Submitted URL: https://www.bnpparibasfortis.be/promo/KCMA/Proxy.asp?proxyTarget=/site/renderers/commfull.aspx&ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Effective URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Submission: On November 11 via api from BE

Summary

This website contacted 4 IPs in 2 countries across 3 domains to perform 17 HTTP transactions. The main IP is 193.58.4.82, located in Belgium and belongs to BNP-PARIBAS France, FR. The main domain is www.bnpparibasfortis.be.
TLS certificate: Issued by Entrust Certification Authority - L1M on October 24th 2017. Valid for: 2 years.
This is the only time www.bnpparibasfortis.be was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 193.58.4.82 25215 (BNP-PARIB...)
2 2a00:1450:400... 15169 (GOOGLE)
1 83.217.64.114 34762 (COMBELL-AS)
4 2a00:1450:400... 15169 (GOOGLE)
17 4
Domain
Subdomains
Transfer
12 bnpparibasfortis.be
887 KB
4 gstatic.com
45 KB
2 fonts.googleapis.com
2 KB
17 3
Domain Requested by
11 www.bnpparibasfortis.be 1 redirects www.bnpparibasfortis.be
4 fonts.gstatic.com www.bnpparibasfortis.be
2 fonts.googleapis.com www.bnpparibasfortis.be
1 myexperts.bnpparibasfortis.be www.bnpparibasfortis.be
17 4

This site contains links to these domains. Also see Links.

Domain
Subject / Issuer Validity Valid
www.bnpparibasfortis.be
Entrust Certification Authority - L1M
2017-10-24 -
2020-01-23
2 years
*.googleapis.com
GTS CA 1O1
2019-10-16 -
2020-01-08
3 months
myexperts.bnpparibasfortis.be
Entrust Certification Authority - L1M
2019-02-11 -
2020-03-26
a year
*.google.com
GTS CA 1O1
2019-10-16 -
2020-01-08
3 months

Screenshot


Detected technologies

Web
Overall confidence: 50%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Web
Overall confidence: 50%
Detected patterns
  • url /\.aspx?(?:$|\?)/i

Web
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Cookie set commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
/site/renderers
Redirect Chain
  • https://www.bnpparibasfortis.be/promo/KCMA/Proxy.asp?proxyTarget=/site/renderers/commfull.aspx&ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
  • https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
31 KB
8 KB
Document
General
Full URL
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
8c63b77eb9c781396edc324098fed3c9445e764243827bd7ada841cad67d1b26
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Host
www.bnpparibasfortis.be
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Accept-Encoding
gzip, deflate, br
Cookie
per_ebew=!VW5jlkK9T73mI72GtRqo/nB6p69EVgrbRKdUciVZf9Uzg+g4PaQ06v4ZQu40icG6UM/zxhJEX6K9ey4=; TS01b708ad=011bf91c22dfe8872c0ad5b3f5f7cb0a66909986cca89f22c9e2d389a07c231e89b31d284194eb208f48590e097b38f9e01341b8b7cda442c941bc48d9388988fe48501603
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

content-type
text/html; charset=Windows-1252
date
Mon, 11 Nov 2019 00:51:32 GMT
p3p
CP="NON CUR OTPi OUR NOR UNI"
x-old-content-length
31423
cache-control
private
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
reflected-xss block
Set-Cookie
ASP.NET_SessionId=mzdq23lz30zeaebekokqug5h; Path=/; HttpOnly; Secure; CR=DzhBOYkk0h2t9Igm6QWVjx+8awSDZ7s+vOeFJJ9CI2hK1Zc1SGjzsva9yqTfNt+ko1zQIKVIx6z6QeqnqRBNMCcC5qq6Lev8cTovRuTFsh1E3+0DYASp8KA9nTIYVjWFQFSnzLap98dk+eXL91mEKr3riOH7dLY3; Path=/; Secure; TS01b708ad=011bf91c2250012c5df27e9fafa68f4f029269ca15a89f22c9e2d389a07c231e89b31d284194eb208f48590e097b38f9e01341b8b7cb874f3c8b7278b88dfb76abe010cfacc9cfb972b249ae4816036f7e0e33fdf4b6764592aa5df81e2c47f4f2d3c581c6; Path=/
Vary
Accept-Encoding
Content-Encoding
gzip
Transfer-Encoding
chunked

Redirect headers

content-length
382
content-type
text/html; charset=iso-8859-1
date
Mon, 11 Nov 2019 00:51:31 GMT
location
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
p3p
CP="NON CUR OTPi OUR NOR UNI"
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Content-Security-Policy
reflected-xss block
Set-Cookie
per_ebew=!VW5jlkK9T73mI72GtRqo/nB6p69EVgrbRKdUciVZf9Uzg+g4PaQ06v4ZQu40icG6UM/zxhJEX6K9ey4=; path=/; Httponly; Secure TS01b708ad=011bf91c22dfe8872c0ad5b3f5f7cb0a66909986cca89f22c9e2d389a07c231e89b31d284194eb208f48590e097b38f9e01341b8b7cda442c941bc48d9388988fe48501603; Path=/
Vary
Accept-Encoding
css?family=Open+Sans:400,400i,600,600i
fonts.googleapis.com
10 KB
855 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
d07ee1496c29074e04847d36cafcc11cae6b648c3d3063fdb532121a364b546f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 11 Nov 2019 00:51:31 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Mon, 11 Nov 2019 00:51:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 11 Nov 2019 00:51:31 GMT
css?family=Montserrat:400,400i,600,600i,700,700i
fonts.googleapis.com
11 KB
799 B
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Montserrat:400,400i,600,600i,700,700i
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
ef768ace8d6f4954c32b4df820fac7face119cfbc276802159c2108076729c19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 11 Nov 2019 00:51:31 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Mon, 11 Nov 2019 00:51:31 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 11 Nov 2019 00:51:31 GMT
Private_BRANDBAR_DESKTOP_600X80_NL_x2.png
/Images/Generic/Mails/Mailing2016
30 KB
31 KB
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/Generic/Mails/Mailing2016/Private_BRANDBAR_DESKTOP_600X80_NL_x2.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
e703109b5353a3465b56c7d69771090b084073ab58c3a002e4a389598c435f64
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:30 GMT
X-Content-Type-Options
nosniff
last-modified
Tue, 31 Jan 2017 15:47:23 GMT
etag
"62484450d97bd21:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
content-length
31076
X-XSS-Protection
1; mode=block
logo-myexperts.png
/Images/COMM/newsletters/myexperts
7 KB
8 KB
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/COMM/newsletters/myexperts/logo-myexperts.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
a5c9660200551209ae465a1615957e34a67d0432865e3d3003adbe0243931e2f
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:32 GMT
X-Content-Type-Options
nosniff
last-modified
Fri, 20 Apr 2018 14:19:44 GMT
etag
"d84f5da1b2d8d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
content-length
7358
X-XSS-Protection
1; mode=block
brexit.jpg
myexperts.bnpparibasfortis.be/images/default-source/article-card
718 KB
719 KB
Image
General
Full URL
https://myexperts.bnpparibasfortis.be/images/default-source/article-card/brexit.jpg
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
83.217.64.114 , Belgium, ASN34762 (COMBELL-AS, BE),
Reverse DNS
83.217.64.114.static.hosted.by.combell.com
Software
Microsoft-IIS/8.5 /
Resource Hash
d67c6539e8b322450561642583f0d40b2bdeec63a39907d0061e2b89ed9b49b8
Security Headers
Name Value
Content-Security-Policy default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Security-Policy
default-src https: data: blob: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security
max-age=31536000
X-Content-Type-Options
nosniff
Last-Modified
Tue, 29 Oct 2019 11:32:11 GMT
Server
Microsoft-IIS/8.5
Date
Mon, 11 Nov 2019 00:51:31 GMT
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
public, max-age=7776000, private
Content-Disposition
inline; filename=Brexit.jpg
Connection
close
Accept-Ranges
bytes
Content-Length
735680
X-Xss-Protection
1; mode=block
Expires
Sun, 09 Feb 2020 00:51:31 GMT
calendar-icon.png
/Images/COMM/newsletters/myexperts
461 B
922 B
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/COMM/newsletters/myexperts/calendar-icon.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
94e42d1830fa60d0a79403bf8218d575f173e6f08c92b1f993249ae0e98253f4
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:30 GMT
X-Content-Type-Options
nosniff
last-modified
Fri, 20 Apr 2018 14:19:43 GMT
etag
"8cca84a0b2d8d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
Vary
Accept-Encoding
content-length
461
X-XSS-Protection
1; mode=block
article-icon.png
/Images/COMM/newsletters/myexperts
2 KB
2 KB
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/COMM/newsletters/myexperts/article-icon.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
bb0fbb4edbd12db30a2bfcea7de431d930cce754f8789609ccc62d641c839687
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:32 GMT
X-Content-Type-Options
nosniff
last-modified
Fri, 20 Apr 2018 14:19:43 GMT
etag
"361c7aa0b2d8d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
content-length
1657
X-XSS-Protection
1; mode=block
logo-private-footer.png
/Images/COMM/newsletters/myexperts
19 KB
19 KB
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/COMM/newsletters/myexperts/logo-private-footer.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
164f012753605e34b1be98add90c914482390c4e9e953664435c40cd324a6a6b
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:30 GMT
X-Content-Type-Options
nosniff
last-modified
Fri, 20 Apr 2018 14:19:44 GMT
etag
"cac964a1b2d8d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
content-length
19386
