Submitted URL: https://unikbet-login.lilys.com/
Effective URL: https://ebac35-4.myshopify.com/password
Submission: On October 07 via automatic, source certstream-suspicious — Scanned from CA

Summary

This website contacted 7 IPs in 2 countries across 7 domains to perform 14 HTTP transactions. The main IP is 23.227.38.74, located in Ottawa, Canada and belongs to CLOUDFLARENET, US. The main domain is ebac35-4.myshopify.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 23rd 2023. Valid for: a year.
This is the only time ebac35-4.myshopify.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 23.227.38.32 13335 (CLOUDFLAR...)
1 3 23.227.38.74 13335 (CLOUDFLAR...)
6 142.251.163.132 15169 (GOOGLE)
1 173.222.168.57 16625 (AKAMAI-AS)
2 104.194.8.143 23470 (RELIABLESITE)
1 104.238.222.11 23470 (RELIABLESITE)
2 172.64.192.8 13335 (CLOUDFLAR...)
14 7
Apex Domain
Subdomains
Transfer
6 ampproject.org
cdn.ampproject.org — Cisco Umbrella Rank: 379
105 KB
3 myshopify.com
ebac35-4.myshopify.com
46 KB
2 nexus2wl.com
nx-cdn.nexus2wl.com — Cisco Umbrella Rank: 75036
129 KB
2 ibb.co
i.ibb.co — Cisco Umbrella Rank: 10991
155 KB
1 postimg.cc
i.postimg.cc — Cisco Umbrella Rank: 17005
45 KB
1 cloudinary.com
res.cloudinary.com — Cisco Umbrella Rank: 2866
39 KB
1 lilys.com
unikbet-login.lilys.com
1 KB
14 7
Domain Requested by
6 cdn.ampproject.org ebac35-4.myshopify.com
cdn.ampproject.org
3 ebac35-4.myshopify.com 1 redirects ebac35-4.myshopify.com
2 nx-cdn.nexus2wl.com ebac35-4.myshopify.com
2 i.ibb.co ebac35-4.myshopify.com
1 i.postimg.cc ebac35-4.myshopify.com
1 res.cloudinary.com ebac35-4.myshopify.com
1 unikbet-login.lilys.com 1 redirects
14 7
Subject Issuer Validity Valid
myshopify.com
Cloudflare Inc ECC CA-3
2023-08-23 -
2024-08-21
a year crt.sh
misc-sni.google.com
GTS CA 1C3
2023-09-18 -
2023-12-11
3 months crt.sh
*.cloudinary.com
Go Daddy Secure Certificate Authority - G2
2022-12-05 -
2023-12-30
a year crt.sh
ibb.co
R3
2023-08-10 -
2023-11-08
3 months crt.sh
postimg.cc
R3
2023-08-23 -
2023-11-21
3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-03-01 -
2024-02-28
a year crt.sh

This page contains 1 frames:

Primary Page: https://ebac35-4.myshopify.com/password
Frame ID: 776977D5D96F7C0015348373239FFF2E
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

UNIKBET | Situs Judi Unikslot Online Gacor RTP Tertinggi Hari

Page URL History Show full URLs

  1. https://unikbet-login.lilys.com/ HTTP 301
    https://ebac35-4.myshopify.com/ HTTP 302
    https://ebac35-4.myshopify.com/password Page URL

