Submitted URL: https://poif.eu/
Effective URL: https://poif.eu/poif/
Submission: On December 17 via manual from PL — Scanned from PL

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 195.238.245.131, located in Poland and belongs to BGK-AS Bank Gospodarstwa Krajowego, PL. The main domain is poif.eu.
TLS certificate: Issued by Certum Extended Validation CA SHA2 on November 6th 2024. Valid for: a year.
This is the only time poif.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 11 195.238.245.131 34730 (BGK-AS Ba...)
9 1
Apex Domain
Subdomains
Transfer
11 poif.eu
poif.eu
2 MB
9 1
Domain Requested by
11 poif.eu 2 redirects poif.eu
9 1

This site contains no links.

Subject Issuer Validity Valid
poif.eu
Certum Extended Validation CA SHA2
2024-11-06 -
2025-11-06
a year crt.sh

This page contains 1 frames:

Primary Page: https://poif.eu/poif/
Frame ID: 92834A894FE7BC98F5C6E0DA575590E2
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Logowanie do programu POIF

Page URL History Show full URLs

  1. https://poif.eu/ HTTP 302
    https://poif.eu/poif HTTP 301
    http://poif.eu/poif/ HTTP 307
    https://poif.eu/poif/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

9
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2215 kB
Transfer

2209 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://poif.eu/ HTTP 302
    https://poif.eu/poif HTTP 301
    http://poif.eu/poif/ HTTP 307
    https://poif.eu/poif/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
poif.eu/poif/
Redirect Chain
  • https://poif.eu/
  • https://poif.eu/poif
  • http://poif.eu/poif/
  • https://poif.eu/poif/
3 KB
4 KB
Document
General
Full URL
https://poif.eu/poif/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
e2632926db57b75bfa05806cbc0b9cbab2340cc67348114b97c15f1adb112bc3
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Content-Type
text/html; charset=UTF-8
Date
Tue, 17 Dec 2024 07:37:00 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Strict-Transport-Security
max-age=631138519; includeSubDomains
Transfer-Encoding
chunked
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://poif.eu/poif/
Non-Authoritative-Reason
HttpsUpgrades
styles.css
poif.eu/poif/templates/My/blue/css/
62 KB
62 KB
Stylesheet
General
Full URL
https://poif.eu/poif/templates/My/blue/css/styles.css?ver=9.31.6
Requested by
Host: poif.eu
URL: https://poif.eu/poif/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
dd249f33d86a63fa3ba2926c5512c2afa69cfa22cb362c8b0f92604333cd78e4
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"f664-61dd4ccb0ad58"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
63076
Keep-Alive
timeout=5, max=98
Date
Tue, 17 Dec 2024 07:37:00 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 22 Jul 2024 12:01:04 GMT
Content-Type
text/css
X-Frame-Options
SAMEORIGIN
ckeditor.js
poif.eu/poif/addons/ckeditor/build/
1 MB
1 MB
Script
General
Full URL
https://poif.eu/poif/addons/ckeditor/build/ckeditor.js
Requested by
Host: poif.eu
URL: https://poif.eu/poif/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
d586f175b1d96c67845c111381ab726c5fb7e9e114435fedb7558e27c5966d7a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"15f1fb-61bde6dbee1c7"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
1438203
Keep-Alive
timeout=5, max=100
Date
Tue, 17 Dec 2024 07:37:00 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 27 Jun 2024 12:39:58 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
jquery-3.4.1.min.js
poif.eu/poif/addons/jquery/
86 KB
87 KB
Script
General
Full URL
https://poif.eu/poif/addons/jquery/jquery-3.4.1.min.js
Requested by
Host: poif.eu
URL: https://poif.eu/poif/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
2b381363dda049f2d49a59037b228bc865d51ffb977c8f5c3547d5c28de48e3a
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"15851-61bde6dbf242f"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
88145
Keep-Alive
timeout=5, max=100
Date
Tue, 17 Dec 2024 07:37:00 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 27 Jun 2024 12:39:58 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
ace.js
poif.eu/poif/addons/ace/src-noconflict/
346 KB
347 KB
Script
General
Full URL
https://poif.eu/poif/addons/ace/src-noconflict/ace.js
Requested by
Host: poif.eu
URL: https://poif.eu/poif/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
f31ec48185580820077b1b3b75a0ea4522465c502784611b55426c7f58988472
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"568ea-61bde6dbea72f"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
354538
Keep-Alive
timeout=5, max=100
Date
Tue, 17 Dec 2024 07:37:00 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 27 Jun 2024 12:39:58 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
javascript-pl.js
poif.eu/poif/templates/My/blue/js/
297 KB
297 KB
Script
General
Full URL
https://poif.eu/poif/templates/My/blue/js/javascript-pl.js?ver=9.31.6
Requested by
Host: poif.eu
URL: https://poif.eu/poif/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
1131af20978a5a09949ba870684e3195dae9a8929abd8254b9109dcd0f7395d8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"4a303-61dd4ccb22071"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
303875
Keep-Alive
timeout=5, max=100
Date
Tue, 17 Dec 2024 07:37:00 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 22 Jul 2024 12:01:04 GMT
Content-Type
application/javascript
X-Frame-Options
SAMEORIGIN
logo-srednie.png
poif.eu/poif/icons/own/BGK/POIF/
7 KB
8 KB
Image
General
Full URL
https://poif.eu/poif/icons/own/BGK/POIF/logo-srednie.png
Requested by
Host: poif.eu
URL: https://poif.eu/poif/templates/My/blue/css/styles.css?ver=9.31.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
f7bd68016b6aa157985136bd6411ff67401d4e826238fd770fbe1e1c09c3f2d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/templates/My/blue/css/styles.css?ver=9.31.6

