urlscan.io logo urlscan.io
SecurityTrails logo

visalms-pilot.csod.com Open in urlscan Pro
18.66.100.247  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://visalms-pilot.csod.com/
Effective URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Submission: On June 17 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 18.66.100.247, located in United States and belongs to AMAZON-02, US. The main domain is visalms-pilot.csod.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on May 16th 2022. Valid for: a year.
This is the only time visalms-pilot.csod.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 9 18.66.100.247 16509 (AMAZON-02)
7 1
Apex Domain
Subdomains		 Transfer
9 csod.com
visalms-pilot.csod.com
99 KB
7 1
Domain Requested by
9 visalms-pilot.csod.com 2 redirects visalms-pilot.csod.com
7 1

This site contains links to these domains. Also see Links.

Domain
visaasknow.service-now.com
Subject Issuer Validity Valid
*.csod.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-16 -
2023-06-16		 a year crt.sh

This page contains 1 frames:

Primary Page: https://visalms-pilot.csod.com/client/visalms/default.aspx
Frame ID: 6E190BC77D5A7F8DD0A61E8E79CFE42C
Requests: 7 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Visa University LMS

Page URL History Show full URLs

  1. http://visalms-pilot.csod.com/ HTTP 301
    https://visalms-pilot.csod.com/ HTTP 302
    https://visalms-pilot.csod.com/client/visalms/default.aspx Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.aspx?(?:$|\?)
  • <input[^>]+name="__VIEWSTATE
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

7
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

97 kB
Transfer

279 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://visalms-pilot.csod.com/ HTTP 301
    https://visalms-pilot.csod.com/ HTTP 302
    https://visalms-pilot.csod.com/client/visalms/default.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request default.aspx
visalms-pilot.csod.com/client/visalms/
Redirect Chain
  • http://visalms-pilot.csod.com/
  • https://visalms-pilot.csod.com/
  • https://visalms-pilot.csod.com/client/visalms/default.aspx
13 KB
5 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
8dc176bf2f9f22863b10521167710727f39a3aa4a8b3d67cadf077a6a0efd226
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-type
text/html; charset=utf-8
date
Fri, 17 Jun 2022 01:44:41 GMT
expect-ct
enforce
expires
-1
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
pragma
no-cache
s-n
ECWT1002
server
strict-transport-security
max-age=156768000; includeSubDomains
vary
Accept-Encoding
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
x-amz-cf-id
xUI-FyWUJ1-B7A1NbwnbQtPMivId4jM9il6g0mAtEa6riRub_OJ6TQ==
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN

Redirect headers

cache-control
no-cache, no-store, must-revalidate
content-length
145
content-type
text/html; charset=utf-8
correlation_id
16a1ff8d-84f5-4aee-ba35-e4e1313a8ed6
date
Fri, 17 Jun 2022 01:44:41 GMT
expect-ct
enforce
expires
-1
location
/client/visalms/default.aspx
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
pragma
no-cache
s-n
ECWT1002
server
strict-transport-security
max-age=156768000; includeSubDomains
true_route
/default.aspx
true_status
Ok
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
x-amz-cf-id
O1hAfDRqHd7OO0A14Ywd-c7j77f2OyTluH8MJ6eZ32JS0S5_5bHBbw==
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-robots-tag
noindex
pop_up_funcs.js
visalms-pilot.csod.com/core/scripts/ 		18 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visalms-pilot.csod.com/core/scripts/pop_up_funcs.js
Requested by
Host: visalms-pilot.csod.com
URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
73f7887f61316d2e3c6a755001062bc08fb7626a47aaf6c46ae2ff70edd8c25e
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://visalms-pilot.csod.com/client/visalms/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