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

7
Domains

7
Subdomains

7
IPs

2
Countries

518 kB
Transfer

897 kB
Size

10
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://unikbet-login.lilys.com/ HTTP 301
    https://ebac35-4.myshopify.com/ HTTP 302
    https://ebac35-4.myshopify.com/password Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request password
ebac35-4.myshopify.com/
Redirect Chain
  • https://unikbet-login.lilys.com/
  • https://ebac35-4.myshopify.com/
  • https://ebac35-4.myshopify.com/password
176 KB
45 KB
Document
General
Full URL
https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
bb49a6a0e129bea16992e0ccd96240ea35cf910158416bf1c5d77adaf971171e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8124b261d8a1ca47-YUL
content-encoding
br
content-language
en
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 07 Oct 2023 08:15:32 GMT
etag
W/"cacheable:7aa243be4d88a0c646923301766c3b6a"
link
<https://cdn.shopify.com>; rel="preconnect", <https://cdn.shopify.com>; rel="preconnect"; crossorigin
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=22CmJmaZ8g%2Fcu6vz2PyvAdHpgbALKqnH%2B20dxhaLsyryDD2ux56xsrIRjt%2BAjuWXMOou8lWIyVgtqA%2BcQZsJVBFNu%2BPbcuLya34Tje8Dvfn3H8Ma%2B8uazryv3ylNqjhtpXzZn3e5f7k%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=12;desc="gc:1", db;dur=3, asn;desc="136787", edge;desc="YUL", country;desc="CA", theme;desc="161581302035", pageType;desc="password", servedBy;desc="klp4", requestID;desc="33803f79-fd92-450c-89a3-de7c8bdfbe1d" cfRequestDuration;dur=65.999985
vary
Accept
x-cache
hit, server
x-content-type-options
nosniff
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
33803f79-fd92-450c-89a3-de7c8bdfbe1d
x-robots-tag
nofollow
x-shardid
274
x-shopid
83711295763
x-shopify-stage
production
x-sorting-hat-podid
274
x-sorting-hat-shopid
83711295763
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
8124b2613823ca47-YUL
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
content-type
text/html; charset=utf-8
date
Sat, 07 Oct 2023 08:15:32 GMT
location
https://ebac35-4.myshopify.com/password
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
powered-by
Shopify
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HU7IrOk1yM%2FyEJ%2FLYUw7ks26wzCw5%2BlkpRYICkGPVriFO%2Fh6O5U3p71DzfN6VN9FyLB6DUnKAvO4bUl4E9EquviTKmQaDUcsHY%2Bmq4K6HFsJI0jNnAG6vHAfwn7rZ733CGcfvfebBqU%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
server-timing
processing;dur=9, db;dur=2, asn;desc="136787", edge;desc="YUL", country;desc="CA", theme;desc="161581302035", pageType;desc="index", servedBy;desc="8wdl", requestID;desc="d8fd9fc2-3f11-4095-9326-0d675859ed57" cfRequestDuration;dur=70.999861
vary
Accept
x-cache
allow
x-content-type-options
nosniff
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
x-download-options
noopen
x-frame-options
DENY
x-permitted-cross-domain-policies
none
x-request-id
d8fd9fc2-3f11-4095-9326-0d675859ed57
x-shardid
274
x-shopid
83711295763
x-shopify-stage
production
x-sorting-hat-podid
274
x-sorting-hat-shopid
83711295763
x-storefront-renderer-rendered
1
x-xss-protection
1; mode=block
v0.mjs
cdn.ampproject.org/
223 KB
62 KB
Script
General
Full URL
https://cdn.ampproject.org/v0.mjs
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f132.1e100.net
Software
sffe /
Resource Hash
d91580b4144148592fe63de6513e1c869eb8120e6df6eb0c19ab94903a7077e3
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ebac35-4.myshopify.com/
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Sat, 07 Oct 2023 08:15:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
63576
x-xss-protection
0
server
sffe
etag
"f94c5ea883255a4b"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=3000, stale-while-revalidate=1206600
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 07 Oct 2023 08:15:32 GMT
amp-carousel-0.1.mjs
cdn.ampproject.org/v0/
33 KB
10 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-carousel-0.1.mjs
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f132.1e100.net
Software
sffe /
Resource Hash
3dfa3612b45dee1687bc18a81974549cfac724f1ae7dbf114b660c0709f06cc0
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ebac35-4.myshopify.com/
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Sat, 07 Oct 2023 08:15:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10098
x-xss-protection
0
server
sffe
etag
"a58e001eb9b78913"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 07 Oct 2023 08:15:32 GMT
amp-sidebar-0.1.mjs
cdn.ampproject.org/v0/
25 KB
9 KB
Script
General
Full URL
https://cdn.ampproject.org/v0/amp-sidebar-0.1.mjs
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f132.1e100.net
Software
sffe /
Resource Hash
993f216738ff6f369473ea892d0e7707d35ec5d071c842d9732ba2897a11312f
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ebac35-4.myshopify.com/
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
date
Sat, 07 Oct 2023 08:15:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8215
x-xss-protection
0
server
sffe
etag
"74ea42bd1dfccf32"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=604800, stale-while-revalidate=604800
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Sat, 07 Oct 2023 08:15:32 GMT
Inter.woff2
ebac35-4.myshopify.com/
0
0
Font
General
Full URL
https://ebac35-4.myshopify.com/Inter.woff2
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
23.227.38.74 Ottawa, Canada, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
shops.myshopify.com
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://ebac35-4.myshopify.com/password
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:32 GMT
content-security-policy
block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
x-dc
gcp-us-east4,gcp-us-east1,gcp-us-east1
server-timing
processing;dur=11, db;dur=4, asn;desc="136787", edge;desc="YUL", country;desc="CA", theme;desc="161581302035", pageType;desc="404", servedBy;desc="9qqz", requestID;desc="30bed43a-04c0-4668-b256-e4238c141270", cfRequestDuration;dur=66.999912
powered-by
Shopify
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
x-sorting-hat-shopid
83711295763
x-request-id
30bed43a-04c0-4668-b256-e4238c141270
x-shardid
274
x-storefront-renderer-rendered
1
x-shopify-stage
production
server
cloudflare
x-shopid
83711295763
x-frame-options
DENY
vary
Accept
content-type
text/html; charset=utf-8
content-language
en
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gHG4K8sbsIpk9oM%2BeSvWtJVW1%2B27bmIdt4jBDNTatQI3%2FTyxXxAeo0cQ27YPnx39AIwh4rekkDEyA10ayf52Mjn%2FpbzT0QqFGgTX7kJSDTlO2X5%2FG%2BxWWQLFJrZSzqGry%2BI70S%2B1OL0%3D"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
cf-ray
8124b262d9a83400-YUL
x-sorting-hat-podid
274
nexus_engine_hj0hor.png
res.cloudinary.com/dquhxgmzs/image/upload/v1690653594/
39 KB
39 KB
Image
General
Full URL
https://res.cloudinary.com/dquhxgmzs/image/upload/v1690653594/nexus_engine_hj0hor.png
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
173.222.168.57 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a173-222-168-57.deploy.static.akamaitechnologies.com
Software
Cloudinary /
Resource Hash
63f065f074855d707cad3c9d5e09ab869f605290999482d756169fb8b994ee65
Security Headers
Name Value
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ebac35-4.myshopify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:33 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
last-modified
Sat, 29 Jul 2023 17:59:55 GMT
server
Cloudinary
etag
"b5c524ec1b1d911ad3654f1d1c078b1b"
content-type
image/png
access-control-allow-origin
*
access-control-expose-headers
Content-Length,Content-Disposition,Content-Range,Etag,Server-Timing,Vary,X-Cld-Error,X-Content-Type-Options
cache-control
public, no-transform, immutable, max-age=2592000
server-timing
cld-akam;dur=501;cpu=255;start=2023-10-07T08:15:32.610Z;desc=miss,rtt;dur=18,content-info;desc="width=766,height=175,owidth=766,oheight=175,obytes=39766",cloudinary;dur=181;start=2023-10-07T08:15:32.704Z
accept-ranges
bytes
timing-allow-origin
*
content-length
39766
Whatsapp-D.gif
i.ibb.co/3kFdJXz/
85 KB
85 KB
Image
General
Full URL
https://i.ibb.co/3kFdJXz/Whatsapp-D.gif
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.194.8.143 Los Angeles, United States, ASN23470 (RELIABLESITE, US),
Reverse DNS
Software
nginx /
Resource Hash
81174778797809f911fb8533b392cfb9c52bc357d0b0006ca342cadc50ba503b

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ebac35-4.myshopify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:32 GMT
last-modified
Sun, 01 Jan 2023 01:48:46 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
86668
expires
Thu, 31 Dec 2037 23:55:55 GMT
Telegram-D.gif
i.ibb.co/SNHjT6c/
70 KB
71 KB
Image
General
Full URL
https://i.ibb.co/SNHjT6c/Telegram-D.gif
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.194.8.143 Los Angeles, United States, ASN23470 (RELIABLESITE, US),
Reverse DNS
Software
nginx /
Resource Hash
12abfba84fe0b4a0612f7eac13e5f9b887848f2c4163d9b286a878dfe38428d3

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ebac35-4.myshopify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:32 GMT
last-modified
Sun, 01 Jan 2023 01:49:02 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/gif
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
71894
expires
Thu, 31 Dec 2037 23:55:55 GMT
spaceman.webp
i.postimg.cc/kXJHCWsT/
45 KB
45 KB
Image
General
Full URL
https://i.postimg.cc/kXJHCWsT/spaceman.webp
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.238.222.11 Los Angeles, United States, ASN23470 (RELIABLESITE, US),
Reverse DNS
Software
nginx /
Resource Hash
de2cc6deda0276d6fc43d21e98018c7892c5f11c99aa9bf6654bd8f8042d5c29

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ebac35-4.myshopify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:32 GMT
last-modified
Sat, 12 Aug 2023 23:31:14 GMT
server
nginx
access-control-allow-methods
GET, OPTIONS
content-type
image/webp
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
45728
expires
Thu, 31 Dec 2037 23:55:55 GMT
amp-auto-lightbox-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/
7 KB
3 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-auto-lightbox-0.1.mjs
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.mjs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f132.1e100.net
Software
sffe /
Resource Hash
558c7a347fc5f2f645c44703e15e9fdd147b77d1ee75fd7de3f4d440ad040598
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ebac35-4.myshopify.com/
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 04 Oct 2023 07:55:50 GMT
age
260382
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2818
x-xss-protection
0
server
sffe
etag
"e804204347294b85"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 03 Oct 2024 07:55:50 GMT
amp-loader-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/
12 KB
4 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-loader-0.1.mjs
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.mjs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.251.163.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f132.1e100.net
Software
sffe /
Resource Hash
bf28642e186aa157a71d0ca51a2bb4fbf9b01ce44a30565f7050a5ac17bfff19
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ebac35-4.myshopify.com/
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 04 Oct 2023 08:06:01 GMT
age
259771
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3913
x-xss-protection
0
server
sffe
etag
"2157b588fdc881c7"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Thu, 03 Oct 2024 08:06:01 GMT
truncated
/
157 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e6e91c65c98775cc3e65a39d1c11708343f9509517a8a73983bb331e1ec021fa

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
truncated
/
149 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2acdbf0259b3538b9f9408713e13677daca0d9e77c3887031c618b9aa7fa28ce

Request headers

accept-language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
hab-gebyar-kemerdekaan-mobile.jpg
nx-cdn.nexus2wl.com/Images/banners/home/
32 KB
33 KB
Image
General
Full URL
https://nx-cdn.nexus2wl.com/Images/banners/home/hab-gebyar-kemerdekaan-mobile.jpg
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.192.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3f9ef8174ece6e99c5baba1dcc282913dca3608011923c509e42ffaa34a9ad55
Security Headers
Name Value
Strict-Transport-Security max-age=15552001; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ebac35-4.myshopify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:32 GMT
strict-transport-security
max-age=15552001; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
32647
x-xss-protection
1; mode=block
last-modified
Mon, 14 Aug 2023 02:36:12 GMT
server
cloudflare
etag
"076da1658ced91:0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UkMU2j9ntEuEq4VqY4%2FqFJke%2B8%2F41a2EHYgP0PraQOOqookXp2LUQprqHXJ4YqLRkIGOX%2Fs0OAtHTbdjmV4Vji%2F%2Bqh%2F2bT%2FrOt0xQt6vgEZVzk2wB2iySANlriKHYDT2lBcbXMZb"}],"group":"cf-nel","max_age":604800}
content-type
image/jpeg
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
8124b264c8502a21-ORD
ionslot-cashdrop-agustus-mobile.png
nx-cdn.nexus2wl.com/Images/banners/home/
94 KB
95 KB
Image
General
Full URL
https://nx-cdn.nexus2wl.com/Images/banners/home/ionslot-cashdrop-agustus-mobile.png
Requested by
Host: ebac35-4.myshopify.com
URL: https://ebac35-4.myshopify.com/password
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.192.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
afd7fbd74fafb26338bf45e1e01d4a1fbaac8a8d135e57bcf47cb0ad88086b32
Security Headers
Name Value
Strict-Transport-Security max-age=15552001; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://ebac35-4.myshopify.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sat, 07 Oct 2023 08:15:32 GMT
strict-transport-security
max-age=15552001; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
BYPASS
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
content-length
96572
x-xss-protection
1; mode=block
last-modified
Sun, 30 Jul 2023 23:45:12 GMT
server
cloudflare
etag
"034a2e13fc3d91:0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nY0%2B8QTRY2e7uHMUOGpaQyVQoIy34pTyhColoZDb5vON1esUfsiaj5zNOX%2BIuAmN03s0o%2BT5%2BhemgIPrV7K%2F2TvOMly2ZFIIEl%2B472HzOIGPMLPwBmDTYYO1yMkCZ%2FCIXKQrEXEJ"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
cf-ray
8124b264c8512a21-ORD
amp-lightbox-gallery-0.1.mjs
cdn.ampproject.org/rtv/012309181453000/v0/
56 KB
17 KB
Script
General
Full URL
https://cdn.ampproject.org/rtv/012309181453000/v0/amp-lightbox-gallery-0.1.mjs
Requested by
Host: cdn.ampproject.org
URL: https://cdn.ampproject.org/v0.mjs
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.163.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
wv-in-f132.1e100.net
Software
sffe /
Resource Hash
5d8d74ad600c7cab8663be4b4aedbe3e2b81a0dceeae986e46bd2cefdd16d7e5
Security Headers
Name Value
Content-Security-Policy default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://ebac35-4.myshopify.com/
Origin
https://ebac35-4.myshopify.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

content-security-policy
default-src * blob: data:; script-src blob: https://cdn.ampproject.org/lts/ https://cdn.ampproject.org/rtv/ https://cdn.ampproject.org/sw/ https://cdn.ampproject.org/v0.js https://cdn.ampproject.org/v0.mjs https://cdn.ampproject.org/v0/ https://cdn.ampproject.org/viewer/; object-src 'none'; style-src 'unsafe-inline' https://cdn.ampproject.org/rtv/ https://cdn.materialdesignicons.com https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ https://cloud.typography.com https://fast.fonts.net https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com https://p.typekit.net https://pro.fontawesome.com https://use.fontawesome.com https://use.typekit.net; report-uri https://csp.withgoogle.com/csp/amp
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Tue, 03 Oct 2023 20:50:46 GMT
age
300286
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16919
x-xss-protection
0
server
sffe
etag
"95a0286106c8ce78"
vary
Accept-Encoding
report-to
{"group":"amphtml-china-available","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/amphtml-china-available"}]}
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="amphtml-china-available"
expires
Wed, 02 Oct 2024 20:50:46 GMT

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| AMP object| AMP_CONFIG object| AMP_EXP object| __AMP_LOG object| __AMP_ERRORS function| __AMP_REPORT_ERROR object| __AMP_TOP object| __AMP_SERVICES object| __AMP__EXPERIMENT_TOGGLES object| __AMP_MODE boolean| __AMP_TAG object| __AMP_EXTENDED_ELEMENTS function| __AMP_BASE_CE_CLASS

10 Cookies

Domain/Path Name / Value
ebac35-4.myshopify.com/ Name: keep_alive
Value: 4d27ff80-65d9-4521-98ae-fe8255c43609
ebac35-4.myshopify.com/ Name: secure_customer_sig
Value:
ebac35-4.myshopify.com/ Name: localization
Value: ID
.ebac35-4.myshopify.com/ Name: _cmp_a
Value: %7B%22purposes%22%3A%7B%22a%22%3Atrue%2C%22p%22%3Atrue%2C%22m%22%3Atrue%2C%22t%22%3Atrue%7D%2C%22display_banner%22%3Afalse%2C%22merchant_geo%22%3A%22ID%22%2C%22sale_of_data_region%22%3Afalse%7D
.ebac35-4.myshopify.com/ Name: _y
Value: 2a428b99-c1dc-4b2f-be4a-83d28d3bad8e
.ebac35-4.myshopify.com/ Name: _s
Value: 16468561-53ee-4ca7-90a8-ff718afec95b
.ebac35-4.myshopify.com/ Name: _shopify_y
Value: 2a428b99-c1dc-4b2f-be4a-83d28d3bad8e
.ebac35-4.myshopify.com/ Name: _shopify_s
Value: 16468561-53ee-4ca7-90a8-ff718afec95b
.ebac35-4.myshopify.com/ Name: _orig_referrer
Value:
.ebac35-4.myshopify.com/ Name: _landing_page
Value: %2Fpassword

1 Console Messages

Source Level URL
Text
network error URL: https://ebac35-4.myshopify.com/Inter.woff2
Message:
Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; frame-ancestors 'none'; upgrade-insecure-requests;
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block