urlscan.io logo urlscan.io
SecurityTrails logo

booking.casona.com Open in urlscan Pro
162.55.132.21  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://booking.casona.com/
Effective URL: https://booking.casona.com/users/login
Submission Tags: @ecarlesi possiblethreat phishing Search All
Submission: On March 24 via api from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 3 domains to perform 9 HTTP transactions. The main IP is 162.55.132.21, located in Germany and belongs to HETZNER-AS, DE. The main domain is booking.casona.com.
TLS certificate: Issued by R3 on March 24th 2024. Valid for: 3 months.
This is the only time booking.casona.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 10 162.55.132.21 24940 (HETZNER-AS)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
9 2
Apex Domain
Subdomains		 Transfer
10 casona.com
booking.casona.com
710 KB
1 gstatic.com
www.gstatic.com
19 KB
1 google.com
www.google.com — Cisco Umbrella Rank: 5
232 B
9 3
Domain Requested by
10 booking.casona.com 2 redirects booking.casona.com
1 www.gstatic.com booking.casona.com
1 www.google.com 1 redirects
9 3

This site contains links to these domains. Also see Links.

Domain
www.casona.com
Subject Issuer Validity Valid
booking.casona.com
R3		 2024-03-24 -
2024-06-22		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://booking.casona.com/users/login
Frame ID: 37D0C4B89B5EAAE0A249A21E60D3A35D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | Casona

Page URL History Show full URLs

  1. http://booking.casona.com/ HTTP 301
    https://booking.casona.com/ HTTP 302
    https://booking.casona.com/users/login Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

9
Requests

89 %
HTTPS

67 %
IPv6

3
Domains

3
Subdomains

2
IPs

1
Countries

728 kB
Transfer

2127 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://booking.casona.com/ HTTP 301
    https://booking.casona.com/ HTTP 302
    https://booking.casona.com/users/login Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 2
  • https://www.google.com/jsapi HTTP 301
  • https://www.gstatic.com/charts/loader.js

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
booking.casona.com/users/
Redirect Chain
  • http://booking.casona.com/
  • https://booking.casona.com/
  • https://booking.casona.com/users/login
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/users/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.20 / Phusion Passenger(R) 6.0.20
Resource Hash
21cbc2cb8093aed3e0f92e4a1212c5ea29775879902d9264e7c7bc93841c8768
Security Headers
Name Value
Content-Security-Policy script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36
accept-language
it-IT,it;q=0.9

Response headers

cache-control
max-age=0, private, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 04:08:45 GMT
etag
W/"21cbc2cb8093aed3e0f92e4a1212c5ea"
referrer-policy
strict-origin-when-cross-origin
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.20
status
200 OK
strict-transport-security
max-age=63072000; includeSubdomains
vary
Origin
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-powered-by
Phusion Passenger(R) 6.0.20
x-request-id
27fb5091-c890-4fb6-a789-a033e48cdac1
x-runtime
0.014834
x-xss-protection
1; mode=block

Redirect headers

cache-control
no-cache
content-security-policy
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
content-type
text/html; charset=utf-8
date
Sun, 24 Mar 2024 04:08:45 GMT
location
https://booking.casona.com/users/login
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.20
status
302 Found
strict-transport-security
max-age=63072000; includeSubdomains
vary
Origin
x-powered-by
Phusion Passenger(R) 6.0.20
x-request-id
02fbdf5f-e974-4621-9223-edc86de73634
x-runtime
0.004619
application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
booking.casona.com/assets/ 		540 KB
94 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/users/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
0f76f611944262ac88966300ace156e84d70ad32835dc44360fc2681717a7e8d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://booking.casona.com/users/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 04:08:45 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains
last-modified
Tue, 19 Mar 2024 23:50:25 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"65fa24c1-177cd"
content-type
text/css
cache-control
max-age=315360000
content-length
96205
expires
Thu, 31 Dec 2037 23:55:55 GMT
application-backend-c811bb5282572bfafe9c2fafccde3f222760e44eeac7538fe915160747963c38.js
booking.casona.com/assets/ 		1 MB
374 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/assets/application-backend-c811bb5282572bfafe9c2fafccde3f222760e44eeac7538fe915160747963c38.js
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/users/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
511e1cefd00211ac62ef7235926ff7ea882cf96d93d8948645dc680f73e957ce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://booking.casona.com/users/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 04:08:45 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubdomains
last-modified
Tue, 19 Mar 2024 23:50:25 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"65fa24c1-5d4a4"
content-type
application/javascript
cache-control
max-age=315360000
content-length
382116
expires
Thu, 31 Dec 2037 23:55:55 GMT
loader.js
www.gstatic.com/charts/
Redirect Chain
  • https://www.google.com/jsapi
  • https://www.gstatic.com/charts/loader.js
61 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/charts/loader.js
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/users/login
Protocol
H2
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
369ae154eab37b7ada7776b934833183bb053ebd1d0255f70ef8944f65cabb0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://booking.casona.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 03:56:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
732
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/gviz
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18534
x-xss-protection
0
last-modified
Tue, 04 Apr 2023 17:52:30 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="gviz"
vary
Accept-Encoding, Origin
report-to
{"group":"gviz","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/gviz"}]}
content-type
text/javascript
cache-control
public, max-age=3600
access-control-allow-credentials
true
accept-ranges
bytes
expires
Sun, 24 Mar 2024 04:56:33 GMT

Redirect headers

date
Sun, 24 Mar 2024 03:54:16 GMT
x-content-type-options
nosniff
server
sffe
age
869
content-type
text/html; charset=UTF-8
location
https://www.gstatic.com/charts/loader.js
cache-control
public, max-age=1800
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
237
x-xss-protection
0
expires
Sun, 24 Mar 2024 04:24:16 GMT
logo_casona_small-d3c4244d7a41ef64c4bddb3e1e7686c2c6c436eb46fbdecb560dcea270b37364.png
booking.casona.com/assets/ 		11 KB
11 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://booking.casona.com/assets/logo_casona_small-d3c4244d7a41ef64c4bddb3e1e7686c2c6c436eb46fbdecb560dcea270b37364.png
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/users/login
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
afef368a800970866af91037b0ff641083c670cdc6e9f83def8a8227d009db0a
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

accept-language
it-IT,it;q=0.9
Referer
https://booking.casona.com/users/login
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

date
Sun, 24 Mar 2024 04:08:45 GMT
strict-transport-security
max-age=63072000; includeSubdomains
last-modified
Mon, 23 Aug 2021 23:25:03 GMT
server
nginx/1.18.0 (Ubuntu)
etag
"61242e4f-2ce7"
content-type
image/png
cache-control
max-age=315360000
accept-ranges
bytes
content-length
11495
expires
Thu, 31 Dec 2037 23:55:55 GMT
source-sans-pro-v13-latin-700.woff2
booking.casona.com/assets/source-sans-pro/ 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/assets/source-sans-pro/source-sans-pro-v13-latin-700.woff2
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.20 / Phusion Passenger(R) 6.0.20
Resource Hash
24f7e397faec79e62c37ff2f00b170f6dc1557fb46ac169f9f1897a9d641dd03
Security Headers
Name Value
Content-Security-Policy script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

Referer
https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Origin
https://booking.casona.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-runtime
0.001680
content-security-policy
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
date
Sun, 24 Mar 2024 04:08:45 GMT
strict-transport-security
max-age=63072000; includeSubdomains
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.20
etag
"372c1fdc711a0fab6d069f1f07d814fbb0f50b7838a3cae944cfd49e60b8ab22"
x-powered-by
Phusion Passenger(R) 6.0.20
vary
Accept-Encoding, Origin
content-type
application/font-woff2
status
200 OK
cache-control
max-age=315360000
content-length
15764
x-request-id
09c2b133-2c67-4c5f-97bd-f1d610e7c3a0
expires
Thu, 31 Dec 2037 23:55:55 GMT
Dia-Bold.woff
booking.casona.com/assets/dia/ 		59 KB
60 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/assets/dia/Dia-Bold.woff
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.20 / Phusion Passenger(R) 6.0.20
Resource Hash
5326d0d03263d49784409132d620bce1c46942e3b9a663e562c5dec55f7879e9
Security Headers
Name Value
Content-Security-Policy script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

Referer
https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Origin
https://booking.casona.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-runtime
0.001654
content-security-policy
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
date
Sun, 24 Mar 2024 04:08:45 GMT
strict-transport-security
max-age=63072000; includeSubdomains
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.20
etag
"88a4e0e5e194da05f2f01048444776a40baac435da6b0d8acc72e9e473969c80"
x-powered-by
Phusion Passenger(R) 6.0.20
vary
Accept-Encoding, Origin
content-type
application/font-woff
status
200 OK
cache-control
max-age=315360000
content-length
60782
x-request-id
aa85e5e6-1612-4aae-9012-9cd0303fc145
expires
Thu, 31 Dec 2037 23:55:55 GMT
fa-solid-900.woff2
booking.casona.com/assets/font-awesome/ 		134 KB
135 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/assets/font-awesome/fa-solid-900.woff2
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.20 / Phusion Passenger(R) 6.0.20
Resource Hash
68eb827a2fa6f035eab41392f863522ae5dc0d4c0c31d5245362a7f1a5aed46a
Security Headers
Name Value
Content-Security-Policy script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

Referer
https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Origin
https://booking.casona.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-runtime
0.001587
content-security-policy
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
date
Sun, 24 Mar 2024 04:08:45 GMT
strict-transport-security
max-age=63072000; includeSubdomains
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.20
etag
"ac9d864df95789b2ebb31c8afdf60f156dc2e480b61b9d29e4f9753048ff78b6"
x-powered-by
Phusion Passenger(R) 6.0.20
vary
Accept-Encoding, Origin
content-type
application/font-woff2
status
200 OK
cache-control
max-age=315360000
content-length
137704
x-request-id
c1337436-b74c-4357-b580-82f51851124b
expires
Thu, 31 Dec 2037 23:55:55 GMT
source-sans-pro-v13-latin-regular.woff2
booking.casona.com/assets/source-sans-pro/ 		16 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://booking.casona.com/assets/source-sans-pro/source-sans-pro-v13-latin-regular.woff2
Requested by
Host: booking.casona.com
URL: https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
162.55.132.21 , Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
manager.casona.com
Software
nginx/1.18.0 + Phusion Passenger(R) 6.0.20 / Phusion Passenger(R) 6.0.20
Resource Hash
a9950fa5ca9cf47072770900d259bcf6778aa1119652d2e706d5eb92df254199
Security Headers
Name Value
Content-Security-Policy script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains

Request headers

Referer
https://booking.casona.com/assets/application-backend-d13fe632c2c6d8b738601be33e70ad6e03d7be275a220a62e2111d7f6b072862.css
Origin
https://booking.casona.com
accept-language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.128 Safari/537.36

Response headers

x-runtime
0.003288
content-security-policy
script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
date
Sun, 24 Mar 2024 04:08:45 GMT
strict-transport-security
max-age=63072000; includeSubdomains
server
nginx/1.18.0 + Phusion Passenger(R) 6.0.20
etag
"43cf1e4151904bc0bb0331701b86346b4367375fd932f6b231a8f6a91fa38d42"
x-powered-by
Phusion Passenger(R) 6.0.20
vary
Origin
content-type
application/font-woff2
status
200 OK
cache-control
max-age=315360000
content-length
16112
x-request-id
a8c02c5f-408c-48fe-9799-25422f8d754d
expires
Thu, 31 Dec 2037 23:55:55 GMT

Verdicts & Comments Add Verdict or Comment

45 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| sortTable function| removeLocationHash undefined| action_pos undefined| base_actionbar_height function| closeNav undefined| lastPosition function| openNav function| preventScroll boolean| iOS function| $ function| jQuery object| Turbolinks function| Popper object| bootstrap function| tmpl function| moment object| Chartkick function| Chart function| daterangepicker object| Spinner function| tinycolor function| SignaturePad object| Handlebars function| CodeMirror object| PageReload function| whenAvailable function| URL_add_parameter object| AdminSearch object| BookingOption function| initForms object| Hotel object| HousekeepingStatus object| InputTranslation object| Invoice object| PermissionAction object| PolicyBookingOption object| Prepayment object| RatesCalendar object| Rate object| ReservationBookingOption boolean| modalGuestNameEmpty object| ManagerSearch object| google string| locale function| setTimelineMargin

1 Cookies

Domain/Path Name / Value
booking.casona.com/ Name: _casona_session
Value: WU9tYnVRNWxpeXFZTG1mVFlCdVBEKzA0aWZaR3pLRW9TeXYzTjNzUUk5UzlFSTliV0VDY21KeXVwSFJibko2U0MxM3d3WWZsSFk0Y0lNZ1lnaTZOSFNiWlorTWFrazVsVEJqR0I0TDR5SDNvdUIvNERudnNvRUlqeTRFZVpHVnlndi9VZ1FMZklPSGlqc0xEdXcyRFRPVEFpMkNxNngxOGFjcE5SNjJrMyt1VG5RMXZJMGpKTGFVVEw4dnhHb1FxOC90eDdrYU9JTHdpWU82aDFRUTdrUT09LS16TldEb2xLSEMzcFpMd0RhMmlhMEZ3PT0%3D--5a285410a4d0ca1cc603af946c2c3bd87cb3221d

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' https: 'unsafe-eval' 'unsafe-inline'
Strict-Transport-Security max-age=63072000; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block