urlscan.io logo urlscan.io
SecurityTrails logo

astropupcoin.xyz Open in urlscan Pro
2a02:4780:13:1703:0:1103:1f95:2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://astropupcoin.xyz/?shiny
Effective URL: https://astropupcoin.xyz/?shiny
Submission Tags: shiny c290acadafe6362a fc6b18fd85158e2b bfst honeypoter@gmail.com Search All
Submission: On December 08 via api from JP — Scanned from JP
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 6 IPs in 4 countries across 4 domains to perform 10 HTTP transactions. The main IP is 2a02:4780:13:1703:0:1103:1f95:2, located in São Paulo, Brazil and belongs to AS-HOSTINGER Hostinger International Limited, CY. The main domain is astropupcoin.xyz.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on December 5th 2024. Valid for: 3 months.
This is the only time astropupcoin.xyz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
4 2a02:4780:13:... 47583 (AS-HOSTIN...)
1 2404:6800:400... 15169 (GOOGLE)
2 2a04:4e42:200... 54113 (FASTLY)
1 142.251.222.35 15169 (GOOGLE)
1 151.101.129.229 54113 (FASTLY)
1 82.112.247.36 47583 (AS-HOSTIN...)
10 6
4    2a02:4780:13:1703:0:1103:1f95:2 (São Paulo, Brazil)

ASN47583 (AS-HOSTINGER Hostinger International Limited, CY)
astropupcoin.xyz
1    2404:6800:4004:826::200a (Australia)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
2    2a04:4e42:200::485 (United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    142.251.222.35 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: nrt13s72-in-f3.1e100.net
fonts.gstatic.com
1    151.101.129.229 (San Francisco, United States)

ASN54113 (FASTLY, US)
cdn.jsdelivr.net
1    82.112.247.36 (United Kingdom)

ASN47583 (AS-HOSTINGER Hostinger International Limited, CY)
astropupcoin.xyz
Apex Domain
Subdomains		 Transfer
5 astropupcoin.xyz
astropupcoin.xyz
293 KB
3 jsdelivr.net
cdn.jsdelivr.net — Cisco Umbrella Rank: 318
135 KB
1 gstatic.com
fonts.gstatic.com
27 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 29
1 KB
10 4
Domain Requested by
5 astropupcoin.xyz astropupcoin.xyz
3 cdn.jsdelivr.net astropupcoin.xyz
cdn.jsdelivr.net
1 fonts.gstatic.com fonts.googleapis.com
1 fonts.googleapis.com astropupcoin.xyz
10 4

This site contains links to these domains. Also see Links.

Domain
x.com
t.me
Subject Issuer Validity Valid
astropupcoin.xyz
ZeroSSL RSA Domain Secure Site CA		 2024-12-05 -
2025-03-05		 3 months crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
jsdelivr.net
GlobalSign Atlas R3 DV TLS CA 2024 Q3		 2024-07-30 -
2025-08-31		 a year crt.sh
*.gstatic.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh

This page contains 1 frames:

Primary Page: https://astropupcoin.xyz/?shiny
Frame ID: 070ED2B2CDF3E3C1695C4D7F7FF2934B
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

AstroPup - The Memecoin from Beyond the Stars

Page URL History Show full URLs

  1. http://astropupcoin.xyz/?shiny HTTP 307
    https://astropupcoin.xyz/?shiny Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
  • //cdn\.jsdelivr\.net/

Page Statistics

10
Requests

100 %
HTTPS

50 %
IPv6

4
Domains

4
Subdomains

6
IPs

4
Countries

456 kB
Transfer

842 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://astropupcoin.xyz/?shiny HTTP 307
    https://astropupcoin.xyz/?shiny Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
astropupcoin.xyz/
Redirect Chain
  • http://astropupcoin.xyz/?shiny
  • https://astropupcoin.xyz/?shiny
27 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:13:1703:0:1103:1f95:2 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
62b20792ce6e70e6ea2c892f217e0e233a36db1578f70349b053ce6b14fe08af
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1

Response headers

accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-encoding
br
content-length
2420
content-security-policy
upgrade-insecure-requests
content-type
text/html
date
Sun, 08 Dec 2024 22:02:09 GMT
etag
"6c77-6754a450-33f9e42b0fddbbf1;br"
last-modified
Sat, 07 Dec 2024 19:38:56 GMT
panel
hpanel
platform
hostinger
server
LiteSpeed
vary
Accept-Encoding

Redirect headers

Location
https://astropupcoin.xyz/?shiny
Non-Authoritative-Reason
HttpsUpgrades
css2
fonts.googleapis.com/ 		12 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@100;200;300;400;500;600;700;800;900&display=swap
Requested by
Host: astropupcoin.xyz
URL: https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4004:826::200a , Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
7315df659d57c706a762dad8cb3fbaf0911d2eb6d9374c49b92be91250e38c5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/

Response headers

strict-transport-security
max-age=31536000
cache-control
private, max-age=86400
timing-allow-origin
*
content-encoding
gzip
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Sun, 08 Dec 2024 22:02:09 GMT
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 08 Dec 2024 22:02:09 GMT
x-xss-protection
0
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
server
ESF
x-frame-options
SAMEORIGIN
bootstrap-icons.css
cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/ 		79 KB
10 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
Requested by
Host: astropupcoin.xyz
URL: https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
af35cc6aba34e5005de77099dfa72d4c1a7715d28ddcec343f48031dc8cb08bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"13a7e-T26mnA4DQx/6Ggl6RUU7WzskbYs"
age
2805695
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sun, 08 Dec 2024 22:02:09 GMT
content-type
text/css; charset=utf-8
x-served-by
cache-fra-etou8220090-FRA, cache-nrt-rjtf7700066-NRT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
10209
x-jsd-version
1.8.1
styles.css
astropupcoin.xyz/css/ 		247 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://astropupcoin.xyz/css/styles.css
Requested by
Host: astropupcoin.xyz
URL: https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:13:1703:0:1103:1f95:2 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
1950540bc5fb184ac4643f085259568dce1dce101448aad3c4e6c71d22301d85
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/?shiny

Response headers

panel
hpanel
content-security-policy
upgrade-insecure-requests
cache-control
public, max-age=604800
content-encoding
br
etag
"3dafa-675496e4-6a56bdae08dca730;br"
expires
Sun, 15 Dec 2024 22:02:09 GMT
accept-ranges
bytes
content-length
26980
date
Sun, 08 Dec 2024 22:02:09 GMT
content-type
text/css
last-modified
Sat, 07 Dec 2024 18:41:40 GMT
vary
Accept-Encoding
server
LiteSpeed
platform
hostinger
profile.png
astropupcoin.xyz/assets/ 		258 KB
258 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://astropupcoin.xyz/assets/profile.png
Requested by
Host: astropupcoin.xyz
URL: https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:13:1703:0:1103:1f95:2 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
385efe59b019074f68d0017c957ab833cb20bef9df0f459c26e24af489d3f2cb
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/?shiny

Response headers

content-security-policy
upgrade-insecure-requests
cache-control
public, max-age=604800
etag
"40629-67549d6f-dd878ca40821c310;;;"
expires
Sun, 15 Dec 2024 22:02:09 GMT
accept-ranges
bytes
content-length
263721
date
Sun, 08 Dec 2024 22:02:09 GMT
content-type
image/png
last-modified
Sat, 07 Dec 2024 19:09:35 GMT
server
LiteSpeed
platform
hostinger
panel
hpanel
bootstrap.bundle.min.js
cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/ 		79 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js
Requested by
Host: astropupcoin.xyz
URL: https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:200::485 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
9520018fa5d81f4e4dc9d06afb576f90cbbaba209cfcc6cb60e1464647f7890b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/

Response headers

access-control-expose-headers
*
content-encoding
br
etag
W/"13a24-kNFQNu9I/LM2oTW66BK0VmnxkEQ"
age
3087782
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sun, 08 Dec 2024 22:02:09 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-fra-etou8220135-FRA, cache-nrt-rjtf7700066-NRT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
24659
x-jsd-version
5.2.3
scripts.js
astropupcoin.xyz/js/ 		325 B
308 B 		Script
General
Check archive.org
Download Go to
Full URL
https://astropupcoin.xyz/js/scripts.js
Requested by
Host: astropupcoin.xyz
URL: https://astropupcoin.xyz/?shiny
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:4780:13:1703:0:1103:1f95:2 São Paulo, Brazil, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
37b318d99f41aaf48f89a7d87cde9d2d4bd49348947f50e6564af43b454c7537
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/?shiny

