URL: https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Submission Tags: falconsandbox
Submission: On October 25 via api from US

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 13 HTTP transactions. The main IP is 2001:558:fe03:7c::2, located in United States and belongs to COMCAST-7922, US. The main domain is internet-webview.xfinity.com.
TLS certificate: Issued by COMODO RSA Organization Validation Se... on June 9th 2020. Valid for: 2 years.
This is the only time internet-webview.xfinity.com was scanned on urlscan.io!

urlscan.io Verdict: No classification


Live information

Domain & IP information

IP Address AS Autonomous System
10 2001:558:fe03... 7922 (COMCAST-7922)
2 2600:1f18:336... 14618 (AMAZON-AES)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
13 3
Domain Requested by
10 internet-webview.xfinity.com internet-webview.xfinity.com
2 melee.sed.dh.comcast.net internet-webview.xfinity.com
1 static.cimcontent.net internet-webview.xfinity.com
13 3

This site contains no links.

Subject Issuer Validity Valid
edge.dh-polymer-prod.top.comcast.net
COMODO RSA Organization Validation Secure Server CA
2020-06-09 -
2022-06-09
2 years crt.sh
*.sed.dh.comcast.net
COMODO RSA Organization Validation Secure Server CA
2019-02-26 -
2021-02-25
2 years crt.sh
static.cimcontent.net
COMODO RSA Organization Validation Secure Server CA
2020-04-16 -
2022-04-16
2 years crt.sh

This page contains 1 frames:

Primary Page: https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Frame ID: D6A934F011ED5982AAC4EEACE10EC45E
Requests: 12 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /ATS\/?([\d.]+)?/i

Page Statistics

13
Requests

100 %
HTTPS

100 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

381 kB
Transfer

1324 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request 5C415A5C2593
internet-webview.xfinity.com/devices/device/
28 KB
10 KB
Document
General
Full URL
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
47eada95e1b34499c5f5c08f76718ce2715d7cf80a8cf66ef63967bf59744b67
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Host
internet-webview.xfinity.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Content-Encoding
gzip
Content-Language
en-US
Content-Length
9173
Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Type
text/html; charset=utf-8
Date
Sun, 25 Oct 2020 06:36:52 GMT
Etag
"5f85ffcc-23d5"
Expires
Sun, 25 Oct 2020 06:41:52 GMT
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
Strict-Transport-Security
max-age=2628000
Vary
accept-language
X-Content-Type-Options
nosniff
X-Frame-Options
sameorigin
X-Vcap-Request-Id
d8a93f55-781e-4c40-537b-87aafac5c0e2
X-Xss-Protection
1
Age
118
Via
http/1.1 odol-atsmid-pan-04.ivyland.pa.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uScSsSfUpSeN:t cCSp sS]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
Connection
keep-alive
xFi
melee.sed.dh.comcast.net/v2/event/
0
0
Other
General
Full URL
https://melee.sed.dh.comcast.net/v2/event/xFi?en=pageload&t=1603607930380&timeStamp=2020-10-25T06:38:50.380Z&appVersion=2020.WW.U.1.Major&env=prod&pageStart=1603607930375&navigationStart=1603607930058&partner=comcast&appname=xFi
Protocol
H2
Server
2600:1f18:336:b301:aaf1:9ca:3557:bbe3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Melee /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
content-type,melee-cc,melee-token
Origin
https://internet-webview.xfinity.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