X-XSS-Protection
1; mode=block
twitter-icon.png
/Images/COMM/newsletters/myexperts
1 KB
2 KB
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/COMM/newsletters/myexperts/twitter-icon.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
eef48d54fa7cd5cd30ef7d516f72b393745ca75399d18d161c57f6688b102762
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:30 GMT
X-Content-Type-Options
nosniff
last-modified
Fri, 20 Apr 2018 14:19:45 GMT
etag
"e09919a2b2d8d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
content-length
1259
X-XSS-Protection
1; mode=block
linkedin-icon.png
/Images/COMM/newsletters/myexperts
712 B
1 KB
Image
General
Full URL
https://www.bnpparibasfortis.be/Images/COMM/newsletters/myexperts/linkedin-icon.png
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
edda9f032ddd5b0673164dbb531e50a80cbdd5f5aa60188594dd602565b723d9
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:32 GMT
X-Content-Type-Options
nosniff
last-modified
Fri, 20 Apr 2018 14:19:44 GMT
etag
"86dd3fa1b2d8d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
image/png
Vary
Accept-Encoding
content-length
712
X-XSS-Protection
1; mode=block
mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
fonts.gstatic.com/s/opensans/v17
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
b8e23a845bc6b7fd417d29182e0e38d353e64b5e12e06bb1de2b5ce063db1dcc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i
Origin
https://www.bnpparibasfortis.be
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 31 Oct 2019 03:27:28 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:44 GMT
server
sffe
age
941043
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9180
x-xss-protection
0
expires
Fri, 30 Oct 2020 03:27:28 GMT
mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
fonts.gstatic.com/s/opensans/v17
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
54c64f3c66372027154f01fc9f24b4e25fdfe405b70d1994c79abbc2576ff775
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Open+Sans:400,400i,600,600i
Origin
https://www.bnpparibasfortis.be
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 31 Oct 2019 10:18:03 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 19:30:49 GMT
server
sffe
age
916408
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9132
x-xss-protection
0
expires
Fri, 30 Oct 2020 10:18:03 GMT
JTURjIg1_i6t8kCHKm45_bZF3gnD_vx3rCs.woff2
fonts.gstatic.com/s/montserrat/v14
13 KB
13 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v14/JTURjIg1_i6t8kCHKm45_bZF3gnD_vx3rCs.woff2
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
a6de304c233a1b4d07424cb88ba16dc46fb015b3f659cdb2b2357e96af161082
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Montserrat:400,400i,600,600i,700,700i
Origin
https://www.bnpparibasfortis.be
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 Nov 2019 21:23:44 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:50 GMT
server
sffe
age
790067
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
13464
x-xss-protection
0
expires
Sat, 31 Oct 2020 21:23:44 GMT
BNPPSlabSerif-Bold.woff
/Images/Generic/Mails/fonts-bnp
0
0
Font
General
Full URL
https://www.bnpparibasfortis.be/Images/Generic/Mails/fonts-bnp/BNPPSlabSerif-Bold.woff
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Origin
https://www.bnpparibasfortis.be
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:30 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Transfer-Encoding
chunked
x-old-content-length
1245
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-type
text/html
Vary
Accept-Encoding
X-XSS-Protection
1; mode=block
JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
fonts.gstatic.com/s/montserrat/v14
13 KB
14 KB
Font
General
Full URL
https://fonts.gstatic.com/s/montserrat/v14/JTUSjIg1_i6t8kCHKm459WlhyyTh89Y.woff2
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:818::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0ce5a460ace775560c3344a43245687bdbec5cb8ee20d209ab9fa67f4e09a3e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Montserrat:400,400i,600,600i,700,700i
Origin
https://www.bnpparibasfortis.be
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 01 Nov 2019 16:03:51 GMT
x-content-type-options
nosniff
last-modified
Tue, 23 Jul 2019 03:46:48 GMT
server
sffe
age
809260
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
13708
x-xss-protection
0
expires
Sat, 31 Oct 2020 16:03:51 GMT
BNPPSlabSerif-Bold.ttf
/Images/Generic/Mails/fonts-bnp
95 KB
95 KB
Font
General
Full URL
https://www.bnpparibasfortis.be/Images/Generic/Mails/fonts-bnp/BNPPSlabSerif-Bold.ttf
Requested by
Host: www.bnpparibasfortis.be
URL: https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
193.58.4.82 , Belgium, ASN25215 (BNP-PARIBAS France, FR),
Reverse DNS
helloandyou.be
Software
/
Resource Hash
115b794b816bb7443a090e34f234ad6cb13af48f2f8955b010326d63019ecee6
Security Headers
Name Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
Origin
https://www.bnpparibasfortis.be
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 11 Nov 2019 00:51:30 GMT
X-Content-Type-Options
nosniff
last-modified
Tue, 23 Jan 2018 14:27:50 GMT
etag
"18623595694d31:0"
X-Frame-Options
SAMEORIGIN
p3p
CP="NON CUR OTPi OUR NOR UNI"
Content-Security-Policy
reflected-xss block
Strict-Transport-Security
max-age=31536000; includeSubDomains
accept-ranges
bytes
content-type
application/octet-stream
content-length
97240
X-XSS-Protection
1; mode=block

