Submitted URL: http://prep.ai.mit.edu/
Effective URL: https://prep.ai.mit.edu/
Submission: On October 29 via api from US — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 2001:470:142:3::b, located in United States and belongs to FREEASINFREEDOM, US. The main domain is prep.ai.mit.edu.
TLS certificate: Issued by R10 on October 6th 2024. Valid for: 3 months.
This is the only time prep.ai.mit.edu was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
9 2001:470:142:... 22989 (FREEASINF...)
9 1
Apex Domain
Subdomains
Transfer
9 mit.edu
prep.ai.mit.edu
24 KB
9 1
Domain Requested by
9 prep.ai.mit.edu prep.ai.mit.edu
9 1

This site contains links to these domains. Also see Links.

Domain
www.gnu.org
savannah.gnu.org
lists.gnu.org
www.fsf.org
www.libreplanet.org
my.fsf.org
gnu.org
alpha.gnu.org
Subject Issuer Validity Valid
ftp.gnu.org
R10
2024-10-06 -
2025-01-04
3 months crt.sh

This page contains 1 frames:

Primary Page: https://prep.ai.mit.edu/
Frame ID: 039A6D9A8C8609ADF68E40B02305F544
Requests: 9 HTTP requests in this frame

Screenshot

Page Title

Index of /

Page URL History Show full URLs

  1. http://prep.ai.mit.edu/ HTTP 307
    https://prep.ai.mit.edu/ Page URL

Page Statistics

9
Requests

0 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

24 kB
Transfer

18 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://prep.ai.mit.edu/ HTTP 307
    https://prep.ai.mit.edu/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
prep.ai.mit.edu/
Redirect Chain
  • http://prep.ai.mit.edu/
  • https://prep.ai.mit.edu/
3 KB
4 KB
Document
General
Full URL
https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
7319ac707cbbf3febbcbf2259972e4746fe307cbcf4c9a394fd2f19c755bbd71
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

Connection
Keep-Alive
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Content-Type
text/html;charset=UTF-8
Date
Tue, 29 Oct 2024 02:10:49 GMT
Keep-Alive
timeout=5, max=100
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
Strict-Transport-Security
max-age=63072000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
DENY

Redirect headers

Location
https://prep.ai.mit.edu/
Non-Authoritative-Reason
HttpsUpgrades
.gnu-gnu-gnu.png
prep.ai.mit.edu/
12 KB
13 KB
Image
General
Full URL
https://prep.ai.mit.edu/.gnu-gnu-gnu.png
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
94b2c87954520acfb11e741641594ba4e8ed942f86f72534ed280b8f9f72f3a6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"307d-4aba6c24400c0"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
12413
Keep-Alive
timeout=5, max=99
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Mon, 29 Aug 2011 15:43:39 GMT
Content-Type
image/png
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
blank.gif
prep.ai.mit.edu/icons/
148 B
886 B
Image
General
Full URL
https://prep.ai.mit.edu/icons/blank.gif
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
3cb0e54babf019703fe671a32fcc3947aab9079ec2871cf0f9639245cc12d878
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"94-5f67a4bc1fa40"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
148
Keep-Alive
timeout=5, max=100
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Thu, 09 Mar 2023 16:40:01 GMT
Content-Type
image/gif
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
unknown.gif
prep.ai.mit.edu/icons/
245 B
982 B
Image
General
Full URL
https://prep.ai.mit.edu/icons/unknown.gif
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
15f5fd53009f61c653aa23d91334f9d7fa2fbd325eab859b68d77a45bb6a78b8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"f5-5f67a4bc1fa40"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
245
Keep-Alive
timeout=5, max=97
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Thu, 09 Mar 2023 16:40:01 GMT
Content-Type
image/gif
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
hand.right.gif
prep.ai.mit.edu/icons/
217 B
955 B
Image
General
Full URL
https://prep.ai.mit.edu/icons/hand.right.gif
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
8db8761bff66a355d6a2290de6bdb449e90f8e1114fe8789f7c4cb6c18040081
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"d9-5f67a4bc1fa40"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
217
Keep-Alive
timeout=5, max=100
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Thu, 09 Mar 2023 16:40:01 GMT
Content-Type
image/gif
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
text.gif
prep.ai.mit.edu/icons/
229 B
967 B
Image
General
Full URL
https://prep.ai.mit.edu/icons/text.gif
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
661d43fb30151a050da3b5cef49a2c7d0b01eeafdf1f4a001873406658b0f776
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"e5-5f67a4bc1fa40"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
229
Keep-Alive
timeout=5, max=100
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Thu, 09 Mar 2023 16:40:01 GMT
Content-Type
image/gif
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
image2.gif
prep.ai.mit.edu/icons/
309 B
1 KB
Image
General
Full URL
https://prep.ai.mit.edu/icons/image2.gif
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
1e09d5e4e03c57ba24c23b84cc4af3ce66cb44259849d929b911711c25d25c5e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"135-5f67a4bc1fa40"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
309
Keep-Alive
timeout=5, max=100
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Thu, 09 Mar 2023 16:40:01 GMT
Content-Type
image/gif
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
folder.gif
prep.ai.mit.edu/icons/
225 B
962 B
Image
General
Full URL
https://prep.ai.mit.edu/icons/folder.gif
Requested by
Host: prep.ai.mit.edu
URL: https://prep.ai.mit.edu/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
fbe5eca717cfbcb58891d431f9afaf30aa740d9fce007e820a599f22afa0dee2
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"e1-5f67a4bc1fa40"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
225
Keep-Alive
timeout=5, max=98
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Thu, 09 Mar 2023 16:40:01 GMT
Content-Type
image/gif
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY
favicon.ico
prep.ai.mit.edu/
1 KB
2 KB
Other
General
Full URL
https://prep.ai.mit.edu/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2001:470:142:3::b , United States, ASN22989 (FREEASINFREEDOM, US),
Reverse DNS
Software
Apache/2.4.29 (Trisquel_GNU/Linux) /
Resource Hash
0b7891c3939899f3314f5fa82e94708adb76817dc241856a3f944ea7fd17da26
Security Headers
Name Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://prep.ai.mit.edu/

Response headers

Strict-Transport-Security
max-age=63072000
Content-Security-Policy
default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
ETag
"57e-4aba68dc10280"
Connection
Keep-Alive
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
1406
Keep-Alive
timeout=5, max=99
Date
Tue, 29 Oct 2024 02:10:49 GMT
Last-Modified
Mon, 29 Aug 2011 15:28:58 GMT
Content-Type
image/vnd.microsoft.icon
Server
Apache/2.4.29 (Trisquel_GNU/Linux)
X-Frame-Options
DENY

Verdicts & Comments Add Verdict or Comment

0 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

0 Cookies

3 Console Messages

Source Level URL
Text
security error URL: https://prep.ai.mit.edu/(Line 9)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-Kqg3//X1NlrUlkHsVSf3vMQDvToaTd8wPhqkJdLqTto='), or a nonce ('nonce-...') is required to enable inline execution. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://prep.ai.mit.edu/(Line 46)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-VFmGrzXt8PSTpaz5FsjZWOUkYdR9APSHwEg1d60iT04='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://prep.ai.mit.edu/(Line 51)
Message:
Refused to apply inline style because it violates the following Content Security Policy directive: "default-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-VFmGrzXt8PSTpaz5FsjZWOUkYdR9APSHwEg1d60iT04='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present. Note also that 'style-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; img-src 'self' https://static.fsf.org https://static.gnu.org https://gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org http://gnu.org; object-src 'none'; frame-ancestors 'none'; child-src 'self' https://static.gnu.org http://static.fsf.org http://static.gnu.org http://gnu.org;
Strict-Transport-Security max-age=63072000
X-Content-Type-Options nosniff
X-Frame-Options DENY