urlscan.io logo urlscan.io
SecurityTrails logo

sts.fbi-365.com Open in urlscan Pro
162.248.195.67  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://fbi-365.com/
Effective URL: https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2...
Submission: On March 13 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 4 HTTP transactions. The main IP is 162.248.195.67, located in Columbus, United States and belongs to DATA-CAVE, US. The main domain is sts.fbi-365.com.
TLS certificate: Issued by AlphaSSL CA - SHA256 - G2 on May 8th 2022. Valid for: a year.
This is the only time sts.fbi-365.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 162.248.195.66 47020 (DATA-CAVE)
4 162.248.195.67 47020 (DATA-CAVE)
4 1
Apex Domain
Subdomains		 Transfer
5 fbi-365.com
fbi-365.com
sts.fbi-365.com
209 KB
4 1
Domain Requested by
4 sts.fbi-365.com sts.fbi-365.com
1 fbi-365.com 1 redirects
4 2

This site contains links to these domains. Also see Links.

Domain
security.fbi-365.com
Subject Issuer Validity Valid
*.fbi-365.com
AlphaSSL CA - SHA256 - G2		 2022-05-08 -
2023-06-09		 a year crt.sh

This page contains 1 frames:

Primary Page: https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Frame ID: 10995ACEF7AB593A3A011D4CA71BC2E7
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Anmelden

Page URL History Show full URLs

  1. https://fbi-365.com/ HTTP 302
    https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redire... Page URL

Page Statistics

4
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

1
IPs

1
Countries

208 kB
Transfer

206 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://fbi-365.com/ HTTP 302
    https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

4 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
sts.fbi-365.com/adfs/oauth2/authorize/
Redirect Chain
  • https://fbi-365.com/
  • https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profi...
24 KB
25 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.248.195.67 Columbus, United States, ASN47020 (DATA-CAVE, US),
Reverse DNS
162.248.195.67.thedatacave.com
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
3ca28d06ef38e53d2616277f8b5b516cd04628b48b902a6f6f197683184dba0e
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache,no-store
Content-Length
24850
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Content-Type
text/html; charset=utf-8
Date
Mon, 13 Mar 2023 08:38:46 GMT
Expires
-1
Pragma
no-cache
Server
Microsoft-HTTPAPI/2.0
Strict-Transport-Security
max-age = 31536000
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block

