Submitted URL: http://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrerfToT-2FH0tAb2HSERSUM...
Effective URL: https://www.ing.be/nl/retail/Pages/security.aspx
Submission: On June 05 via api from BE — Scanned from DE

Summary

This website contacted 2 IPs in 2 countries across 2 domains to perform 3 HTTP transactions. The main IP is 23.201.244.16, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.ing.be. The Cisco Umbrella rank of the primary domain is 497897.
TLS certificate: Issued by Entrust Certification Authority - L1M on July 12th 2023. Valid for: a year.
This is the only time www.ing.be was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.52 11377 (SENDGRID)
3 23.201.244.16 16625 (AKAMAI-AS)
3 2
Apex Domain
Subdomains
Transfer
3 ing.be
www.ing.be — Cisco Umbrella Rank: 497897
48 KB
1 ing.com
url8359.ing.com
251 B
3 2
Domain Requested by
3 www.ing.be www.ing.be
1 url8359.ing.com 1 redirects
3 2

This site contains no links.

Subject Issuer Validity Valid
www.ing.be
Entrust Certification Authority - L1M
2023-07-12 -
2024-08-11
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.ing.be/nl/retail/Pages/security.aspx
Frame ID: E59C6E4460EC40DBCD52A5726972B731
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Error Page

Page URL History Show full URLs

  1. http://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrer... HTTP 307
    https://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrer... HTTP 302
    https://www.ing.be/nl/retail/Pages/security.aspx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)

Overall confidence: 100%
Detected patterns

Page Statistics

3
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

2
Countries

48 kB
Transfer

87 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrerfToT-2FH0tAb2HSERSUMw-2BLAsbPVy2OQ-3D-3DQBYK_g2kI6ZmHqya1oMLfwYESigC3q3WJBPA8eQNyHQsqbpaRcHCXOemr-2BXBkR88souNe9-2FDZXdSO4P5phSCMq5W2XjyjCcrgYzFK-2B7IQoDFp8gy4jQingfwIAjXiIcq13FAK3gcU2d5-2FqF-2B0S-2FOMdfejSDRD5dGUqU8fWHrql8Zkl56MzSVDnJVdvadyg4PQgNchsYjX3-2F3jVifxxljVS4t-2B-2FLetE-2F2xDBt-2FtiZmX5mV-2BflA4l2mBBbXpF-2FeRVX4TCLFCHzHjR5TjFXtDxNKcv0GjKE0QHzD2w7Nq3awvCGTjNVCAjy5tRsXw659WV5PNRLlAnveIVXVDMSe6b6gq-2FYLUxG3QJLA5vevmWMqi-2FTx1hjNZP33gFXn3PkVVKnVsdHNyUjA40Hes1selVHFvQKQomSuuALj3iIdPS6xsVdSjkguZ30rNs-2Fmr0L2gWVSIzUFY8rBNWWJ4f1a40AgGnpWY1Ndg4sEOp6gJzAq9Ss7OS-2FO7Zpjyaeiy8CqVCY3BNOBns1YWzaR1xYRXALnf1bdzn1yaI79zO4TmyNhReky0KaOChSJEqOSeILxhawu0BboHklGOlNC-2F8HIw1xUstKa3VBfGxBddqcs4yQ-2B8KJJ4ahP0t3l3kFg0qLFSvHkdluXaV4xvxx1pPPiwqU0G3RgUQyQ5X4r2BjmjCYrm-2Bo-2FuilgrEC3z6OmjHkwtK-2BLgEF0ctCZXqsdZ0xdtK3f5oS-2FUfUAxI2yZ4ezJUTN0gJ8Ke42XRkHzc-2FFlvG63j-2BIZwuJu2BZVTnSYnhRGbxJOWVGO6yjbHT7dOcb-2B1HAcbJwAo3fIgkfGnoZj-2FJ1NhOHC66OQwAYuzufi-2B-2FkJ5DmhZrVPq6TFt3AoM-2BbbDFITmyb-2FUZEGbAXJ2AwT1GaGm7sNoo5 HTTP 307
    https://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrerfToT-2FH0tAb2HSERSUMw-2BLAsbPVy2OQ-3D-3DQBYK_g2kI6ZmHqya1oMLfwYESigC3q3WJBPA8eQNyHQsqbpaRcHCXOemr-2BXBkR88souNe9-2FDZXdSO4P5phSCMq5W2XjyjCcrgYzFK-2B7IQoDFp8gy4jQingfwIAjXiIcq13FAK3gcU2d5-2FqF-2B0S-2FOMdfejSDRD5dGUqU8fWHrql8Zkl56MzSVDnJVdvadyg4PQgNchsYjX3-2F3jVifxxljVS4t-2B-2FLetE-2F2xDBt-2FtiZmX5mV-2BflA4l2mBBbXpF-2FeRVX4TCLFCHzHjR5TjFXtDxNKcv0GjKE0QHzD2w7Nq3awvCGTjNVCAjy5tRsXw659WV5PNRLlAnveIVXVDMSe6b6gq-2FYLUxG3QJLA5vevmWMqi-2FTx1hjNZP33gFXn3PkVVKnVsdHNyUjA40Hes1selVHFvQKQomSuuALj3iIdPS6xsVdSjkguZ30rNs-2Fmr0L2gWVSIzUFY8rBNWWJ4f1a40AgGnpWY1Ndg4sEOp6gJzAq9Ss7OS-2FO7Zpjyaeiy8CqVCY3BNOBns1YWzaR1xYRXALnf1bdzn1yaI79zO4TmyNhReky0KaOChSJEqOSeILxhawu0BboHklGOlNC-2F8HIw1xUstKa3VBfGxBddqcs4yQ-2B8KJJ4ahP0t3l3kFg0qLFSvHkdluXaV4xvxx1pPPiwqU0G3RgUQyQ5X4r2BjmjCYrm-2Bo-2FuilgrEC3z6OmjHkwtK-2BLgEF0ctCZXqsdZ0xdtK3f5oS-2FUfUAxI2yZ4ezJUTN0gJ8Ke42XRkHzc-2FFlvG63j-2BIZwuJu2BZVTnSYnhRGbxJOWVGO6yjbHT7dOcb-2B1HAcbJwAo3fIgkfGnoZj-2FJ1NhOHC66OQwAYuzufi-2B-2FkJ5DmhZrVPq6TFt3AoM-2BbbDFITmyb-2FUZEGbAXJ2AwT1GaGm7sNoo5 HTTP 302
    https://www.ing.be/nl/retail/Pages/security.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

