owasp.org
Open in
urlscan Pro
2606:4700:10::6816:1a4d
Public Scan
Submission: On August 18 via api from US — Scanned from DE
Summary
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on May 4th 2023. Valid for: a year.
This is the only time owasp.org was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
31 | 2606:4700:10:... 2606:4700:10::6816:1a4d | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 | 2a00:1450:400... 2a00:1450:4001:828::200e | 15169 (GOOGLE) (GOOGLE) | |
1 | 2606:50c0:800... 2606:50c0:8000::153 | 54113 (FASTLY) (FASTLY) | |
1 | 2606:4700:e4:... 2606:4700:e4::ac40:ae10 | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
3 | 140.82.121.3 140.82.121.3 | 36459 (GITHUB) (GITHUB) | |
1 | 140.82.121.5 140.82.121.5 | 36459 (GITHUB) (GITHUB) | |
38 | 6 |
ASN15169 (GOOGLE, US)
www.google-analytics.com |
ASN36459 (GITHUB, US)
PTR: lb-140-82-121-3-fra.github.com
github.com |
ASN36459 (GITHUB, US)
PTR: lb-140-82-121-5-fra.github.com
api.github.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
31 |
owasp.org
owasp.org — Cisco Umbrella Rank: 150446 |
754 KB |
4 |
github.com
github.com — Cisco Umbrella Rank: 2857 api.github.com — Cisco Umbrella Rank: 4774 |
16 KB |
1 |
shields.io
img.shields.io — Cisco Umbrella Rank: 45362 |
1 KB |
1 |
github.io
buttons.github.io — Cisco Umbrella Rank: 66204 |
7 KB |
1 |
google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 62 |
21 KB |
38 | 5 |
Domain | Requested by | |
---|---|---|
31 | owasp.org |
owasp.org
|
3 | github.com |
owasp.org
|
1 | api.github.com |
buttons.github.io
|
1 | img.shields.io |
owasp.org
|
1 | buttons.github.io |
owasp.org
|
1 | www.google-analytics.com |
owasp.org
|
38 | 6 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
sni.cloudflaressl.com Cloudflare Inc ECC CA-3 |
2023-05-04 - 2024-05-03 |
a year | crt.sh |
*.google-analytics.com GTS CA 1C3 |
2023-07-31 - 2023-10-23 |
3 months | crt.sh |
*.github.io DigiCert TLS RSA SHA256 2020 CA1 |
2023-02-21 - 2024-03-20 |
a year | crt.sh |
shields.io GTS CA 1P5 |
2023-07-07 - 2023-10-05 |
3 months | crt.sh |
github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-14 - 2024-03-14 |
a year | crt.sh |
*.github.com DigiCert TLS Hybrid ECC SHA384 2020 CA1 |
2023-02-16 - 2024-03-15 |
a year | crt.sh |
This page contains 1 frames:
Primary Page:
https://owasp.org/www-project-secure-headers/
Frame ID: 030E221CB15CE03E090E79D7AF715255
Requests: 38 HTTP requests in this frame
Screenshot
Page Title
OWASP Secure Headers Project | OWASP FoundationDetected technologies
Font Awesome (Font Scripts) ExpandDetected patterns
- (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Google Analytics (Analytics) Expand
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery[.-]([\d.]*\d)[^/]*\.js
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
304 Outgoing links
These are links going to different origins than the main page.
Title: Start a New Project...
Search URL Search Domain Scan URL
Title: Start a Local Chapter...
