Submitted URL: https://workbench.homedepot.com/home/ms-authenticator
Effective URL: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response...
Submission: On August 28 via manual from MX — Scanned from DE

Summary

This website contacted 1 IPs in 2 countries across 1 domains to perform 7 HTTP transactions. The main IP is 207.11.31.177, located in United States and belongs to HOMEDEPOTNET, US. The main domain is identity.homedepot.com. The Cisco Umbrella rank of the primary domain is 191506.
TLS certificate: Issued by Entrust Certification Authority - L1K on September 6th 2022. Valid for: a year.
This is the only time identity.homedepot.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 2a02:26f0:e60... 20940 (AKAMAI-ASN1)
7 207.11.31.177 10967 (HOMEDEPOTNET)
7 1
Apex Domain
Subdomains
Transfer
9 homedepot.com
workbench.homedepot.com
identity.homedepot.com — Cisco Umbrella Rank: 191506
481 KB
7 1
Domain Requested by
7 identity.homedepot.com identity.homedepot.com
2 workbench.homedepot.com 2 redirects
7 2

This site contains no links.

Subject Issuer Validity Valid
identity.homedepot.com
Entrust Certification Authority - L1K
2022-09-06 -
2023-09-21
a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Frame ID: E7C1184DF8B816121429CF90D751213B
Requests: 7 HTTP requests in this frame

Screenshot

Page Title

THD Identity - THD Account Sign On

Page URL History Show full URLs

  1. https://workbench.homedepot.com/home/ms-authenticator HTTP 302
    https://workbench.homedepot.com/identity/login?next=https%3A%2F%2Fworkbench.extapps.homedepot.com%2Fhome%2Fm... HTTP 302
    https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&s... Page URL

Page Statistics

7
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

1
IPs

2
Countries

480 kB
Transfer

475 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://workbench.homedepot.com/home/ms-authenticator HTTP 302
    https://workbench.homedepot.com/identity/login?next=https%3A%2F%2Fworkbench.extapps.homedepot.com%2Fhome%2Fms-authenticator HTTP 302
    https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request authorization.oauth2
identity.homedepot.com/as/
Redirect Chain
  • https://workbench.homedepot.com/home/ms-authenticator
  • https://workbench.homedepot.com/identity/login?next=https%3A%2F%2Fworkbench.extapps.homedepot.com%2Fhome%2Fms-authenticator
  • https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidenti...
5 KB
6 KB
Document
General
Full URL
https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
be2b90de1f561bd581150a1f856fcbc6dc2ce72d9cab11ef5179b560b021c519
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Connection
Keep-Alive
Content-Length
5465
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Content-Type
text/html;charset=utf-8
Date
Mon, 28 Aug 2023 22:24:37 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Keep-Alive
timeout=10, max=100
Pragma
no-cache
Referrer-Policy
origin
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains;
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

