Submitted URL: https://rss.dischord.org/
Effective URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Submission Tags: phishingrod
Submission: On August 20 via api from DE — Scanned from GB

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 12 HTTP transactions. The main IP is 193.16.110.76, located in United Kingdom and belongs to BOGONS-ASN, GB. The main domain is rss.dischord.org.
TLS certificate: Issued by R11 on August 19th 2024. Valid for: 3 months.
This is the only time rss.dischord.org was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 13 193.16.110.76 3213 (BOGONS-ASN)
12 1
Apex Domain
Subdomains
Transfer
13 dischord.org
rss.dischord.org
112 KB
12 1
Domain Requested by
13 rss.dischord.org 1 redirects rss.dischord.org
12 1

This site contains no links.

Subject Issuer Validity Valid
rss.dischord.org
R11
2024-08-19 -
2024-11-17
3 months crt.sh

This page contains 1 frames:

Primary Page: https://rss.dischord.org/i/?rid=66c43985f09ed
Frame ID: 881B29BD8744AED95F7090E9CCF022CE
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Login ยท FreshRSS

Page URL History Show full URLs

  1. https://rss.dischord.org/ HTTP 302
    https://rss.dischord.org/i/?rid=66c43985f09ed Page URL

Page Statistics

12
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

112 kB
Transfer

248 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://rss.dischord.org/ HTTP 302
    https://rss.dischord.org/i/?rid=66c43985f09ed Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
rss.dischord.org/i/
Redirect Chain
  • https://rss.dischord.org/
  • https://rss.dischord.org/i/?rid=66c43985f09ed
6 KB
3 KB
Document
General
Full URL
https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
c6fe9f41dc77ae8670fcb02b7f095d4f94311c0767129fef645b64616248fc73
Security Headers
Name Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
private, must-revalidate, max-age=0
content-encoding
gzip
content-security-policy
default-src 'self'
content-type
text/html; charset=UTF-8
date
Tue, 20 Aug 2024 06:36:54 GMT
etag
"665a49c28497175a6294a182a586bb08-gzip"
last-modified
Tue, 20 Aug 2024 06:36:54 GMT
referrer-policy
no-referrer-when-downgrade
server
Apache/2.4.57 (Debian)
strict-transport-security
max-age=31536000
vary
Accept-Encoding Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-xss-protection
1; mode=block

Redirect headers

content-length
0
content-type
text/html; charset=UTF-8
date
Tue, 20 Aug 2024 06:36:53 GMT
location
/i/?rid=66c43985f09ed
referrer-policy
no-referrer-when-downgrade
server
Apache/2.4.57 (Debian)
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-frame-options
DENY
x-xss-protection
1; mode=block
frss.css
rss.dischord.org/themes/base-theme/
40 KB
8 KB
Stylesheet
General
Full URL
https://rss.dischord.org/themes/base-theme/frss.css?1698692164
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
dbb702832055abe4c85596ae75c64c2b7067231f06df2edeabe8460aac097f64
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rss.dischord.org/i/?rid=66c43985f09ed
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
8550
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
origine.css
rss.dischord.org/themes/Origine/
28 KB
5 KB
Stylesheet
General
Full URL
https://rss.dischord.org/themes/Origine/origine.css?1698692164
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
e9afc607998990de1e3315936d3ff24041bbbdf81f6ac35d06418b5f2a6bb0ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rss.dischord.org/i/?rid=66c43985f09ed
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
5318
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
main.js
rss.dischord.org/scripts/
56 KB
13 KB
Script
General
Full URL
https://rss.dischord.org/scripts/main.js?1698692164
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
c3594f56ae67b758f74d8a8109584035b9c270449a9aa80fadbe90a82672bd09
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rss.dischord.org/i/?rid=66c43985f09ed
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
13315
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
extra.js
rss.dischord.org/scripts/
9 KB
3 KB
Script
General
Full URL
https://rss.dischord.org/scripts/extra.js?1698692164
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
91ad9020e2fdffd633cfe259b33679eae77e12feff4686e64ae80400a22fdd05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rss.dischord.org/i/?rid=66c43985f09ed
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
3033
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
bcrypt.min.js
rss.dischord.org/scripts/
25 KB
11 KB
Script
General
Full URL
https://rss.dischord.org/scripts/bcrypt.min.js?1698692164
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
0f11720f78bedc2b3dcbb4705ee963aa2d111e14390cf8f939d8951d79057f4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rss.dischord.org/i/?rid=66c43985f09ed
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
11140
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
OpenSans.woff2
rss.dischord.org/themes/fonts/
61 KB
61 KB
Font
General
Full URL
https://rss.dischord.org/themes/fonts/OpenSans.woff2
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/themes/base-theme/frss.css?1698692164
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
3cfb28778895d6adca324710b2000c6e15ef5a7b88d461f39b29ff6fb877b778
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://rss.dischord.org/themes/base-theme/frss.css?1698692164
Origin
https://rss.dischord.org
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding
x-frame-options
DENY
content-type
font/woff2
cache-control
max-age=2592000, public
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
FreshRSS-logo.svg
rss.dischord.org/themes/icons/
5 KB
2 KB
Image
General
Full URL
https://rss.dischord.org/themes/icons/FreshRSS-logo.svg
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
6f2204dd7f6c45678f263880c383a3b4e044ff85562cccad83a3fb7b93a554be
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
date
Tue, 20 Aug 2024 06:36:54 GMT
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
strict-transport-security
max-age=31536000
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
1950
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
login.svg
rss.dischord.org/themes/icons/
501 B
432 B
Image
General
Full URL
https://rss.dischord.org/themes/icons/login.svg
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
927cdd428e37be097be89ee529f9d20f5db279f741e3fa0bd86df556524507f0
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
date
Tue, 20 Aug 2024 06:36:54 GMT
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
strict-transport-security
max-age=31536000
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
328
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
key.svg
rss.dischord.org/themes/icons/
526 B
392 B
Image
General
Full URL
https://rss.dischord.org/themes/icons/key.svg
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
d59799e117accae31b85dba0db8405ad01d1380a1699e2b1fb5f4ac8ecc5479d
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
date
Tue, 20 Aug 2024 06:36:54 GMT
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
strict-transport-security
max-age=31536000
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
353
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
close.svg
rss.dischord.org/themes/icons/
534 B
399 B
Image
General
Full URL
https://rss.dischord.org/themes/icons/close.svg
Requested by
Host: rss.dischord.org
URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
8afcff447d9cf709acdc7324da2491bf36684b5f193db30a04de3fbd5d1d287e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; style-src 'self' 'unsafe-inline'
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self'; style-src 'self' 'unsafe-inline'
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
date
Tue, 20 Aug 2024 06:36:54 GMT
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
strict-transport-security
max-age=31536000
vary
Accept-Encoding, Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml; charset=utf-8
cache-control
max-age=2592000, public
accept-ranges
bytes
content-length
360
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT
favicon.ico
rss.dischord.org/
18 KB
5 KB
Other
General
Full URL
https://rss.dischord.org/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
193.16.110.76 , United Kingdom, ASN3213 (BOGONS-ASN, GB),
Reverse DNS
Software
Apache/2.4.57 (Debian) /
Resource Hash
fef4e5480e2767dd7bda8c69ae37a938ebf5f04a6b8d3806fcef1d67e70f64a1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 20 Aug 2024 06:36:54 GMT
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
strict-transport-security
max-age=31536000
last-modified
Mon, 30 Oct 2023 18:56:04 GMT
server
Apache/2.4.57 (Debian)
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/vnd.microsoft.icon
cache-control
max-age=2592000, public
x-xss-protection
1; mode=block
expires
Thu, 19 Sep 2024 06:36:54 GMT

Verdicts & Comments Add Verdict or Comment

86 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| poormanSalt function| forgetOpenCategories function| init_crypto_form function| showPW_this function| showPW function| hidePW function| init_password_observers function| init_archiving function| open_slider_listener function| init_slider function| close_slider_listener function| updateHref function| init_url_observers function| init_select_observers function| data_leave_validation function| init_2stateButton function| init_configuration_alert function| init_extra_afterDOM object| $jscomp object| dcodeIO function| xmlHttpRequestJson object| context function| badAjax function| needsScroll function| str2int function| numberFormat function| incLabel function| incUnreadsFeed function| incUnreadsTag function| removeArticle function| send_mark_read_queue function| send_mark_queue_tick function| delayedClick function| mark_read function| mark_previous_read function| mark_favorite function| toggleContent function| prev_entry function| next_entry function| next_unread_entry function| prev_feed function| next_feed function| first_feed function| last_feed function| prev_category function| next_category function| next_unread_category function| first_category function| last_category function| collapse_entry function| toggle_media function| user_filter function| auto_share function| onScroll function| init_posts function| rememberOpenCategory function| openCategory function| loadJs function| init_column_categories function| init_shortcuts function| init_stream function| toggleClass function| init_nav_entries function| loadDynamicTags function| refreshFeed function| refreshFeeds function| refreshDynamicOpml function| refreshDynamicOpmls function| init_actualize function| openNotification function| closeNotification function| init_notifications function| notifs_html5_is_supported function| notifs_html5_ask_permission function| notifs_html5_show function| init_notifs_html5 function| refreshUnreads function| toggle_bigMarkAsRead_button function| load_more_posts function| init_load_more function| init_confirm_action function| faviconNbUnread function| removeFirstLoadSpinner function| init_normal function| init_main_beforeDOM function| init_main_afterDOM

1 Cookies

Domain/Path Name / Value
rss.dischord.org/i/ Name: FreshRSS
Value: dl32rb4i4m4o9vqr2as1peafvi

1 Console Messages

Source Level URL
Text
recommendation verbose URL: https://rss.dischord.org/i/?rid=66c43985f09ed
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block