api.whatsapp.com Open in urlscan Pro
2a03:2880:f276:1c2:face:b00c:0:167  Public Scan

Submitted URL: https://url07.xyz/j/BQjRVipe2174
Effective URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Submission: On October 02 via manual from CO — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 5 domains to perform 17 HTTP transactions. The main IP is 2a03:2880:f276:1c2:face:b00c:0:167, located in Frankfurt am Main, Germany and belongs to FACEBOOK, US. The main domain is api.whatsapp.com. The Cisco Umbrella rank of the primary domain is 18268.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on July 11th 2023. Valid for: 3 months.
This is the only time api.whatsapp.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
1 1 2606:4700:440... 13335 (CLOUDFLAR...)
16 2a03:2880:f27... 32934 (FACEBOOK)
17 2
Apex Domain
Subdomains
Transfer
14 whatsapp.net
static.whatsapp.net — Cisco Umbrella Rank: 1284
290 KB
2 whatsapp.com
api.whatsapp.com — Cisco Umbrella Rank: 18268
33 KB
1 007.ma
007.ma
194 B
1 url07.xyz
url07.xyz
503 B
0 Failed
function sub() { [native code] }. Failed
17 5
Domain Requested by
14 static.whatsapp.net api.whatsapp.com
static.whatsapp.net
2 api.whatsapp.com static.whatsapp.net
1 007.ma 1 redirects
1 url07.xyz 1 redirects
0 send Failed static.whatsapp.net
17 5
Subject Issuer Validity Valid
*.whatsapp.net
DigiCert SHA2 High Assurance Server CA
2023-07-11 -
2023-10-09
3 months crt.sh

This page contains 1 frames:

Frame: whatsapp://send/?phone=16478146650&text&app_absent=0
Frame ID: 7609A624DAD7B2DE9A1D222074C8A73E
Requests: 17 HTTP requests in this frame

Screenshot

Page Title

In WhatsApp teilen

Page URL History Show full URLs

  1. https://url07.xyz/j/BQjRVipe2174 HTTP 302
    https://007.ma/new-ws-api/counter/work/shunt/account/1708496047056437249 HTTP 302
    https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0 Page URL

Page Statistics

17
Requests

94 %
HTTPS

100 %
IPv6

5
Domains

5
Subdomains

2
IPs

2
Countries

323 kB
Transfer

1033 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://url07.xyz/j/BQjRVipe2174 HTTP 302
    https://007.ma/new-ws-api/counter/work/shunt/account/1708496047056437249 HTTP 302
    https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

17 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request send
api.whatsapp.com/
Redirect Chain
  • https://url07.xyz/j/BQjRVipe2174
  • https://007.ma/new-ws-api/counter/work/shunt/account/1708496047056437249
  • https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
165 KB
33 KB
Document
General
Full URL
https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
dca18c097287f012a49815796492bc0df997779a8e2b355ae15937076488890e
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.fbcdn.net *.whatsapp.com *.whatsapp.net;style-src 'self' data: blob: 'unsafe-inline' whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net https://static.whatsapp.net;img-src 'self' data: blob: whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
br
content-security-policy
default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.fbcdn.net *.whatsapp.com *.whatsapp.net;style-src 'self' data: blob: 'unsafe-inline' whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net https://static.whatsapp.net;img-src 'self' data: blob: whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
date
Mon, 02 Oct 2023 05:42:35 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
origin-agent-cluster
?0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
pragma
no-cache
strict-transport-security
max-age=31536000; preload; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-debug
jk1xw5VjhwpTlF/8LJJG9rUwpTtTIXBcduz0/zAAeLzBqRcvW80vr0/w2anPmZjqbEgwQyGvyv0p73GH7aNNhQ==
x-frame-options
DENY
x-xss-protection
0

