3a3f5e
b58b9cbeb9cf337f96ed8bf5fcfccd9d99dcd1140e07685616526ede8979e73d
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
b99660d51cd8a2850bf72971ae1547abc4a30991c6d50d0eeee18631b47fbc87
c1d1cb2d38cc8407900c7fb68f95f29c18f1dea83d8b4b6ca409c18909cd426c
c5a828d372761288a94a939ff36a93328ced615fa040d55af6805242649e01f0
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
e7b304732ddf3f6625a82d4ff8c3c5544ba390cd3f73486890f65d09b0409384
e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5
ea7b775f0f003a40ed003d5f8a9c125a9baf76d3738ccf3046f46579fce1cca4
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce

owasp.org Open in urlscan Pro 2606:4700:10::ac43:a27 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

36 Requests

100 %HTTPS

67 %IPv6

5 Domains

6 Subdomains

6 IPs

2 Countries

668 kBTransfer

1063 kBSize

0 Cookies

254 Outgoing links

Redirected requests

36 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

owasp.org Open in urlscan Pro
2606:4700:10::ac43:a27 Public Scan

Screenshot
Live screenshot

Full Image

36
Requests

100 %
HTTPS

67 %
IPv6

5
Domains

6
Subdomains

6
IPs

2
Countries

668 kB
Transfer

1063 kB
Size

0
Cookies

36 HTTP transactions
0 data transactions