urlscan.io logo urlscan.io
SecurityTrails logo

dayunicorn.com Open in urlscan Pro
2606:4700:3035::ac43:b7f9  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://bonanzagold.win/?action=register&sub_id=AL@ARM&sa=D&sntz=1&usg=AOvVaw2M00dGN0PolZoRxMV-zhXb
Effective URL: https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
Submission: On April 20 via manual from JP — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 4 countries across 8 domains to perform 10 HTTP transactions. The main IP is 2606:4700:3035::ac43:b7f9, located in and belongs to . The main domain is dayunicorn.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on January 5th 2022. Valid for: a year.
This is the only time dayunicorn.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

1    151.106.118.170 (Singapore)

ASN47583 (AS-HOSTINGER, CY)
PTR: srv120.niagahoster.com
bonanzagold.win
1    2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
1    46.105.201.240 (France)

ASN16276 (OVH, FR)
s10.histats.com
1    192.99.0.58 (Canada)

ASN16276 (OVH, FR)
PTR: ns500326.ip-192-99-0.net
s4.histats.com
1    2606:4700:3031::ac43:c5f7 (United States)

ASN13335 (CLOUDFLARENET, US)
smrturl.co
1    212.32.250.1 (None, )

ASN- ()
go.secureclickers.com
2    2606:4700:3035::ac43:b7f9 (None, )

ASN- ()
dayunicorn.com
1    2607:f8b0:4006:822::2008 (None, )

ASN- ()
www.googletagmanager.com
Apex Domain
Subdomains		 Transfer
2 dayunicorn.com
dayunicorn.com
31 KB
2 histats.com
s10.histats.com — Cisco Umbrella Rank: 16128
s4.histats.com — Cisco Umbrella Rank: 13577
5 KB
1 googletagmanager.com
www.googletagmanager.com
34 KB
1 secureclickers.com
go.secureclickers.com
311 B
1 smrturl.co
smrturl.co — Cisco Umbrella Rank: 497947
868 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 682
21 KB
1 bonanzagold.win
bonanzagold.win
2 KB
0 trkcnv.com Failed
eng.trkcnv.com Failed
10 8
Domain Requested by
2 dayunicorn.com smrturl.co
dayunicorn.com
1 www.googletagmanager.com dayunicorn.com
1 go.secureclickers.com 1 redirects
1 smrturl.co
1 s4.histats.com s10.histats.com
1 s10.histats.com bonanzagold.win
1 maxcdn.bootstrapcdn.com bonanzagold.win
1 bonanzagold.win
0 eng.trkcnv.com Failed dayunicorn.com
10 9

This site contains no links.

Subject Issuer Validity Valid
histats.com
R3		 2022-04-19 -
2022-07-18		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2021-06-11 -
2022-06-10		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-03-28 -
2022-06-20		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
Frame ID: 6373A607AC6048C5B459E8AA924B33C4
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://bonanzagold.win/?action=register&sub_id=AL@ARM&sa=D&sntz=1&usg=AOvVaw2M00dGN0PolZoRxMV-zhXb Page URL
  2. https://smrturl.co/o/230456/53231159?s1=AL@ARM Page URL
  3. https://go.secureclickers.com/click?pid=150&offer_id=12707&sub1=Cdbc3136a5af79&sub2=150_230456&sub4=0 HTTP 302
    https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e9000198... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js

Page Statistics

10
Requests

50 %
HTTPS

50 %
IPv6

8
Domains

9
Subdomains

8
IPs

4
Countries

93 kB
Transfer

311 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://bonanzagold.win/?action=register&sub_id=AL@ARM&sa=D&sntz=1&usg=AOvVaw2M00dGN0PolZoRxMV-zhXb Page URL
  2. https://smrturl.co/o/230456/53231159?s1=AL@ARM Page URL
  3. https://go.secureclickers.com/click?pid=150&offer_id=12707&sub1=Cdbc3136a5af79&sub2=150_230456&sub4=0 HTTP 302
    https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css HTTP 307
  • https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
bonanzagold.win/ 		4 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
http://bonanzagold.win/?action=register&sub_id=AL@ARM&sa=D&sntz=1&usg=AOvVaw2M00dGN0PolZoRxMV-zhXb
Protocol
HTTP/1.1
Server
151.106.118.170 , Singapore, ASN47583 (AS-HOSTINGER, CY),
Reverse DNS
srv120.niagahoster.com
Software
LiteSpeed / Niagahoster
Resource Hash
555baba55b4c4ff170fba3c6af810d01d3cb28c9090f7194d8f9b9d484ccddfb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block;

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
1258
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 12:24:07 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
LiteSpeed
vary
Accept-Encoding,User-Agent
x-content-type-options
nosniff
x-powered-by
Niagahoster
x-xss-protection
1; mode=block;
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/
Redirect Chain
  • http://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css
  • https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css
120 KB
21 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css
Requested by
Host: bonanzagold.win
URL: http://bonanzagold.win/?action=register&sub_id=AL@ARM&sa=D&sntz=1&usg=AOvVaw2M00dGN0PolZoRxMV-zhXb
Protocol
H2
Server
2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31fbd99641c212a6ad3681a2397bde13c148c0ccd98385bce6a7eb7c81417d87
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
http://bonanzagold.win/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 12:24:07 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
cdn-edgestorageid
718, 718
age
28604838
cdn-cachedat
2021-05-23 22:18:23
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
timing-allow-origin
*
access-control-allow-origin
*
last-modified
Mon, 25 Jan 2021 22:03:59 GMT
server
cloudflare
cdn-requestpullcode
200
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css; charset=utf-8
cdn-cache
HIT
vary
Accept-Encoding
cache-control
public, max-age=31919000
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid
f49054f910d1d98e716777a808fd13af
cf-ray
6feddae7ac42e6ec-EWR
cdn-requestcountrycode
US
cdn-requestpullsuccess
True

Redirect headers

Location
https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css
Non-Authoritative-Reason
HSTS
Cross-Origin-Resource-Policy
Cross-Origin
js15_as.js
s10.histats.com/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
http://s10.histats.com/js15_as.js
Requested by
Host: bonanzagold.win
URL: http://bonanzagold.win/?action=register&sub_id=AL@ARM&sa=D&sntz=1&usg=AOvVaw2M00dGN0PolZoRxMV-zhXb
Protocol
HTTP/1.1
Server
46.105.201.240 , France, ASN16276 (OVH, FR),
Reverse DNS
Software
/
Resource Hash
2defe59e357a7d0683c8283ac42841db404a0884cae2eaecebf4b676e559dede

Request headers

accept-language
en-US,en;q=0.9
Referer
http://bonanzagold.win/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 12:23:01 GMT
content-encoding
gzip
last-modified
Thu, 16 Apr 2020 10:44:16 GMT
x-cdn-pop-ip
137.74.122.0/26
etag
W/"-375139978"
x-cacheable
Matched cache
vary
Accept-Encoding
x-iplb-instance
42340
content-type
application/javascript; charset=UTF-8
x-cdn-pop
bhs
accept-ranges
bytes
x-iplb-request-id
05B5EA9E:BFDE_2E69C9F0:0050_625FFB67_15AE83:11B9B
content-length
4547
x-request-id
306970668
0.php
s4.histats.com/stats/ 		50 B
184 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s4.histats.com/stats/0.php?4562525&@f16&@g1&@h1&@i1&@j1650457447702&@k0&@l1&@mJP%20NEW&@n0&@o1000&@q0&@r0&@s0&@ten-US&@u1600&@b1:-47117395&@b3:1650457448&@b4:js15_as.js&@b5:0&@a-_0.2.1&@vhttp%3A%2F%2Fbonanzagold.win%2F%3Faction%3Dregister%26sub_id%3DAL%40ARM%26sa%3DD%26sntz%3D1%26usg%3DAOvVaw2M00dGN0PolZoRxMV-zhXb&@w
Requested by
Host: s10.histats.com
URL: http://s10.histats.com/js15_as.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.99.0.58 , Canada, ASN16276 (OVH, FR),
Reverse DNS
ns500326.ip-192-99-0.net
Software
/
Resource Hash
b8258cef11aeee85bf15dc7df6cb6a7c3ae417302ed8688d91d46bd397b86397

Request headers

accept-language
en-US,en;q=0.9
Referer
http://bonanzagold.win/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

Date
Wed, 20 Apr 2022 12:24:07 GMT
Connection
close
Content-Length
50
Content-Type
text/html;charset=UTF-8
53231159
smrturl.co/o/230456/ 		593 B
868 B 		Document
General
Check archive.org
Download Go to
Full URL
https://smrturl.co/o/230456/53231159?s1=AL@ARM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3031::ac43:c5f7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/7.4.11
Resource Hash
a46f463d6ca92dc7e97e5a103d32d2129b5d77321cee5c536e16856ecfbf2a2e

Request headers

Referer
http://bonanzagold.win/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
6feddae8aa410c95-EWR
content-encoding
br
content-type
text/html; charset=UTF-8
date
Wed, 20 Apr 2022 12:24:08 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DTw72nsa96q2rfdyb5upJgvw09TjyjGSeQ1dDY%2FUsp3NXDGXSGFZy71ocHOCDbFCNDb%2BVm61730MqkIiogGNWfQipoavSRy65OLDOCnCe74RWARd3HBNmIZaChwWbvjWUEfZwzC2O7pq"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/7.4.11
53231159
smrturl.co/o/230456/ 		0
0
Primary Request /
dayunicorn.com/a7616908fc1818251a53b87579dca32ec/
Redirect Chain
  • https://go.secureclickers.com/click?pid=150&offer_id=12707&sub1=Cdbc3136a5af79&sub2=150_230456&sub4=0
  • https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
1 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
Requested by
Host: smrturl.co
URL: https://smrturl.co/o/230456/53231159?s1=AL@ARM
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3035::ac43:b7f9 -, , ASN (),
Reverse DNS
Software
cloudflare / PHP/5.4.16
Resource Hash
2e34a887284b4c7dd3281059cb72aab7f598abbe4d65809dd8a35f492cf80415

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
6feddb05bfab8ce8-EWR
content-encoding
gzip
content-type
text/html
date
Wed, 20 Apr 2022 12:24:12 GMT
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9BLA24954jGPPaGhQErgdG4pvop5TzUWTFO3hWD1%2FmiJDgk4agZVLAVyscvnc7A%2FEyZOjmfRrQjiX3UIn1Ghd%2FhpDanm3Y0j4sCnmI24quR450y6M7g%2FW%2BYy36Vlg8lxuyUmnXBMGHWzgoDuyg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
PHP/5.4.16

Redirect headers

access-control-allow-origin
*
content-length
0
date
Wed, 20 Apr 2022 12:24:12 GMT
location
https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
server
nginx
main.js
dayunicorn.com/js/ 		88 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dayunicorn.com/js/main.js?v=2
Requested by
Host: dayunicorn.com
URL: https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3035::ac43:b7f9 -, , ASN (),
Reverse DNS
Software
cloudflare /
Resource Hash
b3000bca819d18792c63c9c44a1dc2731bd0b29e2917b63b5df68ce5e8604ae2

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 12:24:12 GMT
content-encoding
gzip
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
1189277
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 13 Dec 2021 18:14:00 GMT
server
cloudflare
etag
W/"61b78d68-15f2d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SRYiiDzaBhbBHGnrSFp3OK64iNlihpbLBtsoXPHV28RDML5dFQ%2F4J5kqDqtVodK58nxDQNElsgThVv1TVWDYxSo8GzN9HtyXRqOIDMYnjBRoaBH%2F9zCi2ZEnnm87utiFz2OTkOtEmJ%2FfdnVpJA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
max-age=2592000
cf-ray
6feddb073ea832fa-EWR
expires
Fri, 06 May 2022 18:02:55 GMT
gtm.js
www.googletagmanager.com/ 		86 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MS5HQQ7
Requested by
Host: dayunicorn.com
URL: https://dayunicorn.com/a7616908fc1818251a53b87579dca32ec/?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2008 -, , ASN (),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
17aff05a78b22e7275a93004e90f871331e157cb0a8d8805f4ea55e29121a935
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-US,en;q=0.9
Referer
https://dayunicorn.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75 Safari/537.36

Response headers

date
Wed, 20 Apr 2022 12:24:12 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34281
x-xss-protection
0
last-modified
Wed, 20 Apr 2022 12:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 20 Apr 2022 12:24:12 GMT
customUrlGetSec.php
eng.trkcnv.com/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
smrturl.co
URL
https://smrturl.co/o/230456/53231159?s1=AL@ARM
Domain
eng.trkcnv.com
URL
https://eng.trkcnv.com/customUrlGetSec.php?sid1=150_230456&sid2=625ffb6c3585e90001982520&sid3=150&cidpubh=a7616908fc1818251a53b87579dca32ec

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| structuredClone object| oncontextlost object| oncontextrestored function| getScreenDetails

11 Cookies

Domain/Path Name / Value
smrturl.co/o/230456 Name: dynamo_v_id
Value: Vdb95f2f41b74f
bonanzagold.win/ Name: PHPSESSID
Value: f523148228f617b7f1f298121a7f7bb5
bonanzagold.win/ Name: HstCfa4562525
Value: 1650457447702
bonanzagold.win/ Name: HstCla4562525
Value: 1650457447702
bonanzagold.win/ Name: HstCmu4562525
Value: 1650457447702
bonanzagold.win/ Name: HstPn4562525
Value: 1
bonanzagold.win/ Name: HstPt4562525
Value: 1
bonanzagold.win/ Name: HstCnv4562525
Value: 1
bonanzagold.win/ Name: HstCns4562525
Value: 1
go.secureclickers.com/ Name: afclick
Value: 625ffb6c3585e90001982520
go.secureclickers.com/ Name: afoffers
Value: {"12707":1650457452}

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block;