urlscan.io logo urlscan.io
SecurityTrails logo

217.145.164.243 Open in urlscan Pro
217.145.164.243  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://217.145.164.243/index.php?s=/home/page/uploadImg
Effective URL: https://217.145.164.243/index.php?s=/home/page/uploadImg
Submission: On December 21 via api from BG — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 2 countries across 1 domains to perform 12 HTTP transactions. The main IP is 217.145.164.243, located in Bulgaria and belongs to IS-BG-AS Information Services PLC, BG. The main domain is 217.145.164.243.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 10th 2024. Valid for: a year.
This is the only time 217.145.164.243 was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 217.145.164.243 16344 (IS-BG-AS ...)
1 2a00:1450:400... 15169 (GOOGLE)
12 2
Apex Domain
Subdomains		 Transfer
1 youtube.com
www.youtube.com — Cisco Umbrella Rank: 79
12 1
Domain Requested by
1 www.youtube.com 217.145.164.243
12 1

This site contains links to these domains. Also see Links.

Domain
nra.bg
Subject Issuer Validity Valid
*.nra.bg
Sectigo RSA Domain Validation Secure Server CA		 2024-06-10 -
2025-07-11		 a year crt.sh
*.google.com
WR2		 2024-12-02 -
2025-02-24		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://217.145.164.243/index.php?s=/home/page/uploadImg
Frame ID: DEE4386AFA29E683CD7F153DCD40CF8E
Requests: 11 HTTP requests in this frame

Frame: https://www.youtube.com/embed/l7XLdbC5Mao
Frame ID: D3D73028976F86D73E3AF9222ADA15D3
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

НАП проверка

Page URL History Show full URLs

  1. http://217.145.164.243/index.php?s=/home/page/uploadImg HTTP 307
    https://217.145.164.243/index.php?s=/home/page/uploadImg Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • <(?:param|embed|iframe)[^>]+youtube(?:-nocookie)?\.com/(?:v|embed)

Page Statistics

12
Requests

8 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

2
IPs

2
Countries

156 kB
Transfer

162 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://217.145.164.243/index.php?s=/home/page/uploadImg HTTP 307
    https://217.145.164.243/index.php?s=/home/page/uploadImg Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request index.php
217.145.164.243/
Redirect Chain
  • http://217.145.164.243/index.php?s=/home/page/uploadImg
  • https://217.145.164.243/index.php?s=/home/page/uploadImg
6 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://217.145.164.243/index.php?s=/home/page/uploadImg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
71513f524ace95b77afc012f28ca4164e12db0e43ac7b4af8d44386cbb3b4bf6
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com;
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin sameorigin
X-Xss-Protection 1 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate
content-encoding
gzip
content-length
2085
content-security-policy
default-src 'self'; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com;
content-type
text/html; charset=UTF-8
date
Sat, 21 Dec 2024 03:20:00 GMT
expect-ct
max-age=0
expires
Thu, 01 Jan 1970 00:00:00 GMT
feature-policy
autoplay 'none'; camera 'none'; document-domain 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; microphone 'none'; midi 'none'; payment 'none'; vr 'none'
referrer-policy
same-origin no-referrer
server
Apache
strict-transport-security
max-age=2592000
vary
Accept-Encoding
x-content-type-options
nosniff
x-download-options
noopen
x-frame-options
sameorigin sameorigin
x-permitted-cross-domain-policies
none
x-robots-tag
none
x-ua-compatible
IE=edge
x-xss-protection
1 1; mode=block

Redirect headers

Location
https://217.145.164.243/index.php?s=/home/page/uploadImg
Non-Authoritative-Reason
HttpsUpgrades
styles.css
217.145.164.243/assets/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://217.145.164.243/assets/styles.css
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/index.php?s=/home/page/uploadImg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
b820ad21c3b1685e624124edb54ba2bb875123bf752d8c549172aac71a8df664
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://217.145.164.243
Referer

