urlscan.io logo urlscan.io
SecurityTrails logo

m.ter.sncf.com Open in urlscan Pro
40.66.57.111  Public Scan

Go To Rescan Add Verdict Report
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR...
Submission: On June 07 via manual from ES — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 3 domains to perform 19 HTTP transactions. The main IP is 40.66.57.111, located in Paris, France and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is m.ter.sncf.com. The Cisco Umbrella rank of the primary domain is 384816.
TLS certificate: Issued by QuoVadis Global SSL ICA G3 on February 7th 2022. Valid for: a year.
This is the only time m.ter.sncf.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
17 40.66.57.111 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 158.58.182.193 39605 (IGUANESOL...)
19 3
Apex Domain
Subdomains		 Transfer
17 sncf.com
m.ter.sncf.com — Cisco Umbrella Rank: 384816
491 KB
1 vsct.fr
mmt.vsct.fr
45 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
90 KB
19 3
Domain Requested by
17 m.ter.sncf.com m.ter.sncf.com
1 mmt.vsct.fr m.ter.sncf.com
1 www.googletagmanager.com m.ter.sncf.com
19 3

This site contains links to these domains. Also see Links.

Domain
www.ter.sncf.com
www.sncf.com
Subject Issuer Validity Valid
www.ter.sncf.com
QuoVadis Global SSL ICA G3		 2022-02-07 -
2023-02-07		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-09 -
2022-08-01		 3 months crt.sh
*.vsct.fr
Sectigo RSA Organization Validation Secure Server CA		 2020-07-13 -
2022-07-13		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Frame ID: 6431D5374376903D1915F110E7ED8D32
Requests: 19 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

| SNCF

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js

Page Statistics

19
Requests

100 %
HTTPS

33 %
IPv6

3
Domains

3
Subdomains

3
IPs

2
Countries

626 kB
Transfer

2482 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

19 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request billet-promo-facebook
m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/ 		112 KB
114 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a7aac3699682f2e43df5e6faeb8a019072700333efb9157c0d1eb450fd0f4851
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
fr-FR,fr;q=0.9

Response headers

Cache-Control
public, max-age=600, immutable;
Connection
keep-alive
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Content-Type
text/html; charset=utf-8
Date
Tue, 07 Jun 2022 11:15:21 GMT
ETag
"1c158-lGzpMEU4L/UL344stvssN2xBa1w"
Referrer-Policy
strict-origin-when-cross-origin;
Strict-Transport-Security
max-age=16070400; includeSubDomains
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Permitted-Cross-Domain-Policies
by-content-type;
fonts.css
m.ter.sncf.com/assets/fonts/ 		3 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/assets/fonts/fonts.css
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
950dc664aec57b40cfaf4eeafb2e53a0e79b8fbc13e8924f096a0956fb339f23
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:29:52 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"a7f-180d235f080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Transfer-Encoding
chunked
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
3a784ded6345c004ce33.css
m.ter.sncf.com/_next/static/css/ 		7 KB
8 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/css/3a784ded6345c004ce33.css
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e1c4b0ff7307006d15c592122ed42c5edd8bd3655b8797e8962195b5c5bf532a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"1b71-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Transfer-Encoding
chunked
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
9877.6bfcfa218445905a8e19.js
m.ter.sncf.com/_next/static/chunks/ 		19 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/9877.6bfcfa218445905a8e19.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
f82f67f381d76e7339fd79f9be15728ae081f710c950d4444fab9519c18648ba
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"4b3d-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
19261
3455.440417c8207831284b8a.js
m.ter.sncf.com/_next/static/chunks/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/3455.440417c8207831284b8a.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a462f6b98f4681cbcc08fd9479b80b5cc7fe6b302291e4bda314ca33d2f01180
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"5b7-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
1463
webpack-9ac2722fa2a0d753d598.js
m.ter.sncf.com/_next/static/chunks/ 		4 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/webpack-9ac2722fa2a0d753d598.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
771cd8e8a4387e96a7f989000f957453a968a52d7cd7f9586184000007e4eb45
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"11f9-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
4601
framework-307f6c96e18d07873461.js
m.ter.sncf.com/_next/static/chunks/ 		134 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/framework-307f6c96e18d07873461.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e0edc6fea402a06aeefa7d894f68c9bf1b0fce815151a1b901c1e8d3ad1d2744
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"21779-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
137081
main-8ffc233d89ef1d526054.js
m.ter.sncf.com/_next/static/chunks/ 		59 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/main-8ffc233d89ef1d526054.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c4769c022daa0551c06435cd6ca85577057f30319a7ecd8f9339d9cdee8cb810
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"ed0a-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
60682
_app-304c7771de263990de25.js
m.ter.sncf.com/_next/static/chunks/pages/ 		2 MB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/pages/_app-304c7771de263990de25.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"293189-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Transfer-Encoding
chunked
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
%5B...cmsContents%5D-794d7035897b2881f319.js
m.ter.sncf.com/_next/static/chunks/pages/%5Bregion%5D/ 		14 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/chunks/pages/%5Bregion%5D/%5B...cmsContents%5D-794d7035897b2881f319.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7ebeff408f8ba00d96dcfc36223e13c3cbc6535c53c9e3e80983506bdbd570de
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"39c8-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
14792
gtm.js
www.googletagmanager.com/ 		286 KB
90 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5L7L6PL
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
991f2e002c0b29ea98231114d94b6e3e391c9f50b28e8fdce5a30b78088e3daf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 07 Jun 2022 11:15:21 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
92049
x-xss-protection
0
last-modified
Tue, 07 Jun 2022 09:38:27 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Tue, 07 Jun 2022 11:15:21 GMT
headerLogo.png
m.ter.sncf.com/assets/medias/paca/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.ter.sncf.com/assets/medias/paca/headerLogo.png
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6af8d92b7cee365299165370db9dd12b12b6cdc1da3bfe77afed0f11599078d9
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:29:52 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"45b2-180d235f080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/png
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17842
promo-2ansFB-pendant-vente-384x216.png
mmt.vsct.fr/sites/default/files/swt/CPAC/2022-05/ 		45 KB
45 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://mmt.vsct.fr/sites/default/files/swt/CPAC/2022-05/promo-2ansFB-pendant-vente-384x216.png
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
158.58.182.193 Paris, France, ASN39605 (IGUANESOLUTIONS, FR),
Reverse DNS
Software
/
Resource Hash
cc29c92d37eb6cb6170eab0293ce404dbc9888be2a6c1462f0a5512602d80214
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-varnish-cache
MISS
date
Tue, 07 Jun 2022 11:15:21 GMT
x-content-type-options
nosniff
last-modified
Tue, 24 May 2022 13:04:22 GMT
age
0
etag
"b2e9-5dfc1986540c0"
content-type
image/png
access-control-allow-origin
*
expires
Tue, 21 Jun 2022 11:15:21 GMT
cache-control
max-age=1209600, private
x-cdn-srv
igu-dc3-cache-2
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
content-length
45801
x-cache-hits
0
avenir-ltstd-book.otf
m.ter.sncf.com/assets/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/assets/fonts/avenir-ltstd-book.otf
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/assets/fonts/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4fb98e778ecf8c15d92e6877f6acfff6dac74cded293cece1cca3e24193e0f6a
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://m.ter.sncf.com/assets/fonts/fonts.css
Origin
https://m.ter.sncf.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:29:52 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"6b34-180d235f080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
font/otf
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
27444
avenir-ltstd-roman.otf
m.ter.sncf.com/assets/fonts/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/assets/fonts/avenir-ltstd-roman.otf
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/assets/fonts/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
79c4a6763cd37a08c07c061494eb890d6703197796f124ed66842cc73dedb5ed
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://m.ter.sncf.com/assets/fonts/fonts.css
Origin
https://m.ter.sncf.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:29:52 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"6a28-180d235f080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
font/otf
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
27176
AvenirLTStd-Heavy.otf
m.ter.sncf.com/assets/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/assets/fonts/AvenirLTStd-Heavy.otf
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/assets/fonts/fonts.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
21bd20c236564b77d07d187b68a92281df7715acb8bdbe7241c0546d415d2abe
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

Referer
https://m.ter.sncf.com/assets/fonts/fonts.css
Origin
https://m.ter.sncf.com
accept-language
fr-FR,fr;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:29:52 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"6bf8-180d235f080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
font/otf
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
27640
footerLogo.png
m.ter.sncf.com/assets/medias/paca/ 		20 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://m.ter.sncf.com/assets/medias/paca/footerLogo.png
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b62bad0852e38911bd61ecacb796e2d16fc8108763da8c90330714ab4bf291cc
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:29:52 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"4fcb-180d235f080"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/png
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
20427
_buildManifest.js
m.ter.sncf.com/_next/static/hK2_OdZoiQlsVUBG5v0Qs/ 		6 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/hK2_OdZoiQlsVUBG5v0Qs/_buildManifest.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b724311c141d91e6a06e02a00b6ad3df5ad2d43dd3cc560b08aa1ee016edc2a1
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"18f0-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
6384
_ssgManifest.js
m.ter.sncf.com/_next/static/hK2_OdZoiQlsVUBG5v0Qs/ 		77 B
823 B 		Script
General
Check archive.org
Download Go to
Full URL
https://m.ter.sncf.com/_next/static/hK2_OdZoiQlsVUBG5v0Qs/_ssgManifest.js
Requested by
Host: m.ter.sncf.com
URL: https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.66.57.111 Paris, France, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
6f5b4aa00d2f8d6aed9935b471806bf7acef464d0c1d390260e5fe27f800c67e
Security Headers
Name Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains

Request headers

accept-language
fr-FR,fr;q=0.9
Referer
https://m.ter.sncf.com/sud-provence-alpes-cote-d-azur/tarifs-cartes/bons-plans/billet-promo-facebook?fbclid=IwAR0EYCGDR0n3k2k4324PBGsNfYYLAnq-sRXJMu7vqU2ijF4iMKLi1V_vVFQ&fs=e&s=cl
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date
Tue, 07 Jun 2022 11:15:21 GMT
Referrer-Policy
strict-origin-when-cross-origin;
Last-Modified
Tue, 17 May 2022 13:35:12 GMT
X-Permitted-Cross-Domain-Policies
by-content-type;
ETag
W/"4d-180d23ad280"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
application/javascript; charset=UTF-8
Cache-Control
public, max-age=600, immutable;
Content-Security-Policy
default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Connection
keep-alive
Accept-Ranges
bytes
Vary
Accept-Encoding
Content-Length
77

Verdicts & Comments Add Verdict or Comment

19 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| dataLayer object| google_tag_manager function| postscribe object| google_tag_manager_external object| webpackChunk_N_E undefined| _N_E object| __BUILD_MANIFEST object| __SSG_MANIFEST object| regeneratorRuntime object| __NEXT_DATA__ object| __NEXT_P object| next

2 Cookies

Domain/Path Name / Value
m.ter.sncf.com/ Name: BIGipServer7BWxnwCxCpGjUP6GZDH/DQ
Value: !TjhOEfEuTKEg8hVAZ5mfVNX6MYNJo5zyTicdc9d4kHCsiVtqocTR5bHakAAsep32dlhARv4C+Cft0Uo=
m.ter.sncf.com/ Name: TS01b10dc3
Value: 01b2b3d8e6721fb6fe6fbf5237a821213609b265d9238d8eea150f0c0f6bed277572622b7bf605ad68a2c5281ce82834a87f0629ec4a12cfb9307008c759cc4aa02a63c3fa

1 Console Messages

Source Level URL
Text
rendering error
Message:
Failed to set referrer policy: The value 'strict-origin-when-cross-origin;' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https: data: 'unsafe-inline' 'unsafe-eval' always;
Strict-Transport-Security max-age=16070400; includeSubDomains