Redirect requests

There were HTTP redirects (301, 302) for the following requests:

Request 0
  • https://www.bnpparibasfortis.be/promo/KCMA/Proxy.asp?proxyTarget=/site/renderers/commfull.aspx&ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG
  • https://www.bnpparibasfortis.be/site/renderers/commfull.aspx?ID=C_+C56ypw8zR1EiCvTq6uYLYzk2xjKFeYScrrHWzNeQKB8XmvDnU2Y805LhZ+UBxBddylZd01tqkNqeIdYjXqjaXbH2CG

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate

4 Cookies

Domain/Path Name / Value
www.bnpparibasfortis.be/ Name: CR
Value: DzhBOYkk0h2t9Igm6QWVjx+8awSDZ7s+vOeFJJ9CI2hK1Zc1SGjzsva9yqTfNt+ko1zQIKVIx6z6QeqnqRBNMCcC5qq6Lev8cTovRuTFsh1E3+0DYASp8KA9nTIYVjWFQFSnzLap98dk+eXL91mEKr3riOH7dLY3
www.bnpparibasfortis.be/ Name: TS01b708ad
Value: 011bf91c2250012c5df27e9fafa68f4f029269ca15a89f22c9e2d389a07c231e89b31d284194eb208f48590e097b38f9e01341b8b7cb874f3c8b7278b88dfb76abe010cfacc9cfb972b249ae4816036f7e0e33fdf4b6764592aa5df81e2c47f4f2d3c581c6
www.bnpparibasfortis.be/ Name: ASP.NET_SessionId
Value: mzdq23lz30zeaebekokqug5h
www.bnpparibasfortis.be/ Name: per_ebew
Value: !VW5jlkK9T73mI72GtRqo/nB6p69EVgrbRKdUciVZf9Uzg+g4PaQ06v4ZQu40icG6UM/zxhJEX6K9ey4=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy reflected-xss block
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block