cache-control
max-age=0, no-cache, no-store
content-length
0
date
Mon, 28 Aug 2023 22:24:37 GMT
expires
Mon, 28 Aug 2023 22:24:37 GMT
link
<https://fonts.gstatic.com/s/opensans/v13/MTP_ySUJH_bn48VBG8sNSonF5uFdDttMLvmWuJdhhgs.ttf>;rel="preload";as="font";type="font/ttf";crossorigin,<https://fonts.gstatic.com/s/opensans/v13/cJZKeOuBrn4kERxqtaUH3aCWcynf_cDxXwCLxiixG1c.ttf>;rel="preload";as="font";type="font/ttf";crossorigin <https://fonts.gstatic.com>;rel="preconnect",<https://cdn.quilljs.com>;rel="preconnect",<https://storage.googleapis.com>;rel="preconnect",<https://www.googletagmanager.com>;rel="preconnect",<https://www.google-analytics.com>;rel="preconnect"
location
https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
pragma
no-cache
server-timing
cdn-cache; desc=MISS edge; dur=113 origin; dur=16 ak_p; desc="1693261476955_386904509_1047920536_12913_12927_9_0_255";dur=1
strict-transport-security
max-age=86400
x-vcap-request-id
f98255a4-ffac-4574-6625-833a4de6074e
runtime.js
identity.homedepot.com/assets/thd-identity/scripts/
1 KB
2 KB
Script
General
Full URL
https://identity.homedepot.com/assets/thd-identity/scripts/runtime.js
Requested by
Host: identity.homedepot.com
URL: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
39d9c7792979adf98e35223b86bb2519c8f57cab682e71f4f435ab6a5a7f399e
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identity.homedepot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date
Mon, 28 Aug 2023 22:24:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Last-Modified
Thu, 03 Aug 2023 04:08:04 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=10, max=99
Content-Length
1471
X-XSS-Protection
1; mode=block
core-js.js
identity.homedepot.com/assets/thd-identity/scripts/
153 KB
154 KB
Script
General
Full URL
https://identity.homedepot.com/assets/thd-identity/scripts/core-js.js
Requested by
Host: identity.homedepot.com
URL: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
63c554fb247650b48af05904b9050843f1f6750a12c65ebd1088208b31426208
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identity.homedepot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date
Mon, 28 Aug 2023 22:24:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Last-Modified
Thu, 03 Aug 2023 04:08:42 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=10, max=100
Content-Length
156677
X-XSS-Protection
1; mode=block
login.js
identity.homedepot.com/assets/thd-identity/scripts/
85 KB
86 KB
Script
General
Full URL
https://identity.homedepot.com/assets/thd-identity/scripts/login.js
Requested by
Host: identity.homedepot.com
URL: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
56e423ff5cf12e310014bb75f29f9b62d3ee704c7a28dbc551fdb986b0421f79
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identity.homedepot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date
Mon, 28 Aug 2023 22:24:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Last-Modified
Thu, 03 Aug 2023 04:09:07 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=10, max=100
Content-Length
87072
X-XSS-Protection
1; mode=block
login.css
identity.homedepot.com/assets/thd-identity/css/
199 KB
200 KB
Stylesheet
General
Full URL
https://identity.homedepot.com/assets/thd-identity/css/login.css
Requested by
Host: identity.homedepot.com
URL: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
5195c95d50422264793f261ba52bf65d9c62b3221f0d701a4d0ceca8c25711d6
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identity.homedepot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date
Mon, 28 Aug 2023 22:24:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Last-Modified
Thu, 03 Aug 2023 04:08:01 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=10, max=98
Content-Length
203847
X-XSS-Protection
1; mode=block
thd-logo.svg
identity.homedepot.com/assets/thd-identity/images/
15 KB
15 KB
Image
General
Full URL
https://identity.homedepot.com/assets/thd-identity/images/thd-logo.svg
Requested by
Host: identity.homedepot.com
URL: https://identity.homedepot.com/as/authorization.oauth2?client_id=spiffe%3A%2F%2Fhomedepot.com%2Fworkbench&scope=openid&response_type=code&redirect_uri=https%3A%2F%2Fworkbench.homedepot.com%2Fidentity%2Fcallback&state=718f59ac-e1ec-41a8-8981-ea76e67e595c
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
81812d294295c166da8a663f1c8610713c52292c3abedee1edf33fcbdef699e4
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://identity.homedepot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date
Mon, 28 Aug 2023 22:24:38 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Last-Modified
Thu, 03 Aug 2023 04:07:40 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=10, max=100
Content-Length
14998
X-XSS-Protection
1; mode=block
open-sans-latin-400-normal.woff2
identity.homedepot.com/assets/thd-identity/fonts/
16 KB
17 KB
Font
General
Full URL
https://identity.homedepot.com/assets/thd-identity/fonts/open-sans-latin-400-normal.woff2
Requested by
Host: identity.homedepot.com
URL: https://identity.homedepot.com/assets/thd-identity/css/login.css
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
207.11.31.177 , United States, ASN10967 (HOMEDEPOTNET, US),
Reverse DNS
Software
Apache /
Resource Hash
cce577471c2586f3e0c2518fff84a970d33f61491fb8c629341b86f238cf07c0
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://identity.homedepot.com/
Origin
https://identity.homedepot.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.110 Safari/537.36

Response headers

Date
Mon, 28 Aug 2023 22:24:39 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains;
Referrer-Policy
origin
Content-Security-Policy
script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Last-Modified
Thu, 03 Aug 2023 04:08:45 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff2
Cache-Control
max-age=0, must-revalidate
Connection
Keep-Alive
Keep-Alive
timeout=10, max=97
Content-Length
16692
X-XSS-Protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture object| webpackChunkthd_pingfed_pages function| setImmediate function| clearImmediate function| submitForm

3 Cookies

Domain/Path Name / Value
workbench.homedepot.com/ Name: x-thd-session
Value: MTY5MzI2MTQ3N3w0WU9vY21WNlluWGZRT2E2akV4Yjd2ZEtHUE9oUE1aZDJCd1FXbUhWcmxNQ2ctSlhYRk80MHp6MkdjQkp1VmF1OWEwTThaNDcwT2NfTGhnT0tqeXR6OWNuN1BEb1dHRGFtcWM3Q3BiMVovZ1hOYU1XaTE0enBGQnpMMzRNOFBDSU53M1Z5TGE5SGhleDZEazdwYWc3ZTJidTlyY01UMnJlQ1A0cXZzYVRyZlZ2N2xqU0t0Ujdjd3BXSGpaNFl4Zk18veGqkK15oaplXw0seUJeygnufuZ90IggaZ8bFmJSUZo
.homedepot.com/ Name: AKA_A2
Value: A
.homedepot.com/ Name: PF
Value: 1M4GnssfufAaWd1kU1NTK6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self'; img-src 'self'; style-src 'self'; base-uri 'self'; object-src 'self'; frame-ancestors 'self' https://*.visualforce.com https://*.force.com *.apps.homedepot.com https://*.visual.force.com https://*.homedepot.com ;
Strict-Transport-Security max-age=31536000; includeSubDomains;
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block