status
200
date
Sun, 25 Oct 2020 06:38:50 GMT
content-type
application/octet-stream
content-length
0
x-client-id
dh_xhui
server
Melee
access-control-allow-origin
*
access-control-allow-methods
POST, GET
access-control-allow-headers
content-type,melee-cc,melee-token
critical-path.abab5e7ebe3464d30342.js
internet-webview.xfinity.com/en-US/bundles/
720 KB
180 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
730063de3d87fcff1afb4a9048864f98b44e1e912cfbe7cedee033e36254ac8d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
182935
X-Xss-Protection
1
Last-Modified
Tue, 20 Oct 2020 14:38:44 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:52 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 odol-atsmid-pan-04.ivyland.pa.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
91200fb1-0b07-4c9b-585d-c996753bce7a
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f8ef674-2ca97"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:40:24 GMT
webcomponents-lite-er.min.js
internet-webview.xfinity.com/node_modules/webcomponents.js/
28 KB
10 KB
Script
General
Full URL
https://internet-webview.xfinity.com/node_modules/webcomponents.js/webcomponents-lite-er.min.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
95608d2bfed9798b217b2b83268daabc6d41b17dc49b9145cd48e1a5f5e1b0ba
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
3383
Connection
keep-alive
Vary
accept-language
Content-Length
9017
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 05:42:27 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 cdn-mid-njs-05.audubon.nj.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uIcMsSfWpNeN:t cCMp sS]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScRs f p eN:t cCHp s ])
X-Vcap-Request-Id
b8ed05d2-e4d5-482c-4ec7-011d611c9bbd
Access-Control-Expose-Headers
Location
Cache-Control
max-age=3600
Etag
"5f85ffcc-2339"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:42:27 GMT
xFi
melee.sed.dh.comcast.net/v2/event/
0
168 B
XHR
General
Full URL
https://melee.sed.dh.comcast.net/v2/event/xFi?en=pageload&t=1603607930380&timeStamp=2020-10-25T06:38:50.380Z&appVersion=2020.WW.U.1.Major&env=prod&pageStart=1603607930375&navigationStart=1603607930058&partner=comcast&appname=xFi
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:1f18:336:b301:aaf1:9ca:3557:bbe3 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Melee /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

melee-token
A7F9A9A7-D992-482E-89A3-DC64A822F6A8
Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
melee-cc
splunk
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/json

Response headers

status
204
date
Sun, 25 Oct 2020 06:38:50 GMT
x-client-id
xfi-web-infra
server
Melee
access-control-allow-origin
*
access-control-allow-headers
content-type,melee-cc,melee-token
access-control-allow-methods
POST, GET
XfinityStandard-Regular.woff2
static.cimcontent.net/fonts/latest/Xfinity_Standard/
26 KB
26 KB
Font
General
Full URL
https://static.cimcontent.net/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/devices/device/5C415A5C2593
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:2be::30d4 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AmazonS3 /
Resource Hash
138c0ead0fbcd09dd455df9870920e8725b367fbf02ac0cef0c62874000ab176

Request headers

Origin
https://internet-webview.xfinity.com
Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
kLBQWhXkUwwuS0hOSKJ2GQ_XrNE.oQFF
last-modified
Fri, 24 Jan 2020 21:23:01 GMT
server
AmazonS3
x-amz-cf-pop
FRA53-C1
etag
"e3e79cd377b28c1e7ffea64b194136cf"
content-type
font/woff2
status
200
cache-control
max-age=1161133
date
Sun, 25 Oct 2020 06:38:50 GMT
accept-ranges
bytes
access-control-allow-origin
*
content-length
26768
x-amz-cf-id
ByGny3xKJmpswLg8Ti3HbboM-DIgjnMnw6P8yL13EeMa4LUUOVQRAQ==
1.795335b2476d7754d86c.js
internet-webview.xfinity.com/en-US/bundles/
141 KB
46 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/1.795335b2476d7754d86c.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
858bcf299f6fede19cbbb0ba582251a00ad1c93d6712a7916abef84e03b61c24
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
45471
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:52 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 odol-atsmid-bos-12.needham.ma.boston.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
ebccf0dd-6ab1-44f0-7514-f421d22e01ed
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-b19f"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:40:05 GMT
2.c14297b229e07ac4d2f6.js
internet-webview.xfinity.com/en-US/bundles/
58 KB
18 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/2.c14297b229e07ac4d2f6.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
335f96c96b72d7ee921609cbdacdb9ccd91e9bd76d5a4f3f029b78ff8b5a5541
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
16845
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:52 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 odol-atsmid-pan-04.ivyland.pa.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
2b852ca6-fabe-4bf7-5e07-a19617e4912b
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-41cd"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:38:29 GMT
3.eb9fd6d014bcf10748a3.js
internet-webview.xfinity.com/en-US/bundles/
68 KB
16 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/3.eb9fd6d014bcf10748a3.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
0bc1a2344307239c2839a111ad0a68e240cfd5516b5e2c0d480364f161a538f8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
15061
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:53 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 odol-atsmid-bos-12.needham.ma.boston.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
daea4555-e7f0-401b-4b0a-6ed12f37f44d
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-3ad5"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:40:05 GMT
8.220c2ba022a0207d0f9c.js
internet-webview.xfinity.com/en-US/bundles/
22 KB
8 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/8.220c2ba022a0207d0f9c.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
bf1d6455bd0e236f73033a6c19c9f859d3fd3d4b03642c0ccd4b608e7d953817
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
6445
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:53 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 odol-atsmid-bos-10.needham.ma.boston.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
624cee12-5003-46ef-72a3-6b2a16b4df75
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-192d"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:38:29 GMT
react.aebf6cfeb810b704b249.js
internet-webview.xfinity.com/en-US/bundles/
134 KB
36 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/react.aebf6cfeb810b704b249.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
e641c2dcd7ccc9237b5583aa15f740a882ac820ae5a45f754478d36dbe74f254
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
35120
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:53 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 odol-atsmid-pan-04.ivyland.pa.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
b0033293-efbd-41b4-5e88-129c2b313f25
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-8930"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:40:05 GMT
0.4c18809c144d3934d28c.js
internet-webview.xfinity.com/en-US/bundles/
41 KB
11 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/0.4c18809c144d3934d28c.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
8f7df815083e1499a23cb6f2d626a0f87cde101a11a73d649d28514f6b493686
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
9787
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:53 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 cdn-mid-njs-05.audubon.nj.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uIcRs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
a1c101a2-2f33-4ae8-7f29-0a7e4f439d7b
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-263b"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:40:25 GMT
27.57d3578da3fef6ee2007.js
internet-webview.xfinity.com/en-US/bundles/
58 KB
18 KB
Script
General
Full URL
https://internet-webview.xfinity.com/en-US/bundles/27.57d3578da3fef6ee2007.js
Requested by
Host: internet-webview.xfinity.com
URL: https://internet-webview.xfinity.com/en-US/bundles/critical-path.abab5e7ebe3464d30342.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:558:fe03:7c::2 , United States, ASN7922 (COMCAST-7922, US),
Reverse DNS
Software
ATS/8.1.0 /
Resource Hash
1151f89d85fd2befb51d52cef924af3bbdb2eb337e792b8d4bfa7ae592c92534
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1