Response headers

panel
hpanel
content-security-policy
upgrade-insecure-requests
cache-control
public, max-age=604800
content-encoding
br
etag
"145-675496e4-6ddecc077145fb17;br"
expires
Sun, 15 Dec 2024 22:02:10 GMT
accept-ranges
bytes
content-length
181
date
Sun, 08 Dec 2024 22:02:10 GMT
content-type
application/x-javascript
last-modified
Sat, 07 Dec 2024 18:41:40 GMT
vary
Accept-Encoding
server
LiteSpeed
platform
hostinger
LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yygg_vb.woff2
fonts.gstatic.com/s/plusjakartasans/v8/ 		27 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/plusjakartasans/v8/LDIoaomQNQcsA88c7O9yZ4KMCoOg4Ko20yygg_vb.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@100;200;300;400;500;600;700;800;900&display=swap
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.251.222.35 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS
nrt13s72-in-f3.1e100.net
Software
sffe /
Resource Hash
d57815170b555601f1684e5ab21fe161e30f792e316a4ddf40aa24d27aeb6792
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://astropupcoin.xyz
Referer
https://fonts.googleapis.com/

Response headers

age
144891
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options
nosniff
expires
Sun, 07 Dec 2025 05:47:18 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sat, 07 Dec 2024 05:47:18 GMT
last-modified
Thu, 22 Jun 2023 14:14:36 GMT
content-type
font/woff2
cache-control
public, max-age=31536000
timing-allow-origin
*
cross-origin-opener-policy
same-origin; report-to="apps-themes"
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges
bytes
access-control-allow-origin
*
content-length
27376
x-xss-protection
0
server
sffe
bootstrap-icons.woff2
cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/fonts/ 		100 KB
101 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/fonts/bootstrap-icons.woff2?524846017b983fc8ded9325d94ed40f3
Requested by
Host: cdn.jsdelivr.net
URL: https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
151.101.129.229 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c874e14c63db86c4c5318c77cb557fce7036645edc7d690dcc1d23b389631b13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Origin
https://astropupcoin.xyz
Referer
https://cdn.jsdelivr.net/npm/bootstrap-icons@1.8.1/font/bootstrap-icons.css

Response headers

access-control-expose-headers
*
etag
W/"19088-HKXox9L7jp1grRof6ypG6Ywkij0"
age
3056813
x-content-type-options
nosniff
x-jsd-version-type
version
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
x-cache
HIT, HIT
date
Sun, 08 Dec 2024 22:02:09 GMT
content-type
font/woff2
x-served-by
cache-fra-eddf8230061-FRA, cache-nrt-rjtf7700020-NRT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=31536000, s-maxage=31536000, immutable
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
access-control-allow-origin
*
content-length
102536
x-jsd-version
1.8.1
favicon.ico
astropupcoin.xyz/assets/ 		15 KB
6 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://astropupcoin.xyz/assets/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
82.112.247.36 , United Kingdom, ASN47583 (AS-HOSTINGER Hostinger International Limited, CY),
Reverse DNS
Software
LiteSpeed /
Resource Hash
54fddf91197a999d6b9c972d1284ae9bad80fab10414682adeaac6a993b0ef11
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

User-Agent
Mozilla/5.0 (iPhone; CPU iPhone OS 14_7_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Mobile/15E148 Safari/604.1
Referer
https://astropupcoin.xyz/?shiny

Response headers

panel
hpanel
content-security-policy
upgrade-insecure-requests
cache-control
public, max-age=604800
content-encoding
br
etag
"3c2e-67549d6f-505dd3423a2edd07;br"
expires
Sun, 15 Dec 2024 22:02:11 GMT
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
content-length
5953
date
Sun, 08 Dec 2024 22:02:11 GMT
content-type
image/x-icon
last-modified
Sat, 07 Dec 2024 19:09:35 GMT
vary
Accept-Encoding
server
LiteSpeed
platform
hostinger

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

number| uidEvent object| bootstrap

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests