urlscan.io logo urlscan.io
SecurityTrails logo

gnld1010.siteground.eu Open in urlscan Pro
35.214.192.93  Public Scan

Go To Rescan Add Verdict Report
URL: https://gnld1010.siteground.eu/webmail/log-in/
Submission Tags: @phishunt_io
Submission: On July 16 via api from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 35.214.192.93, located in Groningen, Netherlands and belongs to GOOGLE, US. The main domain is gnld1010.siteground.eu.
TLS certificate: Issued by R3 on June 16th 2021. Valid for: 3 months.
This is the only time gnld1010.siteground.eu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 35.214.192.93 15169 (GOOGLE)
8 2600:9000:215... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.230.233.81 14618 (AMAZON-AES)
11 4
Domain Requested by
8 webmail.siteground.com gnld1010.siteground.eu
webmail.siteground.com
2 gnld1010.siteground.eu 1 redirects
1 rk7cg7yk62.execute-api.us-east-1.amazonaws.com gnld1010.siteground.eu
1 fonts.googleapis.com webmail.siteground.com
11 4

This site contains no links.

Subject Issuer Validity Valid
gnld1010.siteground.eu
R3		 2021-06-16 -
2021-09-14		 3 months crt.sh
webmail.siteground.com
Amazon		 2021-03-02 -
2022-03-31		 a year crt.sh
upload.video.google.com
GTS CA 1O1		 2021-06-22 -
2021-09-14		 3 months crt.sh
*.execute-api.us-east-1.amazonaws.com
Amazon		 2020-08-19 -
2021-09-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://gnld1010.siteground.eu/webmail/log-in/
Frame ID: 421B428CD2E9F89E8ABBE565DCCCBEB4
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://gnld1010.siteground.eu/webmail/log-in HTTP 301
    https://gnld1010.siteground.eu/webmail/log-in/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /nginx(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i
Overall confidence: 100%
Detected patterns
  • headers via /\(CloudFront\)$/i

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

855 kB
Transfer

2835 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://gnld1010.siteground.eu/webmail/log-in HTTP 301
    https://gnld1010.siteground.eu/webmail/log-in/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
gnld1010.siteground.eu/webmail/log-in/
Redirect Chain
  • https://gnld1010.siteground.eu/webmail/log-in
  • https://gnld1010.siteground.eu/webmail/log-in/
85 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
35.214.192.93 Groningen, Netherlands, ASN15169 (GOOGLE, US),
Reverse DNS
93.192.214.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
d49fbc5bd63c3c379987c29a4f2d80154cf1673513278d8d8f27b583d1c2abba
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

:method
GET
:authority
gnld1010.siteground.eu
:scheme
https
:path
/webmail/log-in/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
none
sec-fetch-mode
navigate
sec-fetch-user
?1
sec-fetch-dest
document
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

server
nginx
date
Fri, 16 Jul 2021 13:17:28 GMT
content-type
text/html
vary
Accept-Encoding Accept-Encoding
cache-control
max-age=0,no-cache,no-store,must-revalidate
last-modified
Thu, 08 Jul 2021 11:28:55 GMT
etag
W/"2592a1ca01c68efc3aff2e933328bb90"
access-control-allow-origin
*
x-frame-options
DENY
x-xss-protection
1
x-cache
Miss from cloudfront
via
1.1 bda076aae92eaf83374971b76c395857.cloudfront.net (CloudFront)
x-amz-cf-pop
AMS1-C1
x-amz-cf-id
xb76ZocLnkvtImejQ_nmdnVh1ROMzGLqE0DOzanXAjIRm5URMqfAZg==
x-server-name
gnld1010.siteground.eu
x-real-ip
37.120.211.124
content-encoding
br

Redirect headers

server
nginx
date
Fri, 16 Jul 2021 13:17:27 GMT
content-type
text/html
content-length
162
location
https://gnld1010.siteground.eu/webmail/log-in/
x-server-name
gnld1010.siteground.eu
x-real-ip
37.120.211.124
styleguide~main.css
webmail.siteground.com/build_1625738863935_v1.53.0/ 		210 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/styleguide~main.css
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
862c65d4447fb1c1c105768e99cebbd3030844584ed965950875d50dbd411024
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 14:34:47 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:09 GMT
server
AmazonS3
age
81762
x-frame-options
DENY
etag
W/"56ab0cfc2bdee276bb27062dd3bfa4d8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
F6VwXIUuGGf5NG80I-t2FBBQPG8Jpvg1FIeMwaMBwRwEVMDh3w2vBQ==
x-xss-protection
1
main.css
webmail.siteground.com/build_1625738863935_v1.53.0/ 		7 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/main.css
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
603b41ef962a5642cdc0c75938c490dbe51b394c55c99560733b781900bb931a
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 14:17:01 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:09 GMT
server
AmazonS3
age
82828
x-frame-options
DENY
etag
W/"6df43a424f94b1a837da179824e7fe6f"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/css
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
r5ZxZCQNNQtHVsTmHs8avQVGEDaoMqwvYKsveDxhNKpf_XsJwcshlw==
x-xss-protection
1
polyfills.js
webmail.siteground.com/build_1625738863935_v1.53.0/ 		120 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/polyfills.js
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
8c8e18dcee8b0bf592d8147bf01019e3e268aa1f20559c0ffafe5ca6a60c5083
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 12:02:26 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:09 GMT
server
AmazonS3
age
4585
x-frame-options
DENY
etag
W/"3a04810322b462e67e72d6a4eeee16d9"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
v17effvjhwwLQOifSmwU4PqkTUm527GeZ99FwylPVXVfB_OAV_sYgQ==
x-xss-protection
1
react~main.js
webmail.siteground.com/build_1625738863935_v1.53.0/ 		121 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/react~main.js
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
373a8c17a37801247411cccdcc39a321504f3ef0ded1812538f52c87473c1c58
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 15:46:52 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:09 GMT
server
AmazonS3
age
77437
x-frame-options
DENY
etag
W/"3abef573af542eb0e6455d44ae6ae2bc"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
GKN5AYyBRpBF-P_O-ZRkRWTXHZPKSu051vBYVzXAe26K9eg0KJV1Qw==
x-xss-protection
1
styleguide~main.js
webmail.siteground.com/build_1625738863935_v1.53.0/ 		476 KB
101 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/styleguide~main.js
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
fccedd30935b3607898c1e0922f413072fee78df589b2d19658c6ecadef9157b
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 13:08:49 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:09 GMT
server
AmazonS3
age
521
x-frame-options
DENY
etag
W/"16b599a5909cf92d0aa1dfa89931cba8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
JMrwVA5o4RlPHXwH5Oq_-Y_Hz9WLK_w6w0QixestoJWOcWoUXFzZ2g==
x-xss-protection
1
vendors~main.js
webmail.siteground.com/build_1625738863935_v1.53.0/ 		548 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/vendors~main.js
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
99f97fd6a353751913d239348ac6cbdc217d84c6430240c32713ff28bd5a3313
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Fri, 16 Jul 2021 11:37:10 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:10 GMT
server
AmazonS3
age
6364
x-frame-options
DENY
etag
W/"4d1edee483a340f88633621181fd7658"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
qkpJoYaMATAtA_DGTgbCS19fNTICJTQB1XSrad7GTE-2tvkYbc4b2w==
x-xss-protection
1
main.js
webmail.siteground.com/build_1625738863935_v1.53.0/ 		461 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/main.js
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
995b457079cb327093e046220e7a2cb3c8fce1e8ae52ec533b739258fefe5501
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 15:46:52 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:09:09 GMT
server
AmazonS3
age
77437
x-frame-options
DENY
etag
W/"7451cfed5bc82080fdaeb1329d97fde8"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 a394c864b23364262af48fed4e7e9fad.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
Zz-ZqwFpimKV_Jv2kXOyq6vZJYL45h9zqKa0DfdyLjT2NndAMTeIhg==
x-xss-protection
1
css
fonts.googleapis.com/ 		32 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,600,700|Roboto+Condensed:300,400,700|Roboto:300,300i,400,400i,500,500i,700,700i&subset=latin-ext
Requested by
Host: webmail.siteground.com
URL: https://webmail.siteground.com/build_1625738863935_v1.53.0/styleguide~main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0a13704e48b558ae5db0d908c0a9a20b50b35b1b77630d7a178fd404e3112564
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://webmail.siteground.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Fri, 16 Jul 2021 13:09:52 GMT
server
ESF
date
Fri, 16 Jul 2021 13:17:28 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Fri, 16 Jul 2021 13:17:28 GMT
visits
rk7cg7yk62.execute-api.us-east-1.amazonaws.com/SPALogger/ 		0
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rk7cg7yk62.execute-api.us-east-1.amazonaws.com/SPALogger/visits?lastData=null&url=https://gnld1010.siteground.eu
Requested by
Host: gnld1010.siteground.eu
URL: https://gnld1010.siteground.eu/webmail/log-in/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.230.233.81 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-230-233-81.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers
passwords.json
webmail.siteground.com/build_1625738863935_v1.53.0/assets/data/ 		774 KB
380 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://webmail.siteground.com/build_1625738863935_v1.53.0/assets/data/passwords.json
Requested by
Host: webmail.siteground.com
URL: https://webmail.siteground.com/build_1625738863935_v1.53.0/styleguide~main.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2156:7600:5:2f83:4340:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1af1688fc3fea4e9f6dba0640b139e20e19f46066543e1c949e331e88d99a07e
Security Headers
Name Value
X-Frame-Options DENY
X-Xss-Protection 1

Request headers

Referer
https://gnld1010.siteground.eu/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Thu, 15 Jul 2021 21:13:02 GMT
content-encoding
gzip
last-modified
Thu, 08 Jul 2021 10:08:51 GMT
server
AmazonS3
age
57868
x-frame-options
DENY
etag
W/"7a68a931ba8f22b683f1f376049caf59"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/json
via
1.1 e64eb476d8f76c461d21278e018e194f.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA50-C1
access-control-allow-origin
*
x-amz-cf-id
GheTTG5Qux0MhaeaVqc93kdYCLyS1jzgPMi4ep22Z5DEWUVNF-Eglw==
x-xss-protection
1

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker boolean| originAgentCluster object| trustedTypes boolean| crossOriginIsolated function| addManifestToDOM string| url object| img function| webpackHotUpdate object| IntlPolyfill object| regeneratorRuntime object| __core-js_shared__ object| core object| webpackJsonp

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options DENY
X-Xss-Protection 1