Request headers

Referer
https://internet-webview.xfinity.com/devices/device/5C415A5C2593
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
118
Connection
keep-alive
Vary
accept-language
Content-Length
17109
X-Xss-Protection
1
Last-Modified
Tue, 13 Oct 2020 19:28:12 GMT
Server
ATS/8.1.0
X-Frame-Options
sameorigin
Date
Sun, 25 Oct 2020 06:36:53 GMT
Strict-Transport-Security
max-age=2628000
Content-Language
en-US
Via
http/1.1 cdn-mid-njs-04.audubon.nj.panjde.comcast.net (ApacheTrafficServer/8.1.0 [uIcHs f p eN:t cCNp s ]), http/1.1 odol-atsec-har-15.carmel.ny.hartford.comcast.net (ApacheTrafficServer/8.1.0 [uScHs f p eN:t cCHp s ])
X-Vcap-Request-Id
f78ee449-849e-4910-54bf-b0d7b3388535
Access-Control-Expose-Headers
Location
Cache-Control
max-age=300
Etag
"5f85ffcc-42d5"
Content-Type
application/javascript; charset=utf-8
Expires
Sun, 25 Oct 2020 06:40:27 GMT

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes object| SIC object| SURF_N_PERF object| __tti object| LocalyticsGlobal object| Polymer object| WebComponents function| JsMutationObserver object| HTMLImports object| CustomElements function| unwrap function| wrap object| webpackJsonp object| BrowserInterface function| _localytics function| applyFocusVisiblePolyfill

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' data: https://*.comcast.com https://*.xfinity.com https://yhm.comcast.net https://*.xfinityspeedtest.comcast.net https://*.mw.comcast.net https://*.speedtest-web.sys.comcast.net:* https://melee.sed.dh.comcast.net https://*.cimcontent.net https://fonts.googleapis.com https://*.youtube.com https://*.ytimg.com https://cdn.stringify.com https://*.xerxessecure.com https://dh-platform-icons.comcast.net https://wjs.wurflcloud.com https://*.pulseinsights.com https://xfi-mock-accounts-api-prod.g1.app.cloud.comcast.net wss://d08820841hu6kdd22auhd-ats.iot.us-east-1.amazonaws.com wss://d05599641m3bvsy6ye06l-ats.iot.us-east-1.amazonaws.com;
Strict-Transport-Security max-age=2628000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1