Redirect headers

date
Mon, 13 Mar 2023 08:38:46 GMT
location
https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
server
Microsoft-IIS/10.0
strict-transport-security
max-age=2592000
x-powered-by
ASP.NET
style.css
sts.fbi-365.com/adfs/portal/css/ 		10 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sts.fbi-365.com/adfs/portal/css/style.css?id=4917CD62D0E678A39DF4FEBFA2CB4B02253D72DE1DAA6E5B175B5C0B1DDE422A
Requested by
Host: sts.fbi-365.com
URL: https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.248.195.67 Columbus, United States, ASN47020 (DATA-CAVE, US),
Reverse DNS
162.248.195.67.thedatacave.com
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
90c728ec7fd600097d8a34199f6c50249511a1cc8e7d464b4d95e78b51e92f28
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
X-Content-Type-Options
nosniff
Date
Mon, 13 Mar 2023 08:38:46 GMT
Server
Microsoft-HTTPAPI/2.0
ETag
4917CD62D0E678A39DF4FEBFA2CB4B02253D72DE1DAA6E5B175B5C0B1DDE422A
Content-Type
text/css
Content-Length
10479
X-XSS-Protection
1; mode=block
Expires
Wed, 12 Apr 2023 08:38:47 GMT
logo.jpg
sts.fbi-365.com/adfs/portal/logo/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.fbi-365.com/adfs/portal/logo/logo.jpg?id=676EE538C624DB2A5C37962BB331ED761B10D424C79C021C42FA484907D66318
Requested by
Host: sts.fbi-365.com
URL: https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.248.195.67 Columbus, United States, ASN47020 (DATA-CAVE, US),
Reverse DNS
162.248.195.67.thedatacave.com
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
676ee538c624db2a5c37962bb331ed761b10d424c79c021c42fa484907d66318
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
X-Content-Type-Options
nosniff
Date
Mon, 13 Mar 2023 08:38:46 GMT
Server
Microsoft-HTTPAPI/2.0
ETag
676EE538C624DB2A5C37962BB331ED761B10D424C79C021C42FA484907D66318
Content-Type
image/jpeg
Content-Length
20855
X-XSS-Protection
1; mode=block
Expires
Wed, 12 Apr 2023 08:38:47 GMT
illustration.jpg
sts.fbi-365.com/adfs/portal/illustration/ 		151 KB
151 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sts.fbi-365.com/adfs/portal/illustration/illustration.jpg?id=58852333F1E3B542BCA7649EE78C3942F8027D7B2587F84144DD5FCFA25CBD55
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.248.195.67 Columbus, United States, ASN47020 (DATA-CAVE, US),
Reverse DNS
162.248.195.67.thedatacave.com
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
58852333f1e3b542bca7649ee78c3942f8027d7b2587f84144dd5fcfa25cbd55
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://sts.fbi-365.com/adfs/oauth2/authorize/?client_id=2c31874d-aab2-4fa0-a1d5-7422f3226706&redirect_uri=https%3A%2F%2Ffbi-365.com%2Fsignin-oidc&response_type=code%20id_token&scope=openid%20profile%20email%20offline&response_mode=form_post&nonce=638142935260296179.MGI0MTdhMGItY2JhYy00ZmYxLThjZWItMzExZWY0NWMwZjIyZjI4NzY1MmItMGM2Yi00YWY3LWE5MGYtM2E4MWEwMGFmYmM0&state=CfDJ8Hn_d5K8d_FBn3BbYhvePULn3A0G_KXmmaYOajW5dGPaXDwLMtXhK0lHO6dd3GioHbLfheIFlv53X2mwkCyMpjvjuBfkx4-xf27CduaGRYG8F7cApxRG4NspEArBHfI-3oYTZ4KwnVfvpaeHOGkWKGsAnoSPxxlWWHQ0lxopcKc1ZE6sEEzrZ6J0O51nT7oiJ2IbeXaxGTe3xsYkKtFkYUssICueYfpx90SkEsdL5yHlpLV6071otvhS4-1Ew0fk94jB_sINS_3ik6_9FoIOt0yyWGX6Iavvojt_TKfCNb9q&x-client-SKU=ID_NETSTANDARD2_0&x-client-ver=5.5.0.0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.64 Safari/537.36

Response headers

Strict-Transport-Security
max-age = 31536000
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
X-Content-Type-Options
nosniff
Date
Mon, 13 Mar 2023 08:38:46 GMT
Server
Microsoft-HTTPAPI/2.0
ETag
58852333F1E3B542BCA7649EE78C3942F8027D7B2587F84144DD5FCFA25CBD55
Content-Type
image/jpeg
Content-Length
154511
X-XSS-Protection
1; mode=block
Expires
Wed, 12 Apr 2023 08:38:47 GMT

Verdicts & Comments Add Verdict or Comment

12 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless function| LoginErrors number| maxPasswordLength function| InputUtil function| SelectOption function| Login undefined| emails undefined| msViewportStyle undefined| viewport function| getStyle function| computeLoadIllustration function| SetIllustrationImage

2 Cookies

Domain/Path Name / Value
fbi-365.com/signin-oidc Name: .AspNetCore.OpenIdConnect.Nonce.CfDJ8Hn_d5K8d_FBn3BbYhvePUJW9GCeM1CrjIkRosBy88xZfI1qRcyGS0lXgvFkifLAZiLaqaHvc8tivCmGU4EtHCG8R0_VLOYjMHeqNSeUoGBUkgkFG629DyTuumNXc8AV6lCDzweUNOAtN6ZRY8Qz6wvKYRiki6op6a8MJ7GR0n-m87j_zg-4Erp03K-fIJfmALLSx1_ZzCir6Qp1fs8XS9nhtDruG5Q8n54sRtDtwsB8R2diV2CggjuvDFdMRMyhExV1kI4EmwyeszK8NNRzoSo
Value: N
fbi-365.com/signin-oidc Name: .AspNetCore.Correlation.OpenIdConnect.0ffDJ0Is7B5dw-zw-dBhfDjzNRuaqus3OusxeodVauQ
Value: N

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:;
Strict-Transport-Security max-age = 31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block