Search URL Search Domain Scan URL
Title: OWASP Global AppSec Singapore 2023
Search URL Search Domain Scan URL
Title: OWASP Global AppSec DC 2023
Search URL Search Domain Scan URL
Title: Membership Portal
Search URL Search Domain Scan URL
Title: Subscribe to our Mailing List
Search URL Search Domain Scan URL
Title: Video
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Tools
Search URL Search Domain Scan URL
Title: Statistics
Search URL Search Domain Scan URL
Title: GitHub organization
Search URL Search Domain Scan URL
Title: OWASP Spotlight Youtube playlists
Search URL Search Domain Scan URL
Title: Application Security Podcast Youtube playlists
Search URL Search Domain Scan URL
Title: old website
Search URL Search Domain Scan URL
Title: GitHub OWASP organization
Search URL Search Domain Scan URL
Title: headers
Search URL Search Domain Scan URL
Title: headers-ui-container
Search URL Search Domain Scan URL
Title: venom
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: dashboard
Search URL Search Domain Scan URL
Title: discussions feature
Search URL Search Domain Scan URL
Title: project feature
Search URL Search Domain Scan URL
Title: atom web feed
Search URL Search Domain Scan URL
Title: Adam Averay
Search URL Search Domain Scan URL
Title: Jim Manico
Search URL Search Domain Scan URL
Title: page
Search URL Search Domain Scan URL
Title: Apache 2.0 License
Search URL Search Domain Scan URL
Title: RFC 6797
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: preload
Search URL Search Domain Scan URL
Title: preload list
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/rfc6797
Search URL Search Domain Scan URL
Title: https://cheatsheetseries.owasp.org/cheatsheets/HTTP_Strict_Transport_Security_Cheat_Sheet.html
Search URL Search Domain Scan URL
Title: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
Search URL Search Domain Scan URL
Title: https://www.chromium.org/hsts
Search URL Search Domain Scan URL
Title: https://hstspreload.org/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/Security/HTTP_strict_transport_security
Search URL Search Domain Scan URL
Title: https://raymii.org/s/tutorials/HTTP_Strict_Transport_Security_for_Apache_NGINX_and_Lighttpd.html
Search URL Search Domain Scan URL
Title: https://blogs.windows.com/msedgedev/2015/06/09/http-strict-transport-security-comes-to-internet-explorer-11-on-windows-8-1-and-windows-7/
Search URL Search Domain Scan URL
Title: clickjacking
Search URL Search Domain Scan URL
Title: frame-ancestors
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/rfc7034
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/draft-ietf-websec-x-frame-options-01
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/draft-ietf-websec-frame-options-00
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
Search URL Search Domain Scan URL
Title: https://blogs.msdn.microsoft.com/ieinternals/2010/03/30/combating-clickjacking-with-x-frame-options/
Search URL Search Domain Scan URL
Title: https://msdn.microsoft.com/en-us/library/gg622941%28v=vs.85%29.aspx
Search URL Search Domain Scan URL
Title: https://blogs.msdn.microsoft.com/ie/2008/09/02/ie8-security-part-vi-beta-2-update/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Content-Type-Options
Search URL Search Domain Scan URL
Title: https://www.w3.org/TR/CSP/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/Security/CSP
Search URL Search Domain Scan URL
Title: https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/content-security-policy-an-introduction/
Search URL Search Domain Scan URL
Title: https://report-uri.io
Search URL Search Domain Scan URL
Title: https://content-security-policy.com
Search URL Search Domain Scan URL
Title: https://report-uri.com/home/generate
Search URL Search Domain Scan URL
Title: https://csp-evaluator.withgoogle.com/
Search URL Search Domain Scan URL
Title: https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/xdomain.html
Search URL Search Domain Scan URL
Title: https://danielnixon.org/http-security-headers/
Search URL Search Domain Scan URL
Title: https://rorsecurity.info/portfolio/new-http-headers-for-more-security
Search URL Search Domain Scan URL
Title: https://github.com/twitter/secureheaders/issues/88
Search URL Search Domain Scan URL
Title: https://gf.dev/cross-domain-policy-test
Search URL Search Domain Scan URL
Title: https://www.w3.org/TR/referrer-policy/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: https://w3c.github.io/webappsec-clear-site-data/
Search URL Search Domain Scan URL
Title: https://www.chromestatus.com/feature/4713262029471744
