urlscan.io logo urlscan.io
SecurityTrails logo

hcaportal.org Open in urlscan Pro
104.22.9.30  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://blos-2-dev.hcaportal.org/
Effective URL: https://hcaportal.org/slpw/login.php
Submission: On May 02 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 2 countries across 1 domains to perform 12 HTTP transactions. The main IP is 104.22.9.30, located in and belongs to CLOUDFLARENET, US. The main domain is hcaportal.org.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on August 15th 2023. Valid for: a year.
This is the only time hcaportal.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:10:... 13335 (CLOUDFLAR...)
12 104.22.9.30 13335 (CLOUDFLAR...)
12 1
Apex Domain
Subdomains		 Transfer
13 hcaportal.org
blos-2-dev.hcaportal.org
hcaportal.org
737 KB
12 1
Domain Requested by
12 hcaportal.org hcaportal.org
1 blos-2-dev.hcaportal.org 1 redirects
12 2

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-08-15 -
2024-08-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://hcaportal.org/slpw/login.php
Frame ID: 145D935EA032874F47A7A8B700847A0C
Requests: 12 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

HCA\portal Secure Sign In

Page URL History Show full URLs

  1. https://blos-2-dev.hcaportal.org/ HTTP 301
    https://hcaportal.org/slpw/login.php Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

2
Subdomains

1
IPs

2
Countries

737 kB
Transfer

1395 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://blos-2-dev.hcaportal.org/ HTTP 301
    https://hcaportal.org/slpw/login.php Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login.php
hcaportal.org/slpw/
Redirect Chain
  • https://blos-2-dev.hcaportal.org/
  • https://hcaportal.org/slpw/login.php
2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / PHP/8.2.5
Resource Hash
513bc5f790cdca6cfcbca4e1422ad8ab33d16c42706c0ca826947b74e438f11d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
no-store, no-cache, must-revalidate
cf-cache-status
DYNAMIC
cf-ray
87dbac4c08a930fa-FRA
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 02 May 2024 23:08:25 GMT
expires
Thu, 19 Nov 1981 08:52:00 GMT
pragma
no-cache
server
cloudflare
server-id
{NODE-NAME}.{NODE-ENV}
x-frame-options
SAMEORIGIN
x-powered-by
PHP/8.2.5
x-xss-protection
1; mode=block

Redirect headers

cf-cache-status
DYNAMIC
cf-ray
87dbac44ad2019ab-FRA
content-type
text/html; charset=UTF-8
date
Thu, 02 May 2024 23:08:23 GMT
location
https://hcaportal.org/slpw/login.php
server
cloudflare
server-id
{NODE-NAME}.{NODE-ENV}
x-frame-options
SAMEORIGIN
x-powered-by
PHP/8.2.5
x-xss-protection
1; mode=block
all.css
hcaportal.org/assets/font_awesome/css/ 		204 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/assets/font_awesome/css/all.css
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6d526ca96a7538925c03538cf810dc2b11b7559e64f899c3d6bd194bace2d23f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:23 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"32efb-606ceea3c795c"
x-frame-options
SAMEORIGIN
content-type
text/css
cf-ray
87dbac506bfc30fa-FRA
x-xss-protection
1; mode=block
util.css
hcaportal.org/auth/css/ 		85 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/auth/css/util.css
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27751cc48fb8c009d013ffb85f0f2b1db36530791eca74d317aec90d34f09b39
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:38 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"1531e-606ceeb26e40a"
x-frame-options
SAMEORIGIN
content-type
text/css
cf-ray
87dbac506bfd30fa-FRA
x-xss-protection
1; mode=block
main.css
hcaportal.org/auth/css/ 		8 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/auth/css/main.css
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9045f7284ac1b473d81cd5fc94ede07468a7762a893e63516dab97d11d1b00a6
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Sat, 16 Mar 2024 23:07:16 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"2053-613cf2f86b8e9"
x-frame-options
SAMEORIGIN
content-type
text/css
cf-ray
87dbac506bfe30fa-FRA
x-xss-protection
1; mode=block
hca_login_button.svg
hcaportal.org/auth/img/ 		16 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://hcaportal.org/auth/img/hca_login_button.svg
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d3a0d9a6e154a6365fea36a8711b660522ad9df830b241e886f894e0a4f05550
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Sat, 16 Mar 2024 17:45:38 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"412f-613cab13f6e86"
x-frame-options
SAMEORIGIN
content-type
image/svg+xml
cf-ray
87dbac506bff30fa-FRA
x-xss-protection
1; mode=block
jquery-3.2.1.min.js
hcaportal.org/auth/js/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/auth/js/jquery-3.2.1.min.js
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87083882cc6015984eb0411a99d3981817f5dc5c90ba24f0940420c5548d82de
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:38 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"15283-606ceeb2b77f8"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cf-ray
87dbac506c0130fa-FRA
x-xss-protection
1; mode=block
main.js
hcaportal.org/auth/js/ 		1 KB
582 B 		Script
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/auth/js/main.js
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/slpw/login.php
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a8e98b651f82ffb90e8c87af9e02bfd70e4c4c20869b58f0b172494316cfff39
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:38 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"58c-606ceeb2cdb74"
x-frame-options
SAMEORIGIN
content-type
application/javascript
cf-ray
87dbac507c0930fa-FRA
x-xss-protection
1; mode=block
fa-solid-900.woff2
hcaportal.org/assets/font_awesome/webfonts/ 		134 KB
135 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/assets/font_awesome/webfonts/fa-solid-900.woff2
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/assets/font_awesome/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68eb827a2fa6f035eab41392f863522ae5dc0d4c0c31d5245362a7f1a5aed46a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/assets/font_awesome/css/all.css
Origin
https://hcaportal.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:29 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
"219e8-606ceea9d1502"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
cf-ray
87dbac55281630fa-FRA
content-length
137704
x-xss-protection
1; mode=block
Ubuntu-Bold.ttf
hcaportal.org/auth/fonts/ubuntu/ 		324 KB
157 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/auth/fonts/ubuntu/Ubuntu-Bold.ttf
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/auth/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
679b5c1e09cab3156bb8ef529735f9382bf31ca7ac737382ab959297f8d82ad4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/auth/css/main.css
Origin
https://hcaportal.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:39 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"50f5c-606ceeb3616d9"
x-frame-options
SAMEORIGIN
content-type
font/ttf
cf-ray
87dbac55281830fa-FRA
x-xss-protection
1; mode=block
fa-duotone-900.woff2
hcaportal.org/assets/font_awesome/webfonts/ 		180 KB
180 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/assets/font_awesome/webfonts/fa-duotone-900.woff2
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/assets/font_awesome/css/all.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e228b909313044a18dec1a674cfd4935071c36eb3eb6a0cd38a45afac6ae3996
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/assets/font_awesome/css/all.css
Origin
https://hcaportal.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:25 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
"2d09c-606ceea616ad8"
x-frame-options
SAMEORIGIN
content-type
font/woff2
accept-ranges
bytes
cf-ray
87dbac55281930fa-FRA
content-length
184476
x-xss-protection
1; mode=block
Ubuntu-Regular.ttf
hcaportal.org/auth/fonts/ubuntu/ 		344 KB
170 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/auth/fonts/ubuntu/Ubuntu-Regular.ttf
Requested by
Host: hcaportal.org
URL: https://hcaportal.org/auth/css/main.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3128df86a31805618436d0ae5651ba4285d0c9de0a39057d025f64ee33bceb64
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/auth/css/main.css
Origin
https://hcaportal.org
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:25 GMT
content-encoding
gzip
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:44 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
W/"55e8c-606ceeb7e3c7b"
x-frame-options
SAMEORIGIN
content-type
font/ttf
cf-ray
87dbac55281a30fa-FRA
x-xss-protection
1; mode=block
favicon.png
hcaportal.org/assets/images/ 		12 KB
12 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://hcaportal.org/assets/images/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.22.9.30 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
820ff89a5c88b66c446abd800329492f8586260c03367be84fdeef0bd076ca77
Security Headers
Name Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://hcaportal.org/slpw/login.php
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 02 May 2024 23:08:26 GMT
server-id
{NODE-NAME}.{NODE-ENV}
last-modified
Tue, 03 Oct 2023 12:20:30 GMT
server
cloudflare
cf-cache-status
DYNAMIC
etag
"30f8-606ceeab17032"
x-frame-options
SAMEORIGIN
content-type
image/png
accept-ranges
bytes
cf-ray
87dbac5add2f30fa-FRA
content-length
12536
x-xss-protection
1; mode=block

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

1 Cookies

Domain/Path Name / Value
hcaportal.org/ Name: PHPSESSID
Value: 2g4vvt4l9k9ncbokm8hh4b7vhr

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block