Response headers

x-robots-tag
none
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
1523
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 12 Sep 2019 16:58:13 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
x-frame-options
sameorigin
home.js
217.145.164.243/assets/ 		314 B
225 B 		Script
General
Check archive.org
Download Go to
Full URL
https://217.145.164.243/assets/home.js
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/index.php?s=/home/page/uploadImg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
0bafda400d35d3f35d3a7b18c07f5ca847487412b6cbc37416d2fa35396cde3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
content-encoding
gzip
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
169
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
x-frame-options
sameorigin
logo.svg
217.145.164.243/assets/images/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/logo.svg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/index.php?s=/home/page/uploadImg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
c08a34ae414689740200836e388228a487befdd4ed0e789f3a8a8cc008cec5d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
46044
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
sameorigin
l7XLdbC5Mao
www.youtube.com/embed/ Frame D3D7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.youtube.com/embed/l7XLdbC5Mao
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/index.php?s=/home/page/uploadImg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
br
content-security-policy
require-trusted-types-for 'script'
content-type
text/html; charset=utf-8
cross-origin-opener-policy-report-only
same-origin; report-to="youtube_main"
cross-origin-resource-policy
cross-origin
date
Sat, 21 Dec 2024 03:17:32 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
origin-trial
AmhMBR6zCLzDDxpW+HfpP67BqwIknWnyMOXOQGfzYswFmJe+fgaI6XZgAzcxOrzNtP7hEDsOo1jdjFnVr2IdxQ4AAAB4eyJvcmlnaW4iOiJodHRwczovL3lvdXR1YmUuY29tOjQ0MyIsImZlYXR1cmUiOiJXZWJWaWV3WFJlcXVlc3RlZFdpdGhEZXByZWNhdGlvbiIsImV4cGlyeSI6MTc1ODA2NzE5OSwiaXNTdWJkb21haW4iOnRydWV9
p3p
CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=de for more info."
permissions-policy
ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
pragma
no-cache
report-to
{"group":"youtube_main","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/youtube_main"}]}
server
ESF
strict-transport-security
max-age=31536000
vary
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-content-type-options
nosniff
x-xss-protection
0
bg.jpg
217.145.164.243/assets/images/ 		95 KB
96 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/bg.jpg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/assets/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
f9f292a499645ee489b3bb0e9b859acabc5aa89752b43655de5292de0b77e14e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
97098
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/jpeg
server
Apache
x-frame-options
sameorigin
language.svg
217.145.164.243/assets/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/language.svg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/assets/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
6d7193d2268af6a27b1931a592838e0107ab0b8e39c5022379dd3ef7fa5caa9a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
1252
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
sameorigin
check.svg
217.145.164.243/assets/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/check.svg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/assets/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
0f2653f7a9d33d61bb5c7e90782e9d3c63f12a05dd3ddfcd100c99e6081cf864
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
2809
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
sameorigin
more.svg
217.145.164.243/assets/images/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/more.svg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/assets/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
e7a29064c512469f7e5e56d47dd28f12c1a829290a30041dd3a159607855b9c4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
2694
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
sameorigin
help.svg
217.145.164.243/assets/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/help.svg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/assets/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
bc1530c9ae7ec221e3569bf2a42f1c9d0ace3aba82d2f809b5e84d99f344aef5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
1205
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
sameorigin
faq.svg
217.145.164.243/assets/images/ 		948 B
985 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://217.145.164.243/assets/images/faq.svg
Requested by
Host: 217.145.164.243
URL: https://217.145.164.243/assets/styles.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
111b4b3301a912b4057318de473a51f0c192b26f1c0838644729a81b84caf6de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
948
date
Sat, 21 Dec 2024 03:20:00 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:18 GMT
content-type
image/svg+xml
server
Apache
x-frame-options
sameorigin
favicon.ico
217.145.164.243/ 		1 KB
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://217.145.164.243/favicon.ico
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
217.145.164.243 , Bulgaria, ASN16344 (IS-BG-AS Information Services PLC, BG),
Reverse DNS
Software
Apache /
Resource Hash
703daf16e740ddf4ee513c1cf24b346f0a5f26442c51921e2e1bb3b77252e250
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

x-robots-tag
none
x-permitted-cross-domain-policies
none
x-content-type-options
nosniff
x-download-options
noopen
referrer-policy
no-referrer
accept-ranges
bytes
content-length
1406
date
Sat, 21 Dec 2024 03:20:01 GMT
x-xss-protection
1; mode=block
last-modified
Thu, 05 Sep 2019 06:49:22 GMT
content-type
image/vnd.microsoft.icon
server
Apache
x-frame-options
sameorigin

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

3 Cookies

Domain/Path Name / Value
.youtube.com/ Name: YSC
Value: P9yUwcYpbE0
.youtube.com/ Name: VISITOR_INFO1_LIVE
Value: W--kuzY5Amw
.youtube.com/ Name: VISITOR_PRIVACY_METADATA
Value: CgJERRIEEgAgUg%3D%3D

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'document-domain'.
security warning
Message:
Error with Feature-Policy header: Unrecognized feature: 'vr'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'none'; script-src 'self' https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/; frame-src *.youtube.com *.youtube-nocookie.com https://www.google.com/recaptcha/; base-uri 'none'; font-src 'self' data: https://fonts.gstatic.com;
Strict-Transport-Security max-age=2592000
X-Content-Type-Options nosniff
X-Frame-Options sameorigin sameorigin
X-Xss-Protection 1 1; mode=block