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"1bc0-61bde6dce79f5"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
7104
Keep-Alive
timeout=5, max=97
Date
Tue, 17 Dec 2024 07:37:00 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 27 Jun 2024 12:39:59 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN
logo-male.png
poif.eu/poif/icons/own/BGK/POIF/
3 KB
3 KB
Image
General
Full URL
https://poif.eu/poif/icons/own/BGK/POIF/logo-male.png
Requested by
Host: poif.eu
URL: https://poif.eu/poif/templates/My/blue/css/styles.css?ver=9.31.6
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
229600f8d88c9996ef34ca3dd6fe05b9f056058dfa5ddbd54989105715cb3e3d
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/templates/My/blue/css/styles.css?ver=9.31.6

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"a89-61bde6dce79f5"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
2697
Keep-Alive
timeout=5, max=99
Date
Tue, 17 Dec 2024 07:37:01 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 27 Jun 2024 12:39:59 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN
favicon-32x32.png
poif.eu/poif/icons/own/BGK/POIF/
854 B
1 KB
Other
General
Full URL
https://poif.eu/poif/icons/own/BGK/POIF/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
195.238.245.131 , Poland, ASN34730 (BGK-AS Bank Gospodarstwa Krajowego, PL),
Reverse DNS
Software
/
Resource Hash
edd8f05d2ddd2b88ec281649b53a4e97220b225176972fcde2ed5570758772b7
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://poif.eu/poif/

Response headers

Strict-Transport-Security
max-age=631138519; includeSubDomains
Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
ETag
"356-61bde6dce79f5"
X-Content-Security-Policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Connection
Keep-Alive
X-WebKit-CSP
default-src 'self' 'unsafe-inline' 'unsafe-eval'
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
854
Keep-Alive
timeout=5, max=99
Date
Tue, 17 Dec 2024 07:37:01 GMT
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 27 Jun 2024 12:39:59 GMT
Content-Type
image/png
X-Frame-Options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| COPY_PATH string| CKEDITOR_BASEPATH object| CKEDITOR_TRANSLATIONS string| CKEDITOR_VERSION function| ClassicEditor function| $ function| jQuery object| ace object| a_langs object| jLinteCSSSelectors object| template object| jLinteToolbox object| jLinteAjax object| jLinteAjaxWindowRaw object| jLinteAjaxWindowPure object| jLinteAjaxWindowSimple object| jLinteAjaxListing function| _ajaxFormWindowFillUp function| _ajaxFormAddToSubmit function| _ajaxFormShowCalendar function| _ajaxFormLoadCalendar function| _ajaxFormChooseDate function| _ajaxGetThisFieldOrder function| _ajaxFormFieldReload function| _ajaxFormFieldReloadFillUp function| _ajaxJsonGetForSelect function| _ajaxJsonGetForFunction function| _ajaxJsonGetForQueue object| jLinteScreen object| jLinteAlerts object| jLinteDownload object| jLinteClocks object| jLinteDropDowns object| jLinteCkeditor object| jLinteMenus object| jLinteViews object| jLinteLists object| jLinteForms object| jLinteFormsGrouping object| jLinteFormsSelectSearch object| jLinteSummary object| jLinteCustom object| jLinteCustom_StatisticsIndicatorGenerator object| amendment object| jLinteDocumentation object| _windowAdjustOnce_do object| _windowAdjustManyTimes_do function| _windowAdjustOnce function| _windowAdjustManyTimes object| BGK_POIF object| BGK_POIF_ReflowForm function| Dropzone number| i_result object| hepler number| v string| s_uri number| i_baseDir object| o_element object| $o_element object| a_cssSelectorBase object| a_methodCall

2 Cookies

Domain/Path Name / Value
poif.eu/ Name: PHPSESSID
Value: 2bjicef7nt4sihth76h7h5e84c
poif.eu/ Name: TS015a67d5
Value: 0182c0886095a388ab08e831c2680e4b5ef8f9c7df6f3effa49a28b75febf6562bdb0e677c1142cc831d13258c3ff3fae4806683fdde7acb04123170b67f81d352d2e690d2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
Strict-Transport-Security max-age=631138519; includeSubDomains
X-Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src 'self' data:
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block