true_route
/core/scripts/pop_up_funcs.js
strict-transport-security
max-age=156768000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
true_status
Ok
x-amz-cf-pop
FRA56-P2
x-cache
RefreshHit from cloudfront
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
date
Fri, 17 Jun 2022 01:44:42 GMT
last-modified
Fri, 17 Dec 2021 11:29:54 GMT
server
etag
W/"025896939f3d71:0"
expect-ct
enforce
vary
Accept-Encoding
s-n
ECWT1005
content-type
application/javascript
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
cache-control
max-age=7200
x-amz-cf-id
zTlH3qrJYXTqJJ3TwhgORf92KTNvgH6KARlM2t9xOIEZBtBIqjJ5FQ==
correlation_id
bf5a074f-bc8d-4ffc-9e56-34e643b68baf
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
jquery-3.4.1.min.js
visalms-pilot.csod.com/client/csodcommon/scripts/ 		104 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visalms-pilot.csod.com/client/csodcommon/scripts/jquery-3.4.1.min.js
Requested by
Host: visalms-pilot.csod.com
URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
5eacb24dce95197ef1b8db870117adbf2be5642b5b0172e4502cf570d0602466
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://visalms-pilot.csod.com/client/visalms/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=156768000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
etag
W/"09a4fad516ad81:0"
last-modified
Wed, 18 May 2022 00:53:24 GMT
server
date
Fri, 17 Jun 2022 01:44:42 GMT
expect-ct
enforce
vary
Accept-Encoding
s-n
ECWT1003
content-type
application/javascript
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
cache-control
max-age=7200
x-amz-cf-id
QVWzZexJTPFbzVBi1TZ1V-4pYUdRs2vzSciK1JFa7Z224rBrriuDxA==
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
WebResource.axd
visalms-pilot.csod.com/client/ 		23 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visalms-pilot.csod.com/client/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZHxccEwv5uzrzlMX4D4SS-bCxI7MzEKbjx5rY82npiqARxepQw2&t=637453780754849868
Requested by
Host: visalms-pilot.csod.com
URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://visalms-pilot.csod.com/client/visalms/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=156768000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P2
x-cache
RefreshHit from cloudfront
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
last-modified
Tue, 05 Jan 2021 01:27:55 GMT
server
cache-control
public
date
Fri, 17 Jun 2022 01:44:42 GMT
expect-ct
enforce
vary
Accept-Encoding
content-type
application/x-javascript
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
expires
Fri, 16 Jun 2023 08:09:02 GMT
s-n
ECWT1004
x-amz-cf-id
j307Im4qmBOF8NjJESJO6EmYGbEABHhd5BYemPnVMdzoM80CTvH2zQ==
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
jquery-3.6.0.min.js
visalms-pilot.csod.com/client/Core/scripts/jquery/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://visalms-pilot.csod.com/client/Core/scripts/jquery/jquery-3.6.0.min.js?hsh=1819080674
Requested by
Host: visalms-pilot.csod.com
URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
9a717cde6c939ee47c03d4a844c60223a4ed0331aaa01e8f6db35ac9cb596d1f
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://visalms-pilot.csod.com/client/visalms/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=156768000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P2
x-cache
RefreshHit from cloudfront
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
date
Fri, 17 Jun 2022 01:44:43 GMT
last-modified
Tue, 10 Aug 2021 16:36:56 GMT
server
etag
W/"0849dee58ed71:0"
expect-ct
enforce
vary
Accept-Encoding
content-type
application/javascript
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
s-n
ECWT1005
x-amz-cf-id
do-1C1M50H6Qj6dGZjl2DH9i2ojwApF3_jG1UkQa8jSqOSXZpXN3tw==
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
logoNew.png
visalms-pilot.csod.com/client/visalms/images/ 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visalms-pilot.csod.com/client/visalms/images/logoNew.png
Requested by
Host: visalms-pilot.csod.com
URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
476013f832b5fd44cb947b77f8950695e774957003c71d79b4107dc98a3508de
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://visalms-pilot.csod.com/client/visalms/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=156768000; includeSubDomains
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
content-length
4126
etag
"0bcd976c280d61:0"
last-modified
Wed, 02 Sep 2020 00:46:16 GMT
server
date
Fri, 17 Jun 2022 01:44:43 GMT
expect-ct
enforce
s-n
ECWT1005
content-type
image/png
cache-control
max-age=7200
accept-ranges
bytes
x-amz-cf-id
B_FVWcDkHBgXIeVkHtzvt3PWEU7tQSwwZ5NtQodPZAYMYWSeQUtXbw==
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
bot.jpg
visalms-pilot.csod.com/client/visalms/images/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://visalms-pilot.csod.com/client/visalms/images/bot.jpg
Requested by
Host: visalms-pilot.csod.com
URL: https://visalms-pilot.csod.com/client/visalms/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.100.247 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-100-247.fra56.r.cloudfront.net
Software
/
Resource Hash
13fd5ef06c7527e80502d8abbe9c3a919f1175131780f4ddafc2b66a38733975
Security Headers
Name Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://visalms-pilot.csod.com/client/visalms/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.115 Safari/537.36

Response headers

strict-transport-security
max-age=156768000; includeSubDomains
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
FRA56-P2
x-cache
Miss from cloudfront
p3p
CP="DSP NON CUR ADM HIS OTP OUR DEL NOR IND DEM UNI TAI STA NAV COM SAM PUR DEV PSA PSD"
content-length
12105
etag
"0bcd976c280d61:0"
last-modified
Wed, 02 Sep 2020 00:46:16 GMT
server
date
Fri, 17 Jun 2022 01:44:43 GMT
expect-ct
enforce
s-n
ECWT1004
content-type
image/jpeg
cache-control
max-age=7200
accept-ranges
bytes
x-amz-cf-id
hdaBRjR56Aa-3TX0hylALU0l6kvCr2BAZCAWX0yWAT_TV_faR3EHhQ==
pics-label
(pics-1.1 "http://www.icra.org/ratingsv02.html" comment "ICRAonline EN v2.0" l r (nz 1 vz 1 lz 1 oz 1 cz 1) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))

Verdicts & Comments Add Verdict or Comment

104 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| helpwin object| winVar object| winCal number| relMouseX number| relMouseY function| doPopupAsyncPostback function| popWinDefine function| popWinBlockDetect function| popWin function| popWinResizeable function| showCal function| showPrint function| getObject function| popupWinByName function| CloseWindow function| CloseWindowDlg function| popupWinDlg function| popupWin function| popupWinWithPageRefreshOnClose function| ParentCheckpopupWinIsClosed object| windows function| popupWinNew function| popupPdfWinNew function| popupTitle function| popupHelpWin function| URLEncode function| popupCalendar function| popupSearch function| popupPSQPreview function| popupSearchNamedWindow function| popupSetSize function| popupCategories function| popupAnswers function| popupQuestionSelection function| popupTestQuestions function| popupSearchLevels function| returnDate function| ShowReport function| ShowExcel function| clearField object| allChecked function| checkAll function| checkAllBySender object| is object| popup function| Body_OnLoad function| Is function| showTimeoutMessage function| newWindow function| MM_preloadImages function| MM_swapImgRestore function| MM_findObj function| MM_swapImage function| $ function| jQuery object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY object| htmlElem

2 Cookies

Domain/Path Name / Value
visalms-pilot.csod.com/ Name: ASP.NET_SessionId
Value: 1mncknt0dklabye1fjnujhv3
visalms-pilot.csod.com/ Name: CYBERU_lastculture
Value: en-US

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=156768000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN