urlscan.io logo urlscan.io
SecurityTrails logo

identity.apetito.co.uk Open in urlscan Pro
2606:4700::6812:846  Public Scan

Go To Rescan Add Verdict Report
URL: https://identity.apetito.co.uk/
Submission: On July 11 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 4 IPs in 3 countries across 4 domains to perform 11 HTTP transactions. The main IP is 2606:4700::6812:846, located in United States and belongs to CLOUDFLARENET, US. The main domain is identity.apetito.co.uk.
TLS certificate: Issued by E6 on July 11th 2024. Valid for: 3 months.
This is the only time identity.apetito.co.uk was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:133... 15133 (EDGECAST)
1 20.150.3.228 8075 (MICROSOFT...)
2 20.50.88.244 8075 (MICROSOFT...)
11 4
Apex Domain
Subdomains		 Transfer
7 apetito.co.uk
identity.apetito.co.uk
157 KB
2 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 878
200 B
1 windows.net
apetitocoreapistorage.blob.core.windows.net
204 KB
1 msecnd.net
az416426.vo.msecnd.net — Cisco Umbrella Rank: 5521
47 KB
11 4
Domain Requested by
7 identity.apetito.co.uk identity.apetito.co.uk
2 dc.services.visualstudio.com az416426.vo.msecnd.net
1 apetitocoreapistorage.blob.core.windows.net identity.apetito.co.uk
1 az416426.vo.msecnd.net identity.apetito.co.uk
11 4

This site contains links to these domains. Also see Links.

Domain
apetitocoreapistorage.blob.core.windows.net
Subject Issuer Validity Valid
identity.apetito.co.uk
E6		 2024-07-11 -
2024-10-09		 3 months crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2024-06-06 -
2025-06-06		 a year crt.sh
*.blob.core.windows.net
Microsoft Azure RSA TLS Issuing CA 04		 2024-06-17 -
2025-06-12		 a year crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-06-24 -
2025-06-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://identity.apetito.co.uk/
Frame ID: CFF6BC244666B8195769A930534811F3
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

apetito

Page Statistics

11
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

4
IPs

3
Countries

409 kB
Transfer

528 kB
Size

4
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
identity.apetito.co.uk/ 		2 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://identity.apetito.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4604f2bdc62592f1420437c3903b8260a3622239ada8f1efa7c0aa957574d179
Security Headers
Name Value
Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests;connect-src 'self' https://dc.services.visualstudio.com; img-src 'self' https:; script-src 'self' 'sha256-hD95TBgUJRII9mIJfs5UWjxXhpojhCfSn8yiMYKyyYc=' 'sha256-r8hVS4zKd7ZmhzZ40/6X8lKeAfpFrY60y+LalwZlZHE=' https://az416426.vo.msecnd.net;
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests;connect-src 'self' https://dc.services.visualstudio.com; img-src 'self' https:; script-src 'self' 'sha256-hD95TBgUJRII9mIJfs5UWjxXhpojhCfSn8yiMYKyyYc=' 'sha256-r8hVS4zKd7ZmhzZ40/6X8lKeAfpFrY60y+LalwZlZHE=' https://az416426.vo.msecnd.net;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