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-clear-site-data
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-clear-site-data/tree/master/demo
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: CORS
Search URL Search Domain Scan URL
Title: Cross-Origin-Resource-Policy
Search URL Search Domain Scan URL
Title: https://html.spec.whatwg.org/multipage/origin.html#coep
Search URL Search Domain Scan URL
Title: https://caniuse.com/?search=Cross-Origin-Embedder-Policy
Search URL Search Domain Scan URL
Title: https://web.dev/coop-coep/
Search URL Search Domain Scan URL
Title: https://web.dev/why-coop-coep/
Search URL Search Domain Scan URL
Title: https://web.dev/cross-origin-isolation-guide/
Search URL Search Domain Scan URL
Title: XS-Leaks
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies
Search URL Search Domain Scan URL
Title: https://github.com/xsleaks/xsleaks
Search URL Search Domain Scan URL
Title: https://portswigger.net/daily-swig/xs-leak
Search URL Search Domain Scan URL
Title: https://portswigger.net/research/xs-leak-detecting-ids-using-portal
Search URL Search Domain Scan URL
Title: side-channel attacks
Search URL Search Domain Scan URL
Title: Spectre
Search URL Search Domain Scan URL
Title: Cross-Site Script Inclusion (XSSI)
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: Site
Search URL Search Domain Scan URL
Title: Origin
Search URL Search Domain Scan URL
Title: CORP header is not specified
Search URL Search Domain Scan URL
Title: https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header
Search URL Search Domain Scan URL
Title: https://resourcepolicy.fyi/
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: exposure of information via the cache
Search URL Search Domain Scan URL
Title: Expires
Search URL Search Domain Scan URL
Title: Pragma
Search URL Search Domain Scan URL
Title: HTTP caching standards document
Search URL Search Domain Scan URL
Title: table
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Caching
Search URL Search Domain Scan URL
Title: https://cwe.mitre.org/data/definitions/524.html
Search URL Search Domain Scan URL
Title: https://portswigger.net/web-security/web-cache-poisoning
Search URL Search Domain Scan URL
Title: https://portswigger.net/research/practical-web-cache-poisoning
Search URL Search Domain Scan URL
Title: https://portswigger.net/research/web-cache-entanglement
Search URL Search Domain Scan URL
Title: Chrome platform status
Search URL Search Domain Scan URL
Title: page
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy#directives
Search URL Search Domain Scan URL
Title: https://caniuse.com/permissions-policy
Search URL Search Domain Scan URL
Title: https://www.w3.org/TR/permissions-policy-1/
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Search URL Search Domain Scan URL
Title: https://www.permissionspolicy.com/
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: https://w3c.github.io/webappsec-feature-policy/
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/a-new-security-header-feature-policy/
Search URL Search Domain Scan URL
Title: https://github.com/w3c/webappsec-feature-policy/blob/master/features.md
Search URL Search Domain Scan URL
Title: https://caniuse.com/feature-policy
Search URL Search Domain Scan URL
Title: source
Search URL Search Domain Scan URL
Title: Expect-CT Extension for HTTP
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/a-new-security-header-expect-ct/
Search URL Search Domain Scan URL
Title: HPKP Suicide and Ransom PKP
Search URL Search Domain Scan URL
Title: https://tools.ietf.org/html/rfc7469
Search URL Search Domain Scan URL
Title: https://en.wikipedia.org/wiki/HTTP_Public_Key_Pinning
Search URL Search Domain Scan URL
Title: https://developer.mozilla.org/en-US/docs/Web/Security/Public_Key_Pinning
Search URL Search Domain Scan URL
Title: https://raymii.org/s/articles/HTTP_Public_Key_Pinning_Extension_HPKP.html
Search URL Search Domain Scan URL
Title: https://labs.detectify.com/2016/07/05/what-hpkp-is-but-isnt/
Search URL Search Domain Scan URL
Title: https://blog.qualys.com/ssllabs/2016/09/06/is-http-public-key-pinning-dead
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/im-giving-up-on-hpkp/
Search URL Search Domain Scan URL
Title: https://groups.google.com/a/chromium.org/forum/m/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Search URL Search Domain Scan URL
Title: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
Search URL Search Domain Scan URL
Title: https://www.chromestatus.com/feature/5021976655560704