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
80fa9f717ede3a68-FRA
content-length
0
date
Mon, 02 Oct 2023 05:42:35 GMT
location
https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
server
cloudflare
C2fHuK6eV5E.css
static.whatsapp.net/rsrc.php/v3/yI/l/0,cross/
7 KB
2 KB
Stylesheet
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yI/l/0,cross/C2fHuK6eV5E.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d1aa6c4ab2daba84e9082980e75f0bab05b5c126fe50ec98844a579585c5ba0f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
k8V3InxfvjCMTYkVYlCuYg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1765
x-fb-debug
NAMje8TuK+p8dOSZtO68pXZ7LPP+bzhAg+xfBZVYq7viJN7zL/MQ7NJX3mVkkwMVa1Dud2gDQgct/r/QvTgsUA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 25 Sep 2024 20:53:48 GMT
KJjmJe_R21s.css
static.whatsapp.net/rsrc.php/v3/yP/l/0,cross/
132 KB
26 KB
Stylesheet
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yP/l/0,cross/KJjmJe_R21s.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c01263899328bf32e69408d9e9aa60c92c171ef846ed9d00cfeb1acf616a4bcc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
GO4Dyk5phUq6Jd6F+79eCA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
26124
x-fb-debug
sj2gaJVVHPVvVtnKRACzViVPE75f+HCqjYFGjudrKeAQxlVKR7wXRBagZXA+emupSZyTWf/JOjSoAPkUgzWXfQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Sep 2024 01:28:30 GMT
WSFzBDG0j5M.css
static.whatsapp.net/rsrc.php/v3/yL/l/0,cross/
44 KB
11 KB
Stylesheet
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yL/l/0,cross/WSFzBDG0j5M.css?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
01433737fc2d7ab7e715a4dbb7697263c18cf207818160de04a6b4015865e8cc
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
QDARdJuUrvzUx4ApJriFoQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10984
x-fb-debug
bp3XB8WIAjCoPvsqEamNLjF3nYSutBn1zIsgmtKzcGkKDXtFNQlIf2gEbtbd+uEZ5Wf1yPfdho6lLt5AcVagOA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
expires
Mon, 30 Sep 2024 15:29:37 GMT
e_Kj5Xrx7lO.js
static.whatsapp.net/rsrc.php/v3/y-/r/
316 KB
97 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
82f6eb070796ef452d2cfb962ae1c94e7e5fe91b2b31ef839872fd9ba9ef64ee
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
Ge3SoQTX+MV/D4oVvSlWcA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
99289
x-fb-debug
pAU18l18ezn/neIPEJ04dNrg11jesNHpBo23AVLnC4bpC1LhVeEvsjbDd/ByMIitXB0VqwG7xh3QGdO3BRTD9Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 26 Sep 2024 22:30:38 GMT
mdQNdcFMi0p.png
static.whatsapp.net/rsrc.php/v3/yq/r/
29 KB
29 KB
Image
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yq/r/mdQNdcFMi0p.png
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2fe76a197d3891f7848604c87a945231c4dd2e39a74bdaed45ac5648a0dd72e2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.whatsapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
x-content-type-options
nosniff
content-md5
IVaYuPdjzmEsQZZPDxTlBw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
29526
x-fb-debug
Ie8Y7CUPoUntlVY6fIvHoZULjLIX0NvR1Ta2CiVlVmhFUqvws1f88t5Na+XN+uIOS0NzKIn+Z/HlnP3mzoLj9g==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Sep 2024 01:53:34 GMT
DSxOAUB0raA.png
static.whatsapp.net/rsrc.php/v3/y7/r/
29 KB
29 KB
Image
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/y7/r/DSxOAUB0raA.png
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0dbcd72a5bcfd55a91eafa6c362c67e1d434016fc85308e17f99af100565be0b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.whatsapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
x-content-type-options
nosniff
content-md5
a9eq19Sw3ADUrf328MvzmQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
29465
x-fb-debug
RTeiHqhn9S6jDnU+4tHK7eYuowffiwgy4jcVbt0U//qijm953s3p58uz9kHU83o07YcAoEq6GTN/WdqfvnDm7Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
x-fb-optimizer
0
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=3,i
expires
Sat, 28 Sep 2024 05:09:10 GMT
Qhrnh5evyPV.png
static.whatsapp.net/rsrc.php/v3/yJ/r/
1 KB
1 KB
Image
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yJ/r/Qhrnh5evyPV.png
Requested by
Host: api.whatsapp.com
URL: https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
2ef47efe21bd38445e6d97a32ed9f20cf53b0d1b429e9b35fec31188f60e2564
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://api.whatsapp.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
x-content-type-options
nosniff
content-md5
xLWjtClzX1uuuuJMJlqnCw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1222
x-fb-debug
L5Mj/RI30IgOsfdJo5O4jBwu09fMkX9X75Hlj4cOTqvXgy4ccM3UHm9h09eNB+YzORAzx8cVaNNJ//a6lAPWuw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=3,i
expires
Tue, 10 Sep 2024 10:53:38 GMT
Hi-U8mBhilw.js
static.whatsapp.net/rsrc.php/v3/y1/r/
12 KB
4 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/y1/r/Hi-U8mBhilw.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
9fd7be3f5f9f5358768d0b731cc1fcacff6c89e8b24c1e28d411d0ca5af52b79
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
id200e+A5xJ07Gc8iM91jg==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
4167
x-fb-debug
jAbA52cwmsgxlyqox/B3dohLEiYG60tO50/GxWYc54j5U+34d+wz7zTEgVFOOw8KEyI5ZyOqWU/u8KLIHb2yTg==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 28 Sep 2024 05:31:30 GMT
MTziiwG_9pY.js
static.whatsapp.net/rsrc.php/v3/yI/r/
50 KB
17 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yI/r/MTziiwG_9pY.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5ed00cc44ee067248bc72873723a95aebf4cc69228e63ecbc6a92ba8cc58fd5d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
d/1GmYbWGfq5WZDZB7dHUQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
16926
x-fb-debug
2/gFAlyi9qBSN5LDVzTLZppVB24pesHxhnatXojtH2/8mocAWC5NrZMB84uYqFmu4bpuQpahe14GuppjOZvciQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=1
expires
Fri, 27 Sep 2024 02:56:19 GMT
GMaxARSaxF2.js
static.whatsapp.net/rsrc.php/v3iN_84/yv/l/de_DE/
108 KB
29 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3iN_84/yv/l/de_DE/GMaxARSaxF2.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
933dcd9836bc41a8c61219cd5d5c56dd6e96ccc0c6c2fe014dccfdf3520c2e4e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
YCcU9vVPUnDZEc5VyOX2YA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
29394
x-fb-debug
jo26Ja4I7Y5s7vsbiNw6CIPopFL96kKsASoTGYAzI4I7D4tDe3dnJYdH2m49D0u05zCxTHOwnHb8AQ1ypxLPLQ==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=1
expires
Fri, 27 Sep 2024 21:40:03 GMT
HzxD9aAXSyD.js
static.whatsapp.net/rsrc.php/v3/yV/r/
55 KB
16 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yV/r/HzxD9aAXSyD.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c7d5594f3a599ccd0b1a336bb68a24d59882f394bb0b9c9a29c5200cd2b48468
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
NdQ05o8SIGp0dm35OYdj4A==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
16599
x-fb-debug
pAXLgXvCNlAhQ13Ud924yG4YrFv+s/EFUJwXE5jv/zi+p9ZMv4POr57mv/lyK3dhe6k4gqf5onxz9ENwEr0bJw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=1
expires
Sun, 29 Sep 2024 00:19:27 GMT
IaIMbc4xURz.js
static.whatsapp.net/rsrc.php/v3/y7/r/
42 KB
13 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/y7/r/IaIMbc4xURz.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
dfaf88a01a374cc49350df8f6bbb6008a102c988a9474bd08a9d2916fd55bb85
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
/2m+ZDLI7o8PXOP+kFfDzQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13665
x-fb-debug
PBYOHFNXqPQ+ATvPG55JI54rGRl1FzqogXzOwEJneDatV+1MIU2B+rXNv23uruGOuLGgFd0jpJVKlbN9htrF7w==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=1
expires
Thu, 26 Sep 2024 21:38:17 GMT
vjbKCjVd5OR.js
static.whatsapp.net/rsrc.php/v3/yV/r/
3 KB
1 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3/yV/r/vjbKCjVd5OR.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
deb19461b99dad3ce41d514c7e87ab82022acd5399c305d4f2be363205b9308f
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
j7Yr2/lEI2TeeBnTBDnNxQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1198
x-fb-debug
cFsC9llB6/6Mn/P7AxaMLKuRR05+EMNgxn8i5hM9MNqJnBvGwKtYcf4bzFO0qDPgtCAFyw1BKsxedxI03hUupw==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=1
expires
Sat, 28 Sep 2024 03:14:49 GMT
r-kGFamJ8YH.js
static.whatsapp.net/rsrc.php/v3i2UN4/ym/l/de_DE/
41 KB
14 KB
Script
General
Full URL
https://static.whatsapp.net/rsrc.php/v3i2UN4/ym/l/de_DE/r-kGFamJ8YH.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y-/r/e_Kj5Xrx7lO.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e0b1f32edc33cca996d2990a5beb17a0d087be6bb3282aadfc74091cfabd5cb0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://api.whatsapp.com/
Origin
https://api.whatsapp.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36

Response headers

date
Mon, 02 Oct 2023 05:42:35 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-md5
AYKcrWknf8DbjkcVA4VYXQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
13865
x-fb-debug
AqwUfJYlTxHlQTDPwn1/mEF7KpTkNdMNeK9CHIiOOeaiEgIxxyIGv6nUDZp7WuJ8bRSSJzEx38pt2rRkhU/Y7Q==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
origin-agent-cluster
?0
cache-control
public,max-age=31536000,immutable
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(self), geolocation=(self), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(self), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
accept-ranges
bytes
timing-allow-origin
*
priority
u=1
expires
Thu, 26 Sep 2024 21:40:11 GMT
/
send/
0
0

bz
api.whatsapp.com/ajax/
0
116 B
XHR
General
Full URL
https://api.whatsapp.com/ajax/bz?__a=1&__ccg=UNKNOWN&__dyn=7xe6E5aQ1PyUbFuC1swgE98nwgU29zEdEc8uwdK0lW4o3Bw5VCwjE3awbG78b87C0yE1VohwnU1oU881FU1u83mwaS0zE5W0PU1mUdE17U2ZwrU19E36w&__hs=19632.BP%3Awhatsapp_www_pkg.2.0..0.0&__hsi=7285232427996232058&__req=1&__rev=1008974485&__s=%3A%3A7e7769&__user=0&dpr=1&jazoest=21743&lsd=Lzi15A_HuJ_380_njYWI54
Requested by
Host: static.whatsapp.net
URL: https://static.whatsapp.net/rsrc.php/v3/y7/r/IaIMbc4xURz.js?_nc_x=Ij3Wp8lg5Kz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f276:1c2:face:b00c:0:167 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.fbcdn.net *.whatsapp.com *.whatsapp.net;style-src 'self' data: blob: 'unsafe-inline' whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net https://static.whatsapp.net;img-src 'self' data: blob: whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://api.whatsapp.com/send?phone=16478146650&text=&app_absent=0
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryWRMmXeKgizgGApj2

Response headers

content-security-policy
default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.fbcdn.net *.whatsapp.com *.whatsapp.net;style-src 'self' data: blob: 'unsafe-inline' whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net https://static.whatsapp.net;img-src 'self' data: blob: whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=31536000; preload; includeSubDomains
x-content-type-options
nosniff
date
Mon, 02 Oct 2023 05:42:36 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
q52m7eYcm59lwcOATY52ts8sw8qjj1RSL7mFTRdM+KnDOLFNTaCiNb/XN9V30473qJSh+COMxvlOTTW+K+8vPw==
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://api.whatsapp.com
origin-agent-cluster
?0
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), microphone=(), midi=(), payment=(), screen-wake-lock=(), serial=(), usb=()
vary
Origin
priority
u=1,i
expires
Sat, 01 Jan 2000 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
send
URL
whatsapp://send/?phone=16478146650&text&app_absent=0

Verdicts & Comments Add Verdict or Comment

66 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture function| envFlush object| Env number| __DEV__ undefined| MAX_CALLS_TO_EXEC function| __annotator function| __bodyWrapper function| __t function| __w function| emptyFunction function| FB_enumerate function| __m object| babelHelpers function| define function| require function| requireInterop function| importDefault function| importNamespace function| requireDynamic function| requireLazy object| __onBeforeModuleFactory object| __onAfterModuleFactory function| __d function| $RefreshReg$ function| $RefreshSig$ function| getErrorSafe object| ErrorGuard object| ErrorSerializer object| ErrorUtils function| Arbiter function| $ function| ge object| Parent object| TimeSlice function| goURI object| PageEvents function| _domcontentready function| onloadRegister_DEPRECATED function| onloadRegister function| onafterloadRegister_DEPRECATED function| onafterloadRegister function| onleaveRegister function| onbeforeunloadRegister function| onunloadRegister object| Bootloader function| $E number| __bigPipeFactory string| _script_path object| onloadhooks function| now_inl number| __bigPipeFR number| __bigPipeCtor object| bigPipe function| AsyncRequest object| PageHooks function| _domreadyHook function| _onloadHook function| runHook function| runHooks function| keep_window_set_as_loaded object| domreadyhooks object| __FB_STORE object| onafterunloadhooks boolean| domready boolean| loaded object| onunloadhooks

2 Cookies

Domain/Path Name / Value
url07.xyz/ Name: JSESSIONID
Value: E47AC81A258CCF4D1CE66156A0EE38E1
007.ma/ Name: JSESSIONID
Value: A36AEC7F2127F75632DA6AEF95C5A49A

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'ambient-light-sensor'.
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'bluetooth'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' *.fbcdn.net *.whatsapp.com *.whatsapp.net;style-src 'self' data: blob: 'unsafe-inline' whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.com;font-src data: https://*.fbcdn.net https://static.whatsapp.net;img-src 'self' data: blob: whatsapp.com *.whatsapp.com fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com whatsapp.net *.whatsapp.net;frame-src 'self' data: blob: whatsapp:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0