cf-cache-status
DYNAMIC
cf-ray
8a1881123e511959-FRA
content-encoding
gzip
content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests;connect-src 'self' https://dc.services.visualstudio.com; img-src 'self' https:; script-src 'self' 'sha256-hD95TBgUJRII9mIJfs5UWjxXhpojhCfSn8yiMYKyyYc=' 'sha256-r8hVS4zKd7ZmhzZ40/6X8lKeAfpFrY60y+LalwZlZHE=' https://az416426.vo.msecnd.net;
content-type
text/html; charset=utf-8
date
Thu, 11 Jul 2024 11:37:54 GMT
permissions-policy
accelerometer=(), autoplay=(), camera=(), clipboard-read=(), clipboard-write=(), cross-origin-isolated=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()
referrer-policy
no-referrer
request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
server
cloudflare
strict-transport-security
max-age=2592000
x-content-security-policy
default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests;connect-src 'self' https://dc.services.visualstudio.com; img-src 'self' https:; script-src 'self' 'sha256-hD95TBgUJRII9mIJfs5UWjxXhpojhCfSn8yiMYKyyYc=' 'sha256-r8hVS4zKd7ZmhzZ40/6X8lKeAfpFrY60y+LalwZlZHE=' https://az416426.vo.msecnd.net;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
site.css
identity.apetito.co.uk/css/ 		3 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://identity.apetito.co.uk/css/site.css
Requested by
Host: identity.apetito.co.uk
URL: https://identity.apetito.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb82116adba61529b09683a24d9e941c345b12a9db86092aef6d1e22e4fcff08
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
date
Thu, 11 Jul 2024 11:37:54 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 29 Jun 2023 13:57:56 GMT
server
cloudflare
etag
W/"1d9aa91b48900b7"
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=14400
cf-ray
8a1881131f901959-FRA
expires
Thu, 11 Jul 2024 15:37:54 GMT
apetito-wff-logo.svg
identity.apetito.co.uk/assets/images/ 		22 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://identity.apetito.co.uk/assets/images/apetito-wff-logo.svg
Requested by
Host: identity.apetito.co.uk
URL: https://identity.apetito.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc29beec153ae0a79116ad3de4c2450ba0253ddb9a0e6acc6e7b78a00009f503
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
date
Thu, 11 Jul 2024 11:37:54 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 29 Jun 2023 13:57:56 GMT
server
cloudflare
etag
W/"1d9aa91b4895de2"
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=14400
cf-ray
8a1881131f931959-FRA
expires
Thu, 11 Jul 2024 15:37:54 GMT
ai.2.min.js
az416426.vo.msecnd.net/scripts/b/ 		120 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Requested by
Host: identity.apetito.co.uk
URL: https://identity.apetito.co.uk/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CFD) /
Resource Hash
bde9be4cbe799089a419225f87c2a9986043f6c7cb55853aaadab7200713f136

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Thu, 11 Jul 2024 11:37:54 GMT
content-encoding
gzip
x-ms-meta-lastmodified
2020-10-07 00:07:47
content-md5
MPOa5dHQWkOQRqdkBRC0hg==
age
1178
x-cache
HIT
x-ms-meta-aijssdksrc
[cdn]/scripts/b/ai.2.8.18.min.js
content-length
48078
x-ms-lease-status
unlocked
last-modified
Wed, 20 Mar 2024 17:31:27 GMT
server
ECAcc (frc/4CFD)
x-ms-meta-aijssdkver
2.8.18
etag
0x8DC490392FC747D
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
x-ms-request-id
97972f0d-101e-0005-7784-d31204000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800, immutable, no-transform
x-ms-version
2009-09-19
expires
Thu, 11 Jul 2024 12:07:54 GMT
login-bg.jpg
apetitocoreapistorage.blob.core.windows.net/aadb2capetito/assets/images/ 		204 KB
204 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://apetitocoreapistorage.blob.core.windows.net/aadb2capetito/assets/images/login-bg.jpg
Requested by
Host: identity.apetito.co.uk
URL: https://identity.apetito.co.uk/css/site.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
20.150.3.228 Cardiff, United Kingdom, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
2b53bc602df2f740d42039c66bab2ca6b5395a73de5f5227824da73d9487f209

Request headers

Referer
https://identity.apetito.co.uk/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Thu, 11 Jul 2024 11:37:53 GMT
Last-Modified
Thu, 07 Dec 2023 15:06:04 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
rrs0n9EOwYYRD1yEBqmzLQ==
ETag
"0x8DBF736086146E6"
Content-Type
image/jpeg
Access-Control-Allow-Origin
*
x-ms-request-id
14dfa6a8-b01e-003e-2786-d3e17a000000
x-ms-version
2014-02-14
Content-Disposition
Accept-Ranges
bytes
Content-Length
208597
x-ms-lease-state
available
TheSans_B2_700_.woff
identity.apetito.co.uk/assets/fonts/ 		87 KB
71 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identity.apetito.co.uk/assets/fonts/TheSans_B2_700_.woff
Requested by
Host: identity.apetito.co.uk
URL: https://identity.apetito.co.uk/css/site.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
430bc02d4e081cae274d81e5adac7bd6c83a46e4abb05dba1cfa7923c435d7fa
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://identity.apetito.co.uk/css/site.css
Origin
https://identity.apetito.co.uk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
date
Thu, 11 Jul 2024 11:37:54 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 29 Jun 2023 13:57:56 GMT
server
cloudflare
etag
W/"1d9aa91b488518e"
vary
Accept-Encoding
content-type
application/font-woff
cache-control
public, max-age=14400
cf-ray
8a188114190d1959-FRA
expires
Thu, 11 Jul 2024 15:37:54 GMT
TheSans_B2_500_.woff
identity.apetito.co.uk/assets/fonts/ 		89 KB
74 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://identity.apetito.co.uk/assets/fonts/TheSans_B2_500_.woff
Requested by
Host: identity.apetito.co.uk
URL: https://identity.apetito.co.uk/css/site.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3da66f1ab3b43bc880718b42bbbcc56247c6d29dc536b4aa0df7e2be8447f817
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://identity.apetito.co.uk/css/site.css
Origin
https://identity.apetito.co.uk
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
date
Thu, 11 Jul 2024 11:37:54 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 29 Jun 2023 13:57:56 GMT
server
cloudflare
etag
W/"1d9aa91b48868cc"
vary
Accept-Encoding
content-type
application/font-woff
cache-control
public, max-age=14400
cf-ray
8a18811419111959-FRA
expires
Thu, 11 Jul 2024 15:37:54 GMT
track
dc.services.visualstudio.com/v2/ 		96 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.244 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
025cf5df42e671fd74c007417645c8411ee547d1db9b7c544457e6dd6f63c910
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
Sdk-Context
appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Thu, 11 Jul 2024 11:37:54 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
track
dc.services.visualstudio.com/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.244 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://identity.apetito.co.uk
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Thu, 11 Jul 2024 11:37:54 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
favicon.ico
identity.apetito.co.uk/ 		650 B
762 B 		Other
General
Check archive.org
Download Go to
Full URL
https://identity.apetito.co.uk/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
189262cb25c6f3a75fe7331ac49221875522556912af792429ef38d03f78c272
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
date
Thu, 11 Jul 2024 11:37:54 GMT
strict-transport-security
max-age=2592000
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 29 Jun 2023 13:57:56 GMT
server
cloudflare
etag
W/"1d9aa91b489088a"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=14400
cf-ray
8a188115cbf31959-FRA
expires
Thu, 11 Jul 2024 15:37:54 GMT
favicon.ico
identity.apetito.co.uk/ 		650 B
0 		Other
General
Check archive.org
Download Go to
Full URL
https://identity.apetito.co.uk/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:846 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
189262cb25c6f3a75fe7331ac49221875522556912af792429ef38d03f78c272

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

request-context
appId=cid-v1:cbbab940-1604-4e05-9300-adc99cd67f00
date
Thu, 11 Jul 2024 11:37:54 GMT
content-encoding
gzip
cf-cache-status
MISS
last-modified
Thu, 29 Jun 2023 13:57:56 GMT
server
cloudflare
etag
W/"1d9aa91b489088a"
vary
Accept-Encoding
content-type
image/x-icon
cache-control
public, max-age=14400
cf-ray
8a188115cbf31959-FRA
expires
Thu, 11 Jul 2024 15:37:54 GMT

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| sdkInstance string| aiName object| aisdk string| appInsightsSDK object| appInsights object| Microsoft object| __dynProto$Gbl

4 Cookies

Domain/Path Name / Value
.identity.apetito.co.uk/ Name: ARRAffinity
Value: 1f71a6c8be365e5ec93870191f44738c8a1bde045b3c4cf1f01669c120e203ba
.identity.apetito.co.uk/ Name: ARRAffinitySameSite
Value: 1f71a6c8be365e5ec93870191f44738c8a1bde045b3c4cf1f01669c120e203ba
identity.apetito.co.uk/ Name: ai_user
Value: lxTuo9r+kf+iZP8A0V9JHh|2024-07-11T11:37:54.628Z
identity.apetito.co.uk/ Name: ai_session
Value: 7hUGeKEzJVa781qOU62Vt3|1720697874834|1720697874834

2 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'document-domain'.
security warning URL: https://identity.apetito.co.uk/
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests;connect-src 'self' https://dc.services.visualstudio.com; img-src 'self' https:; script-src 'self' 'sha256-hD95TBgUJRII9mIJfs5UWjxXhpojhCfSn8yiMYKyyYc=' 'sha256-r8hVS4zKd7ZmhzZ40/6X8lKeAfpFrY60y+LalwZlZHE=' https://az416426.vo.msecnd.net;
Strict-Transport-Security max-age=2592000
X-Content-Security-Policy default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';upgrade-insecure-requests;connect-src 'self' https://dc.services.visualstudio.com; img-src 'self' https:; script-src 'self' 'sha256-hD95TBgUJRII9mIJfs5UWjxXhpojhCfSn8yiMYKyyYc=' 'sha256-r8hVS4zKd7ZmhzZ40/6X8lKeAfpFrY60y+LalwZlZHE=' https://az416426.vo.msecnd.net;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block