3 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request security.aspx
www.ing.be/nl/retail/Pages/
Redirect Chain
  • http://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrerfToT-2FH0tAb2HSERSUMw-2BLAsbPVy2OQ-3D-3DQBYK_g2kI6ZmHqya1oMLfwYESigC3q3WJBPA8eQNyHQsqbpaRcHCXOemr-...
  • https://url8359.ing.com/ls/click?upn=u001.Xg7dD3wQTiPL1ARfd9fj7GtUJ7-2FXefSa1NbYmjxKu1Q3thCBettJSrerfToT-2FH0tAb2HSERSUMw-2BLAsbPVy2OQ-3D-3DQBYK_g2kI6ZmHqya1oMLfwYESigC3q3WJBPA8eQNyHQsqbpaRcHCXOemr...
  • https://www.ing.be/nl/retail/Pages/security.aspx
37 KB
38 KB
Document
General
Full URL
https://www.ing.be/nl/retail/Pages/security.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.244.16 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-244-16.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
aefde26261c37551a1e07bc791b552fd47d3a3a62c6fc2f432b06a0a4a0a0f26
Security Headers
Name Value
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

akamai-grn
0.8ef01002.1717611262.7483fb9e
cache-control
private, max-age=0, no-cache, no-store
content-length
37813
content-type
text/html; charset=utf-8
date
Wed, 05 Jun 2024 18:14:22 GMT
expires
0
pragma
no-cache
strict-transport-security
max-age=31622400; includeSubDomains
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-ing-response-id
4136f8fedeed0de564b009868ff92fce
x-xss-protection
1; mode=block

Redirect headers

Connection
keep-alive
Content-Length
71
Content-Type
text/html; charset=utf-8
Date
Wed, 05 Jun 2024 18:14:22 GMT
Location
https://www.ing.be/nl/retail/Pages/security.aspx
Server
nginx
X-Robots-Tag
noindex, nofollow
open-local-be
www.ing.be/static-fe/
22 KB
5 KB
Other
General
Full URL
https://www.ing.be/static-fe/open-local-be
Requested by
Host: www.ing.be
URL: https://www.ing.be/nl/retail/Pages/security.aspx
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.244.16 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-244-16.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c9baa6f97dea56ac8fbd82a3d91a42ca4874ee060e1bd4af5e7112c0d2be4829
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://*.cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self' api.www.ing.be; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.www.ing.be wss://*.twilio.com; style-src 'self' 'unsafe-inline' data: https://*.cdn.ing.com; img-src 'self' data: blob: https://*.cdn.ing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.www.ing.be data: https://*.cdn.ing.com; media-src https://*.cdn.ing.com https://assets.ing.com data: https://ebanking.*.ing.be;
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.ing.be/nl/retail/Pages/security.aspx
Origin
https://www.ing.be
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31622400; includeSubDomains
content-security-policy
default-src 'self'; font-src 'self' data: https://*.cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self' api.www.ing.be; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.www.ing.be wss://*.twilio.com; style-src 'self' 'unsafe-inline' data: https://*.cdn.ing.com; img-src 'self' data: blob: https://*.cdn.ing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.www.ing.be data: https://*.cdn.ing.com; media-src https://*.cdn.ing.com https://assets.ing.com data: https://ebanking.*.ing.be;
x-content-type-options
nosniff
date
Wed, 05 Jun 2024 18:14:23 GMT
last-modified
Wed, 05 Jun 2024 15:48:45 GMT
content-encoding
gzip
akamai-grn
0.8ef01002.1717611263.748400be
etag
"3CEB891BC7E7BD68"
vary
Accept-Encoding
content-type
text/html
cache-control
no-cache
x-ing-response-id
611e57ba46886ad52d3a73bd9ee80ce2
content-length
3339
x-xss-protection
1; mode=block
x-akamai-transformed
9 2928 0 pmb=mTOE,2
truncated
/
43 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
46383d6e1aba0460a3c010bc2b3a233d68e59e500917ab8ffdfdd1a1d277c360

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
17 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
c8c7d110f0e4a023d17502f0073b47ed7e8499d9adb1d303cc797c5af5a7a662

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/
54 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
48cd2211f02d79d7ac39fdba8eb3a2df1e766ca642c8d3e86f6cc84c10096fbd

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/
513 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
62c7c3765edcc6fe790df7640c78834de117aecf71e9ef0f4f46ed08ebbf3a07

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
favicon.ico
www.ing.be/static-fe/ing-app-be-daily-banking-shell/packages/ing-app-be-daily-banking-shell/assets/images/favicons/
7 KB
4 KB
Other
General
Full URL
https://www.ing.be/static-fe/ing-app-be-daily-banking-shell/packages/ing-app-be-daily-banking-shell/assets/images/favicons/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.201.244.16 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-201-244-16.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
cf7fa75dfa95e4cdff567a10c10186d7a5bf7bba10e6022b8669e76594a150aa
Security Headers
Name Value
Content-Security-Policy default-src 'self'; font-src 'self' data: https://*.cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self' api.www.ing.be; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.www.ing.be wss://*.twilio.com; style-src 'self' 'unsafe-inline' data: https://*.cdn.ing.com; img-src 'self' data: blob: https://*.cdn.ing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.www.ing.be data: https://*.cdn.ing.com; media-src https://*.cdn.ing.com https://assets.ing.com data: https://ebanking.*.ing.be;
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.ing.be/nl/retail/Pages/security.aspx
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31622400; includeSubDomains
content-security-policy
default-src 'self'; font-src 'self' data: https://*.cdn.ing.com; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; form-action 'self' api.www.ing.be; upgrade-insecure-requests; block-all-mixed-content; connect-src 'self' api.www.ing.be wss://*.twilio.com; style-src 'self' 'unsafe-inline' data: https://*.cdn.ing.com; img-src 'self' data: blob: https://*.cdn.ing.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' api.www.ing.be data: https://*.cdn.ing.com; media-src https://*.cdn.ing.com https://assets.ing.com data: https://ebanking.*.ing.be;
x-content-type-options
nosniff
date
Wed, 05 Jun 2024 18:14:23 GMT
content-encoding
gzip
akamai-grn
0.8ef01002.1717611262.748400bf
content-length
3215
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 30 May 2024 20:57:43 GMT
etag
"A2D0D169EEAE016B"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
max-age=0, no-cache, no-store
x-ing-response-id
52d90472f8c34cde46ea57f48936de46
expires
Wed, 05 Jun 2024 18:14:23 GMT

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Domain/Path Name / Value
www.ing.be/static-fe/open-local-be Name: fecvm
Value: 1.0.409-main-145c38fc
www.ing.be/static-fe/open-local-be Name: TS01e11d8c
Value: 01a0dd1109bbe835713730a6e0abce957bc44b7d540f2236bd2e800034f3d743c6a4f64179a326937ee6e6d72a32dfe27e970ada54
www.ing.be/nl/retail/Pages Name: W-SESSION-ID
Value: H3OSwGN8VIjAEdeVA-P2aZSMsGmA8Ns26QkbjIVosXk0URE5DuCWC7I3Z0sUvBmo
.ing.be/ Name: aac
Value: 4709466c6c35bbdffa062cc1dad3a55cf94a13ab257083d11530eb5f36e7030f6ef5e3b9a4632ee6bc5aacb2b9cb67ce21713d965306339d
.ing.be/ Name: BC_HA_2ef6df3dfaa0eabd_6a45503c
Value: 5970cf
www.ing.be/ Name: lb-3-p-727
Value: !KM80Ht4g6/UcMuQYdy+W6/wonW0E6qVYizj03b7DJHUEK3hRPibwSmmrepUnnD6dNDNTH2R1KcNmaS1vl7jIpH0laI4uaRNFaGMI56gEFZI=
.ing.be/ Name: XSRF-TOKEN
Value: kroQTdRNFWIZiO94UQi9i6Mrjku5eRuD-EKcMYPtlW7-z-7rNEEKlPXzI-vd-lh-
www.ing.be/ Name: lb-4-p-727
Value: !dpXO7k9HHJ1c7HtP/AO3wKteuHxwd1OMrtT1t0xulx4Omx0i12TK5qpDL03nPPRX2LVkLLKaP4OtaPufoLwbypOPj7cde47eU37sz2G2GcA=
www.ing.be/ Name: TS019d407a
Value: 01a0dd1109bbe835713730a6e0abce957bc44b7d540f2236bd2e800034f3d743c6a4f64179a326937ee6e6d72a32dfe27e970ada54
.ing.be/ Name: TS012cbef1
Value: 01a0dd1109bbe835713730a6e0abce957bc44b7d540f2236bd2e800034f3d743c6a4f64179a326937ee6e6d72a32dfe27e970ada54
.www.ing.be/ Name: ak_bmsc
Value: DB1E61D7E06729A8EEED39A3C59CBF37~000000000000000000000000000000~YAAQjvAQAv6iS7+PAQAAbPSb6RjSsVni/UdX70X1hjiaetaiJtVZRJMbd0KhMlgbgJpfSnj9F3jNiGXdmlHsq6NeMUn6z1htm/d85/+KxxYCyrLJBRDW0ml3lsp3F+Oy2bUdV3vaTC1xFJSwbZsF6lP0VOA/CgfKnGmf9y4EA6q+HOG/92hUqiHT5ygXsWiOSRAsk/PLhq/1FRvQprTWOeevtk5UjB12KsfDG2TMi0ZiAjeh3Nfk1IaZFD/9QgNwfhThbkwzhZAq8EAEu9UepuUq8ED9MDMFCFLJAOsQpAGKDMjtI08VvHX6KZqHPdxlGBtztPWdcAF8tNc0O4zztnWXYw6Ohqz7R1v0i1iIzg02a2kGdLWuWSGD6mjXUqDkUnFJ5kCba+6g

2 Console Messages

Source Level URL
Text
network error URL: https://www.ing.be/nl/retail/Pages/security.aspx
Message:
Failed to load resource: the server responded with a status of 404 ()
javascript warning URL: https://www.ing.be/nl/retail/Pages/security.aspx
Message:
The resource https://www.ing.be/static-fe/open-local-be was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31622400; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block