URL: https://cliente2.arturodiazlora.online/
Submission Tags: @ecarlesi possiblethreat #phishing Search All
Submission: On October 08 via api from AU — Scanned from FI

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 65.21.110.0, located in Helsinki, Finland and belongs to HETZNER-AS, DE. The main domain is cliente2.arturodiazlora.online.
TLS certificate: Issued by R3 on October 8th 2023. Valid for: 3 months.
This is the only time cliente2.arturodiazlora.online was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
14 65.21.110.0 24940 (HETZNER-AS)
14 2
Apex Domain
Subdomains
Transfer
14 arturodiazlora.online
cliente2.arturodiazlora.online
4 MB
14 1
Domain Requested by
14 cliente2.arturodiazlora.online cliente2.arturodiazlora.online
14 1

This site contains links to these domains. Also see Links.

Domain
docs.nextcloud.com
nextcloud.com
Subject Issuer Validity Valid
cliente2.arturodiazlora.online
R3
2023-10-08 -
2024-01-06
3 months crt.sh

This page contains 1 frames:

Primary Page: https://cliente2.arturodiazlora.online/
Frame ID: C758800541A496E9A75CDD8059B7E8AF
Requests: 15 HTTP requests in this frame

Screenshot

Page Title

Nextcloud

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

2
IPs

1
Countries

4251 kB
Transfer

17262 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cliente2.arturodiazlora.online/
7 KB
4 KB
Document
General
Full URL
https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
5ace068a2e1079f0ed4a107ec4b61e5df611ff42930353d1f4b9235522e3b52e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'nonce-SXRyZUpCeGNKcnkvQThhTEo2NWtEK2xmL0o1WVNOOGxlUnEwanBNNXg2dz06Y3JTM1kyNElhZDdWWWFDN1Jkb2xPWThGcnFrb1orbHRMbExCN01WVDdKaz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36
accept-language
fi-FI,fi;q=0.9

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2468
content-security-policy
default-src 'self'; script-src 'self' 'nonce-SXRyZUpCeGNKcnkvQThhTEo2NWtEK2xmL0o1WVNOOGxlUnEwanBNNXg2dz06Y3JTM1kyNElhZDdWWWFDN1Jkb2xPWThGcnFrb1orbHRMbExCN01WVDdKaz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
content-type
text/html; charset=UTF-8
date
Sun, 08 Oct 2023 21:28:04 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
referrer-policy
no-referrer
server
openresty
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-robots-tag
noindex, nofollow
x-served-by
cliente2.arturodiazlora.online
x-xss-protection
1; mode=block
server.css
cliente2.arturodiazlora.online/core/css/
112 KB
17 KB
Stylesheet
General
Full URL
https://cliente2.arturodiazlora.online/core/css/server.css?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
3c5ed6bf074b8a5d156b2ab95c442f9c3e01d36f1ce687f07ab28e9388b67f31

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"1c0d1-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
16843
x-served-by
cliente2.arturodiazlora.online
default.css
cliente2.arturodiazlora.online/apps/theming/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://cliente2.arturodiazlora.online/apps/theming/css/default.css?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
cf1c3eb95b33f58d1851eda20b54202df68cdc019cd09c779ddb814356d0b664

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"cb5-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
1024
x-served-by
cliente2.arturodiazlora.online
guest.css
cliente2.arturodiazlora.online/core/css/
16 KB
5 KB
Stylesheet
General
Full URL
https://cliente2.arturodiazlora.online/core/css/guest.css?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
ecc5a7a2dfdc4ec25a3a8c272780b9d838eae929cc7b7917bd912606338a0706

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"3eeb-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
4493
x-served-by
cliente2.arturodiazlora.online
core-common.js
cliente2.arturodiazlora.online/dist/
15 MB
3 MB
Script
General
Full URL
https://cliente2.arturodiazlora.online/dist/core-common.js?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
91fe84d98cb2ac9e60fbf98b875c3d1411fde4aeb1f076a231b5efdde10e6992

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"f5b634-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
x-served-by
cliente2.arturodiazlora.online
core-main.js
cliente2.arturodiazlora.online/dist/
153 KB
50 KB
Script
General
Full URL
https://cliente2.arturodiazlora.online/dist/core-main.js?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
22d070212a8e1819211ff8a269606d3480ba962e0b99fcc0d26e821d560325b1

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"26430-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
51376
x-served-by
cliente2.arturodiazlora.online
fi.js
cliente2.arturodiazlora.online/core/l10n/
38 KB
13 KB
Script
General
Full URL
https://cliente2.arturodiazlora.online/core/l10n/fi.js?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
c7ee342d41ea123f0446028cd9b4333dccf0a188d9e6d396c3b4a929ad174315

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"9697-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
12909
x-served-by
cliente2.arturodiazlora.online
core-install.js
cliente2.arturodiazlora.online/dist/
6 KB
3 KB
Script
General
Full URL
https://cliente2.arturodiazlora.online/dist/core-install.js?v=ba222ded25d957b900c03bef914333cd
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
9b15d0e4a70bd92e48df46ad6a7c0c4a301c5a5f0b5103d0245a9f55bdf686f0

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"196a-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
content-length
2754
x-served-by
cliente2.arturodiazlora.online
toggle.svg
cliente2.arturodiazlora.online/core/img/actions/
307 B
481 B
Image
General
Full URL
https://cliente2.arturodiazlora.online/core/img/actions/toggle.svg
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
7461d6ded74f9720a057ad8e83a2d247968c852c844b0b492677edebb3f5f323

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"133-602650b7da500"
content-type
image/svg+xml
accept-ranges
bytes
content-length
307
x-served-by
cliente2.arturodiazlora.online
caret.svg
cliente2.arturodiazlora.online/core/img/actions/
133 B
306 B
Image
General
Full URL
https://cliente2.arturodiazlora.online/core/img/actions/caret.svg
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
6e09b4870296d102bfa993726bf8382e20eec09c59ec4a586c72839b8c5ee019

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"85-602650b7da500"
content-type
image/svg+xml
accept-ranges
bytes
content-length
133
x-served-by
cliente2.arturodiazlora.online
icons.css
cliente2.arturodiazlora.online/dist/
211 KB
30 KB
Stylesheet
General
Full URL
https://cliente2.arturodiazlora.online/dist/icons.css
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/core/css/server.css?v=ba222ded25d957b900c03bef914333cd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
6eb93cc2f1bf847a09cfe1d3186c2fc5a707b3353ed58e634d7ace869ba8b7d7

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"34ce1-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/css
accept-ranges
bytes
content-length
30166
x-served-by
cliente2.arturodiazlora.online
kamil-porembinski-clouds.jpg
cliente2.arturodiazlora.online/apps/theming/img/background/
186 KB
186 KB
Image
General
Full URL
https://cliente2.arturodiazlora.online/apps/theming/img/background/kamil-porembinski-clouds.jpg
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/core/css/guest.css?v=ba222ded25d957b900c03bef914333cd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
2f34636d12e5a59e6798cbece88456148131af4ca16946dab87db7ee47d53b4c

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://cliente2.arturodiazlora.online/core/css/guest.css?v=ba222ded25d957b900c03bef914333cd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"2e756-602650b7da500"
content-type
image/jpeg
accept-ranges
bytes
content-length
190294
x-served-by
cliente2.arturodiazlora.online
logo.svg
cliente2.arturodiazlora.online/core/img/logo/
815 B
989 B
Image
General
Full URL
https://cliente2.arturodiazlora.online/core/img/logo/logo.svg
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/core/css/guest.css?v=ba222ded25d957b900c03bef914333cd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
7b762288d5b7bf4d5d3fd83c5caac1792dc525f1aab4b70968cb9fb9a113867f

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
https://cliente2.arturodiazlora.online/core/css/guest.css?v=ba222ded25d957b900c03bef914333cd
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:04 GMT
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"32f-602650b7da500"
content-type
image/svg+xml
accept-ranges
bytes
content-length
815
x-served-by
cliente2.arturodiazlora.online
truncated
/
389 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cb3fe26cfc13dc1a209926a6f6b5a9552b9aa1953c4f469a73c9fae363926dac

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

Content-Type
image/svg+xml
zxcvbn.js
cliente2.arturodiazlora.online/core/vendor/zxcvbn/dist/
802 KB
391 KB
Script
General
Full URL
https://cliente2.arturodiazlora.online/core/vendor/zxcvbn/dist/zxcvbn.js
Requested by
Host: cliente2.arturodiazlora.online
URL: https://cliente2.arturodiazlora.online/dist/core-common.js?v=ba222ded25d957b900c03bef914333cd
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.21.110.0 Helsinki, Finland, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.0.110.21.65.clients.your-server.de
Software
openresty /
Resource Hash
6677fc15d245f397f52d5d0998f3a86f9aae752ae7b3ca4b3d9eaa91dffe174a

Request headers

accept-language
fi-FI,fi;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.149 Safari/537.36

Response headers

date
Sun, 08 Oct 2023 21:28:05 GMT
content-encoding
gzip
last-modified
Tue, 08 Aug 2023 08:21:08 GMT
server
openresty
etag
"c89cf-602650b7da500-gzip"
vary
Accept-Encoding
content-type
text/javascript
accept-ranges
bytes
x-served-by
cliente2.arturodiazlora.online

Verdicts & Comments Add Verdict or Comment

20 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| webpackChunknextcloud function| clearImmediate function| setImmediate object| regeneratorRuntime function| applyFocusVisiblePolyfill object| _nc_event_bus object| Backbone object| dav object| __vueuse_ssr_handlers__ object| Select2 function| Snap function| _ object| OC object| OCP object| OCA function| t function| n object| _oc_l10n_registry_translations object| _oc_l10n_registry_plural_functions function| zxcvbn

4 Cookies

Domain/Path Name / Value
cliente2.arturodiazlora.online/ Name: oc_sessionPassphrase
Value: A%2FhDjz5j0Y3VKczLhJPI2RGYmiLKmc7%2FlEz5dIJTaW7hde5bglZKAhyIg6dUcXqASnEh7uucOKYESnnzeiuubM9ZNK4D9agvfFrpeu9kpopTCs62vMi9g%2FWr%2FtOuRXpj
cliente2.arturodiazlora.online/ Name: nc_sameSiteCookielax
Value: true
cliente2.arturodiazlora.online/ Name: nc_sameSiteCookiestrict
Value: true
cliente2.arturodiazlora.online/ Name: oc1lq76cj83o
Value: sk47ph06phc68lu3u481bt1nuc

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'nonce-SXRyZUpCeGNKcnkvQThhTEo2NWtEK2xmL0o1WVNOOGxlUnEwanBNNXg2dz06Y3JTM1kyNElhZDdWWWFDN1Jkb2xPWThGcnFrb1orbHRMbExCN01WVDdKaz0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block