Search URL Search Domain Scan URL
Title: https://bugzilla.mozilla.org/show_bug.cgi?id=528661
Search URL Search Domain Scan URL
Title: https://blogs.windows.com/windowsexperience/2018/07/25/announcing-windows-10-insider-preview-build-17723-and-build-18204/
Search URL Search Domain Scan URL
Title: https://github.com/zaproxy/zaproxy/issues/5849
Search URL Search Domain Scan URL
Title: https://scotthelme.co.uk/security-headers-updates/#removing-the-x-xss-protection-header
Search URL Search Domain Scan URL
Title: https://portswigger.net/daily-swig/google-chromes-xss-auditor-goes-back-to-filter-mode
Search URL Search Domain Scan URL
Title: https://www.virtuesecurity.com/blog/understanding-xss-auditor/
Search URL Search Domain Scan URL
Title: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
Search URL Search Domain Scan URL
Title: http://zinoui.com/blog/security-http-headers#x-xss-protection
Search URL Search Domain Scan URL
Title: https://caniuse.com/stricttransportsecurity
Search URL Search Domain Scan URL
Title: https://caniuse.com/x-frame-options
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_x-content-type-options
Search URL Search Domain Scan URL
Title: https://caniuse.com/?search=content-security-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/referrer-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/publickeypinning
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_expect-ct
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_x-xss-protection
Search URL Search Domain Scan URL
Title: https://caniuse.com/?search=Clear-Site-Data
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cross-origin-opener-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cross-origin-resource-policy
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_cache-control
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_pragma
Search URL Search Domain Scan URL
Title: OpenCRE
Search URL Search Domain Scan URL
Title: disclosure of technical information
Search URL Search Domain Scan URL
Title: reverse proxy
Search URL Search Domain Scan URL
Title: web application firewall
Search URL Search Domain Scan URL
Title: OpenCRE
Search URL Search Domain Scan URL
Title: WebTechSurvey
Search URL Search Domain Scan URL
Title: Server
Search URL Search Domain Scan URL
Title: Liferay-Portal
Search URL Search Domain Scan URL
Title: Liferay
Search URL Search Domain Scan URL
Title: X-Turbo-Charged-By
Search URL Search Domain Scan URL
Title: X-Powered-By
Search URL Search Domain Scan URL
Title: X-Server-Powered-By
Search URL Search Domain Scan URL
Title: X-Powered-CMS
Search URL Search Domain Scan URL
Title: CMS
Search URL Search Domain Scan URL
Title: SourceMap
Search URL Search Domain Scan URL
Title: source map
Search URL Search Domain Scan URL
Title: X-AspNetMvc-Version
Search URL Search Domain Scan URL
Title: X-AspNet-Version
Search URL Search Domain Scan URL
Title: X-SourceFiles
Search URL Search Domain Scan URL
Title: X-Redirect-By
Search URL Search Domain Scan URL
Title: Wikipedia
Search URL Search Domain Scan URL
Title: X-Generator
Search URL Search Domain Scan URL
Title: X-Generated-By
Search URL Search Domain Scan URL
Title: X-CMS
Search URL Search Domain Scan URL
Title: X-Powered-By-Plesk
Search URL Search Domain Scan URL
Title: Plesk
Search URL Search Domain Scan URL
Title: X-Php-Version
Search URL Search Domain Scan URL
Title: PHP
Search URL Search Domain Scan URL
Title: Powered-By
Search URL Search Domain Scan URL
Title: X-Content-Encoded-By
Search URL Search Domain Scan URL
Title: Product
Search URL Search Domain Scan URL
Title: X-CF-Powered-By
Search URL Search Domain Scan URL
Title: X-Framework
Search URL Search Domain Scan URL
Title: Host-Header
Search URL Search Domain Scan URL
Title: Pega-Host
Search URL Search Domain Scan URL
Title: PEGA
Search URL Search Domain Scan URL
Title: X-Atmosphere-first-request
Search URL Search Domain Scan URL
Title: X-Mod-Pagespeed
Search URL Search Domain Scan URL
Title: mod_pagespeed
Search URL Search Domain Scan URL
Title: X-Page-Speed
Search URL Search Domain Scan URL
Title: mod_pagespeed
Search URL Search Domain Scan URL
Title: X-Varnish-Backend
Search URL Search Domain Scan URL
Title: Varnish
Search URL Search Domain Scan URL
Title: X-Varnish-Server
Search URL Search Domain Scan URL
Title: X-Envoy-Upstream-Service-Time
Search URL Search Domain Scan URL
Title: Envoy
Search URL Search Domain Scan URL
Title: X-Envoy-Attempt-Count
Search URL Search Domain Scan URL
Title: X-Envoy-External-Address
Search URL Search Domain Scan URL
Title: X-B3-ParentSpanId
Search URL Search Domain Scan URL
Title: Zipkin
Search URL Search Domain Scan URL
Title: X-B3-Sampled
Search URL Search Domain Scan URL
Title: X-B3-SpanId
Search URL Search Domain Scan URL
Title: X-B3-TraceId
Search URL Search Domain Scan URL
Title: K-Proxy-Request
Search URL Search Domain Scan URL
Title: Knative
Search URL Search Domain Scan URL
Title: X-Old-Content-Length
Search URL Search Domain Scan URL
Title: WebSEAL
Search URL Search Domain Scan URL
Title: $wsep
Search URL Search Domain Scan URL
Title: WebSphere Application Server
Search URL Search Domain Scan URL
Title: X-Nextjs-Matched-Path
Search URL Search Domain Scan URL
Title: Next.js
Search URL Search Domain Scan URL
Title: X-Nextjs-Page
Search URL Search Domain Scan URL
Title: X-Nextjs-Cache
Search URL Search Domain Scan URL
Title: X-Nextjs-Redirect
Search URL Search Domain Scan URL
Title: Content-Disposition
Search URL Search Domain Scan URL
Title: SVG file
Search URL Search Domain Scan URL
Title: stored cross-site scripting
Search URL Search Domain Scan URL
Title: Trap bad guys in your browser with HTTP security headers
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 🌎
Search URL Search Domain Scan URL
Title: 🌎
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 🌎
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 🌎
Search URL Search Domain Scan URL
Title: 🌎
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 👩💻
Search URL Search Domain Scan URL
Title: 🌎
Search URL Search Domain Scan URL
Title: one
Search URL Search Domain Scan URL
Title: jq
Search URL Search Domain Scan URL
Title: https://httpd.apache.org/docs/current/mod/mod_headers.html
Search URL Search Domain Scan URL
Title: https://nginx.org/en/docs/http/ngx_http_headers_module.html
Search URL Search Domain Scan URL
Title: https://redmine.lighttpd.net/projects/lighttpd/wiki/Mod_setenv
Search URL Search Domain Scan URL
Title: https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpprotocol/customheaders
Search URL Search Domain Scan URL
Title: forbidden header names
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: XS-Leaks
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: mode
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: Mozilla MDN
Search URL Search Domain Scan URL
Title: here
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-dest
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-mode
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-user
Search URL Search Domain Scan URL
Title: https://caniuse.com/mdn-http_headers_sec-fetch-site
Search URL Search Domain Scan URL
Title: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/#are-site-and-origin-interchangeable
Search URL Search Domain Scan URL
Title: https://portswigger.net/daily-swig/firefox-becomes-latest-browser-to-support-fetch-metadata-request-headers
Search URL Search Domain Scan URL
Title: Cloud.gov
Search URL Search Domain Scan URL
Title: Amazon AWS
Search URL Search Domain Scan URL
Title: Salesforce
Search URL Search Domain Scan URL
Title: Black Hills Information Security
Search URL Search Domain Scan URL
Title: Progress
Search URL Search Domain Scan URL
Title: Bloomreach
Search URL Search Domain Scan URL
Title: CrashTest Security
Search URL Search Domain Scan URL
Title: Tableau
Search URL Search Domain Scan URL
Title: 42Crunch
Search URL Search Domain Scan URL
Title: SAP
Search URL Search Domain Scan URL
Title: SecureAuth
Search URL Search Domain Scan URL
Title: Detectify
Search URL Search Domain Scan URL
Title: ImmuniWeb
Search URL Search Domain Scan URL
Title: Nmap
Search URL Search Domain Scan URL
Title: Edit on GitHub
Search URL Search Domain Scan URL
Title: OWASP Swag repository
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Redirected requests
There were HTTP redirect chains for the following requests:
38 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
/
owasp.org/www-project-secure-headers/ |
176 KB 41 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
js.cookie.js
owasp.org/www--site-theme/assets/js/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
analytics.js
www.google-analytics.com/ |
52 KB 21 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
owasp.org/www--site-theme/assets/css/ |
128 KB 26 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery-3.4.1.min.js
owasp.org/www--site-theme/assets/js/ |
86 KB 31 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
util.js
owasp.org/www--site-theme/assets/js/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
yaml.min.js
owasp.org/www--site-theme/assets/js/ |
42 KB 11 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
luxon.min.js
owasp.org/www--site-theme/assets/js/ |
68 KB 21 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
kjua.min.js
owasp.org/www--site-theme/assets/js/ |
28 KB 12 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
buttons.js
buttons.github.io/ |
19 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
logo.png
owasp.org/assets/images/ |
11 KB 12 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
direct-link-handler.js
owasp.org/www-project-secure-headers/assets/js/ |
2 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
styles.css
owasp.org/www-project-secure-headers/assets/css/ |
145 B 386 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
owasp-lab%20project-f7b73c.svg
img.shields.io/badge/ |
1 KB 1 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/check-external-links.yml/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/headers-generate-json-files.yml/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
badge.svg
github.com/OWASP/www-project-secure-headers/actions/workflows/monitoring-technical-references-generate-dashboard.yml/ |
2 KB 4 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-decode.min.js
owasp.org/cdn-cgi/scripts/5c5dd728/cloudflare-static/ |
1 KB 840 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-solid-900.woff2
owasp.org/assets/fontawesome/ |
74 KB 74 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ubuntu-regular.woff2
owasp.org/assets/font/ |
29 KB 29 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
ubuntu-medium.woff2
owasp.org/assets/font/ |
28 KB 28 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fa-brands-400.woff2
owasp.org/assets/fontawesome/ |
73 KB 74 KB |
Font
font/woff2 |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
www-project-secure-headers
api.github.com/repos/owasp/ |
7 KB 3 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
banner-data.yml
owasp.org/www-project-secure-headers/assets/sitedata/ |
734 B 1 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
popup-data.yml
owasp.org/www-project-secure-headers/assets/sitedata/ |
1 KB 2 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
menus.json
owasp.org/www--site-theme/assets/sitedata/ |
6 KB 2 KB |
XHR
application/json |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
events.yml
owasp.org/assets/sitedata/ |
3 KB 5 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
corp_members.yml
owasp.org/assets/sitedata/ |
119 KB 119 KB |
XHR
text/yaml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Bloomberg.png
owasp.org/assets/images/corp-member-logo/ |
27 KB 29 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
salesforce.png
owasp.org/assets/images/corp-member-logo/ |
6 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
black_belt_logo.png
owasp.org/assets/images/corp-member-logo/ |
32 KB 33 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
contrast_logo_rgb.png
owasp.org/assets/images/corp-member-logo/ |
74 KB 76 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
EPAMSystemsLogo.jpeg
owasp.org/assets/images/corp-member-logo/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
KPMG_Logo.jpeg
owasp.org/assets/images/corp-member-logo/ |
7 KB 7 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tenable_logo.png
owasp.org/assets/images/corp-member-logo/ |
36 KB 36 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
Coalfire.png
owasp.org/assets/images/corp-member-logo/ |
8 KB 8 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
atlassian.png
owasp.org/assets/images/corp-member-logo/ |
13 KB 15 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
GrammarlyLogo.png
owasp.org/assets/images/corp-member-logo/ |
35 KB 35 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
30 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture function| Cookies function| handleOutboundLinkClicks function| $ function| jQuery function| YAML object| luxon object| google_tag_data function| ga object| gaplugins function| kjua function| issearch function| handleDirectLink object| events object| members object| plat_indices object| gold_indices object| other_indices function| get_next_member object| banneryaml object| popyaml string| url object| eventsyml string| e string| evnt object| member number| chosenIndex number| pIndex number| cycleIndex boolean| searchitem0 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Security Headers
This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page
Header | Value |
---|---|
Content-Security-Policy | default-src 'self' https://api.github.com https://*.githubusercontent.com https://*.google-analytics.com https://owaspadmin.azurewebsites.net https://*.twimg.com https://platform.twitter.com https://www.youtube.com https://*.doubleclick.net; frame-ancestors 'self'; frame-src https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.sched.com https://*.google.com https://*.twitter.com https://www.youtube.com https://w.soundcloud.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://fonts.googleapis.com https://app.diagrams.net https://cdnjs.cloudflare.com https://cse.google.com https://*.vuejs.org https://*.stripe.com https://*.wufoo.com https://*.youtube.com https://*.meetup.com https://*.sched.com https://*.google-analytics.com https://unpkg.com https://buttons.github.io https://www.google.com https://*.gstatic.com https://*.twitter.com https://*.twimg.com; style-src 'self' 'unsafe-inline' https://*.gstatic.com https://cdnjs.cloudflare.com https://www.google.com https://fonts.googleapis.com https://platform.twitter.com https://*.twimg.com data:; font-src 'self' fonts.gstatic.com; manifest-src 'self' https://pay.google.com; img-src 'self' https://*.globalappsec.org data: www.w3.org https://licensebuttons.net https://img.shields.io https://*.twitter.com https://github.githubassets.com https://*.twimg.com https://platform.twitter.com https://*.githubusercontent.com https://*.vercel.app https://*.cloudfront.net https://*.coreinfrastructure.org https://*.securityknowledgeframework.org https://badges.gitter.im https://travis-ci.org https://api.travis-ci.org https://s3.amazonaws.com https://snyk.io https://coveralls.io https://requires.io https://github.com https://*.googleapis.com https://*.google.com https://*.gstatic.com |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | SAMEORIGIN |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
api.github.com
buttons.github.io
github.com
img.shields.io
owasp.org
www.google-analytics.com
140.82.121.3
140.82.121.5
2606:4700:10::6816:1a4d
2606:4700:e4::ac40:ae10
2606:50c0:8000::153
2a00:1450:4001:828::200e
03448ffc9e3b2aa76851f9487a804e6d540300ccbd5721af9876ece77f214cae
0738580e85e7fdef026f377d497b2791985a1b161bb9b573ed15798e1d91ea48
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
111e908d4931f17d51f19b3f8f02adba325fc1e29c878c8661e288944af8a31c
12c5833f3f8bf7c757c3828ca9fb2f708b67f739e01e7d0ec333c86c3a3e8c03
1f49b8706547682e2c5ed6642a2f2dcbd287da458314b967c60d774aa7edb473
2595496fe48df6fcf9b1bc57c29a744c121eb4dd11566466bc13d2e52e6bbcc8
301bd1ee060975e36b34fe4dbb9c43dd4d5c53e68a1a14aeca46c5a392486e22
3493c13c8ef8fc260cbb4b334cac01ccbb61e2bd01023372c07e9590dbf8cfeb
357c0ad66cf329f64d356786a5dd19700f8b4498b283db0922e374e68e544298
3e3351cf49f3196ee3eb5bef6fe234e98077f6b447419ee6d102a75db75ec2d4
44beeee5122983409ccd274c152f020a953c769cfaf3bd13a31eb276abf5ec55
45512d9190b06b08f5bf539745d388ea399690fb8c28986800de83fd3bf6b76e
45de21369d153b74b8fa4768c8faa42f6e8b3344899e78092afe897cee91c300
53d3b023092e049484c4e39ce6f50d1b8dd10074795e66da06e1140792a91d9a
66bf051c02926d6a928217c001ac52b239880dd7ae5c73346d946876274f04be
66e272083c6fe269aeb97379f488a1d380f87b3c76e223dc9b00a38e3ffcbe4b
78834b11897ddc090a4776c6a4a63d3edbe6eeb999ff10685834b3c14432d65f
7d1b23f8a47d2603cae545df2f5e0d6a410531f9c2d3349080c7c875c2e751bb
7d515c0862c758debefe4dfbae52305d10a9c253035c12ae1e9904a943bb4233
8565a2bb056746aea663c4d9a0a4a85e431f07bb9d70533c6f025e44948fa458
85a4805934ba775aa7e17fa33654f9459271e437473172ff347adca3c9d9225a
889850c939bd8424253a67211f9eda5d2939ca0126d93814bd904e0dc09538a9
8902e5836a324eae0ab281a9be7d62683e025d503ce6778cce6768fb908c1089
8ceca610985a049a717ff0935525de51ff966681b61d730d17f0ec7298956472
9b27f88df0096830f8202207b01da2f55e7aa8a221afac11c125705fd2b130ec
a2396036f7419d686ba86e291d3166b71b9f4fa52640cd224d119b16da1da24c
b8ccdf0e45f181fc04f0d202779fff71aa76f27f0428a792e0e6f13fe1d0b085
cbe2121765e2f3e921a42bcb9b0c78635b68cee1dccd1b1ec31089b9382ff514
cd398be1a91817126cef10224738e624358edf6f08043abad7e60c1aaeccc8d0
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e7ff87211a6a1e788fdea117ba81b8676bd41189423ebde72ed7fe19447acdf5
ea313025ebfe6e5677fceab5f9bfa510ec1f4da1312358339f00b0d26f45a447
ea7b775f0f003a40ed003d5f8a9c125a9baf76d3738ccf3046f46579fce1cca4
ecf51e84a6ff11c64d16a98dab511416dd10ff44a76cdcd4e05443e223779d33
ef6559103903953e244a5ffee1101b36faff6d5bd378d44a4514944b643434de
f46950820ce4e5032d2519c3b0c2a73f48b64071b5efd95b7f52d3755f69d3ce
fec084f5786c0a8718738f088745b13664eff7b553264ee615131abe2467b886