urlscan.io logo urlscan.io
SecurityTrails logo

mdtlogin.medtronic.com Open in urlscan Pro
144.15.232.38  Public Scan

Go To Rescan Add Verdict Report
URL: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Submission: On January 19 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 9 HTTP transactions. The main IP is 144.15.232.38, located in United States and belongs to ASN-MEDTRONIC-1, US. The main domain is mdtlogin.medtronic.com. The Cisco Umbrella rank of the primary domain is 145444.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on February 4th 2022. Valid for: a year.
This is the only time mdtlogin.medtronic.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 144.15.232.38 13684 (ASN-MEDTR...)
7 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a00:1450:400... 15169 (GOOGLE)
9 3
Apex Domain
Subdomains		 Transfer
7 minimed.eu
carelink.minimed.eu — Cisco Umbrella Rank: 356595
73 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 35
869 B
1 medtronic.com
mdtlogin.medtronic.com — Cisco Umbrella Rank: 145444
3 KB
9 3
Domain Requested by
7 carelink.minimed.eu mdtlogin.medtronic.com
carelink.minimed.eu
1 fonts.googleapis.com carelink.minimed.eu
1 mdtlogin.medtronic.com
9 3

This site contains no links.

Subject Issuer Validity Valid
mdtsts.medtronic.com
DigiCert SHA2 Secure Server CA		 2022-02-04 -
2023-03-07		 a year crt.sh
carelink.minimed.eu
DigiCert TLS RSA SHA256 2020 CA1		 2022-08-15 -
2023-08-15		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-01-02 -
2023-03-27		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Frame ID: 2A2E328147EDB396958866339ADAC990
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Medtronic Login

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

9
Requests

100 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

77 kB
Transfer

175 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
144.15.232.38 , United States, ASN13684 (ASN-MEDTRONIC-1, US),
Reverse DNS
nd232038.global.medtronic.com
Software
Layer7-API-Gateway /
Resource Hash
c75826c8728093e338df304b649a3a05eead1950469dfda125f6ea908edda909
Security Headers
Name Value
Content-Security-Policy frame-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; default-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; connect-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; script-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu 'unsafe-inline'; img-src * data:; style-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://fonts.googleapis.com https://*.medtronic.eu 'unsafe-inline'; font-src * data:;
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-store
Connection
close
Content-Length
1735
Content-Security-Policy
frame-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; default-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; connect-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; script-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu 'unsafe-inline'; img-src * data:; style-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://fonts.googleapis.com https://*.medtronic.eu 'unsafe-inline'; font-src * data:;
Content-Type
text/html;charset=UTF-8
Date
Thu, 19 Jan 2023 19:25:06 GMT
Pragma
no-cache
Server
Layer7-API-Gateway
X-Content-Type-Options
nosniff
X-XSS-Protection
1
x-ca-err
3001103
look.css
carelink.minimed.eu/assets/sso/ 		9 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://carelink.minimed.eu/assets/sso/look.css
Requested by
Host: mdtlogin.medtronic.com
URL: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
1003b573e7397a50d6721b23cc2f073b8510fa0a75a7f984859da1c28599029c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 19 Jan 2023 19:25:07 GMT
Last-Modified
Tue, 04 Oct 2022 15:34:08 GMT
Akamai-Cache-Status
Hit from child
ETag
"252a-5ea3730e57c00"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public, private, max-age=54408
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2231
X-XSS-Protection
1; mode=block
icon_error.svg
carelink.minimed.eu/assets/img/icons/ 		523 B
788 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://carelink.minimed.eu/assets/img/icons/icon_error.svg
Requested by
Host: mdtlogin.medtronic.com
URL: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
89cb2efb473e740190433ed549c8be24995e27ffef1a5e3a574e57e0f7d665b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 19 Jan 2023 19:25:07 GMT
Last-Modified
Tue, 04 Oct 2022 15:34:08 GMT
Akamai-Cache-Status
Miss from child
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
private, max-age=86371
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
298
X-XSS-Protection
1; mode=block
feel.js
carelink.minimed.eu/assets/sso/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://carelink.minimed.eu/assets/sso/feel.js
Requested by
Host: mdtlogin.medtronic.com
URL: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
29cf65bb215db084590a879f5947de34b0a05e1384d658241415718c21dd4fa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 19 Jan 2023 19:25:07 GMT
Last-Modified
Tue, 04 Oct 2022 15:34:08 GMT
Akamai-Cache-Status
Hit from child
ETag
"448b-5ea3730e57c00"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, private, max-age=54408
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
5019
X-XSS-Protection
1; mode=block
personal.crm.settings
carelink.minimed.eu/patient/configuration/system/ 		117 B
765 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://carelink.minimed.eu/patient/configuration/system/personal.crm.settings
Requested by
Host: carelink.minimed.eu
URL: https://carelink.minimed.eu/assets/sso/feel.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
13c5e8e8742402576314554d118e7281d72e524cf275e4f01636cb8304eb1b15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Thu, 19 Jan 2023 19:25:07 GMT
X-Content-Type-Options
nosniff
Akamai-Cache-Status
Miss from child
Vary
Origin
X-Frame-Options
SAMEORIGIN
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS, HEAD
Access-Control-Allow-Origin
https://mdtlogin.medtronic.com
Content-Type
application/json
Cache-Control
no-cache, no-cache
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
origin, content-type, accept, authorization
Content-Length
117
X-XSS-Protection
1; mode=block
icon
fonts.googleapis.com/ 		569 B
869 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/icon?family=Material+Icons
Requested by
Host: carelink.minimed.eu
URL: https://carelink.minimed.eu/assets/sso/feel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e2f2597386660b972fe84faa90af129a353e7e8f9990df6f3b14d0165468350f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 19 Jan 2023 19:25:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Thu, 19 Jan 2023 19:25:07 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 19 Jan 2023 19:25:07 GMT
en.json
carelink.minimed.eu/crs/ocl/14.7/i18n/ui/sso/ 		5 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://carelink.minimed.eu/crs/ocl/14.7/i18n/ui/sso/en.json
Requested by
Host: carelink.minimed.eu
URL: https://carelink.minimed.eu/assets/sso/feel.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2c5151a467595a7b559c87957e53d7f84e318660a3d4cc5dc028b406f1f09abf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 19 Jan 2023 19:25:07 GMT
Akamai-Cache-Status
Miss from child
Connection
keep-alive
Content-Length
1714
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 07 Nov 2022 10:25:54 GMT
ETag
"13de-5ecded92c3080"
Vary
Origin, Accept-Encoding
X-Frame-Options
SAMEORIGIN
Content-Type
application/json
Access-Control-Allow-Origin
https://mdtlogin.medtronic.com
Cache-Control
no-cache
Accept-Ranges
bytes
Effra_W_Rg.ttf
carelink.minimed.eu/assets/fonts/effra/TTF/ 		141 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://carelink.minimed.eu/assets/fonts/effra/TTF/Effra_W_Rg.ttf
Requested by
Host: mdtlogin.medtronic.com
URL: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
7f1354f878f9e6f499c101d5fce04d35b74f46e6723d27d3f993fcc20d406d2b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://mdtlogin.medtronic.com/
Origin
https://mdtlogin.medtronic.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Date
Thu, 19 Jan 2023 19:25:07 GMT
Akamai-Cache-Status
Hit from child
Transfer-Encoding
chunked
Connection
keep-alive, Transfer-Encoding
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 04 Oct 2022 15:34:07 GMT
ETag
"23328-5ea3730d639c0"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/font-sfnt
Access-Control-Allow-Origin
https://mdtlogin.medtronic.com
Cache-Control
private, max-age=54408
Accept-Ranges
bytes
en-US.json
carelink.minimed.eu/crs/ocl/14.7/i18n/ui/sso/ 		233 B
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://carelink.minimed.eu/crs/ocl/14.7/i18n/ui/sso/en-US.json
Requested by
Host: carelink.minimed.eu
URL: https://carelink.minimed.eu/assets/sso/feel.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:3500:18::1724:a294 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
76b77a8999388d29fdf71c86e38b5e3a8c1d1d1d11117557a08a0c1dec596de9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://mdtlogin.medtronic.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.74 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Date
Thu, 19 Jan 2023 19:25:07 GMT
X-Content-Type-Options
nosniff
Akamai-Cache-Status
Miss from child
Vary
Origin
X-Frame-Options
SAMEORIGIN
Content-Type
text/html; charset=iso-8859-1
Access-Control-Allow-Origin
https://mdtlogin.medtronic.com
Cache-Control
no-cache
Connection
keep-alive
Content-Length
233
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange string| SCRIPT_URL number| PROTOCOL_SLASHES string| SCRIPT_HOST string| SCRIPT_FOLDER string| TRANSLATION_URL function| forOf function| repeat function| findGetParameter string| ICONS_SRC object| ICONS_LINK function| getCountryI18NCode boolean| IS_LOGIN string| countryCode string| languageCode undefined| loginForm undefined| secondsInOneHour function| registerFont function| createEye object| passwords function| Toast string| bodyClass object| resendLink undefined| error undefined| verificationCodeInput undefined| verificationLabel undefined| title undefined| helpLink undefined| resendCode undefined| resendForm undefined| formAction undefined| imgClose undefined| toastNotification undefined| didntGetTipBtn undefined| verificationCodeMask undefined| verificationCodeSubmitTimeout undefined| verificationCodeSubmitTimeoutIndex undefined| verificationCodeForm undefined| verificationCodeInputHidden undefined| actionInputs undefined| isMfaInProgress object| errorBlock object| sessionTimeOut object| divSessionTitle object| CACHE_TRANSLATIONS object| TRANSLATION object| TRANSLATION_FALLBACK function| buildTranslationUrl function| loadTranslations function| translateFetched function| translateTo object| forgotPasswordElement function| showOflineNotification function| getContactUsUrl function| getLocaleQueryParams function| setCookie function| getCookie function| onTranslationsApplied undefined| setVerificationCodeSubmitTimeout

0 Cookies

2 Console Messages

Source Level URL
Text
network error URL: https://mdtlogin.medtronic.com/mmcl/auth/oauth/v2/authorize/login
Message:
Failed to load resource: the server responded with a status of 400 (Bad Request)
network error URL: https://carelink.minimed.eu/crs/ocl/14.7/i18n/ui/sso/en-US.json
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; default-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; connect-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu; script-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://*.medtronic.eu 'unsafe-inline'; img-src * data:; style-src https://*.medtronic.com https://*.minimed.eu https://*.minimed.com:5132 https://*.minimed.com https://fonts.googleapis.com https://*.medtronic.eu 'unsafe-inline'; font-src * data:;
X-Content-Type-Options nosniff
X-Xss-Protection 1