Submitted URL: https://mastodon.stsecurity.moe/
Effective URL: https://mastodon.stsecurity.moe/about
Submission: On September 08 via automatic, source certstream-suspicious — Scanned from DE

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 13.228.226.41, located in United States and belongs to AMAZON-02, US. The main domain is mastodon.stsecurity.moe.
TLS certificate: Issued by ZeroSSL RSA Domain Secure Site CA on September 8th 2021. Valid for: 3 months.
This is the only time mastodon.stsecurity.moe was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 13.228.226.41 16509 (AMAZON-02)
1 209.141.55.73 53667 (PONYNET)
11 2
Apex Domain
Subdomains
Transfer
12 stsecurity.moe
mastodon.stsecurity.moe
s3.stsecurity.moe
1 MB
11 1
Domain Requested by
11 mastodon.stsecurity.moe 1 redirects mastodon.stsecurity.moe
1 s3.stsecurity.moe mastodon.stsecurity.moe
11 2

This site contains links to these domains. Also see Links.

Domain
joinmastodon.org
docs.joinmastodon.org
github.com
Subject Issuer Validity Valid
mastodon.stsecurity.moe
ZeroSSL RSA Domain Secure Site CA
2021-09-08 -
2021-12-07
3 months crt.sh
s3.stsecurity.moe
ZeroSSL RSA Domain Secure Site CA
2021-08-10 -
2021-11-08
3 months crt.sh

This page contains 1 frames:

Primary Page: https://mastodon.stsecurity.moe/about
Frame ID: E7A34536679B9A05933A4814A706CEE2
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

mastodon.stsecurity.moe - Lab 4

Page URL History Show full URLs

  1. https://mastodon.stsecurity.moe/ HTTP 302
    https://mastodon.stsecurity.moe/about Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

1072 kB
Transfer

2287 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mastodon.stsecurity.moe/ HTTP 302
    https://mastodon.stsecurity.moe/about Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set about
mastodon.stsecurity.moe/
Redirect Chain
  • https://mastodon.stsecurity.moe/
  • https://mastodon.stsecurity.moe/about
19 KB
9 KB
Document
General
Full URL
https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Mastodon /
Resource Hash
2d0d56544fff44d608b4b8e01d1535fab99dc42ec150041aa7a4196e4770b303
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.stsecurity.moe; img-src 'self' https: data: blob: https://mastodon.stsecurity.moe; style-src 'self' https://mastodon.stsecurity.moe 'nonce-EqXrWRjffR6YPl7372ybWA=='; media-src 'self' https: data: https://mastodon.stsecurity.moe; frame-src 'self' https:; manifest-src 'self' https://mastodon.stsecurity.moe; connect-src 'self' data: blob: https://mastodon.stsecurity.moe https://s3.stsecurity.moe wss://mastodon.stsecurity.moe; script-src 'self' https://mastodon.stsecurity.moe; child-src 'self' blob: https://mastodon.stsecurity.moe; worker-src 'self' blob: https://mastodon.stsecurity.moe
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Host
mastodon.stsecurity.moe
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Cookie
_mastodon_session=4oKJNKj7J2MfCpLn5EUW7DlQZg2wGNS1bNmHxjA%2FhoOh%2F3gr7yxNTdNGHFyd20q2%2FycFCvoIFeMJlD7g37gJRwwlwO00VH%2Bo1zdGLQesJ2Fai5XVPs35KUttPUQnFDA9zCgubUtm2G2BsVPDNjMC%2FLPVLwl%2BKzTiJOzScnEk2t7%2F4jgRi1hAMdST7O8mE5Sehwqka0SBzkv%2Femqnkr3TkEdBkrI3kOOOYNv0aiUFyJv9s2jt5Q%3D%3D--49eZ7LpynzqJF%2BsP--OUhvpUmnIQtNTAsqUHcOmg%3D%3D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Date
Wed, 08 Sep 2021 10:16:57 GMT
Server
Mastodon
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Permissions-Policy
interest-cohort=()
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
Content-Encoding
gzip
ETag
W/"dcf23b7180457908576070621b3d746c"
Cache-Control
max-age=0, private, must-revalidate
Content-Security-Policy
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.stsecurity.moe; img-src 'self' https: data: blob: https://mastodon.stsecurity.moe; style-src 'self' https://mastodon.stsecurity.moe 'nonce-EqXrWRjffR6YPl7372ybWA=='; media-src 'self' https: data: https://mastodon.stsecurity.moe; frame-src 'self' https:; manifest-src 'self' https://mastodon.stsecurity.moe; connect-src 'self' data: blob: https://mastodon.stsecurity.moe https://s3.stsecurity.moe wss://mastodon.stsecurity.moe; script-src 'self' https://mastodon.stsecurity.moe; child-src 'self' blob: https://mastodon.stsecurity.moe; worker-src 'self' blob: https://mastodon.stsecurity.moe
X-Request-Id
0abd95f8-462d-4312-8f20-30fa1bb9c78a
X-Runtime
0.061886
Set-Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
Keep-Alive
timeout=5, max=99
Connection
Keep-Alive
Transfer-Encoding
chunked

Redirect headers

Date
Wed, 08 Sep 2021 10:16:57 GMT
Server
Mastodon
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Referrer-Policy
strict-origin-when-cross-origin
X-Frame-Options
DENY
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Permissions-Policy
interest-cohort=()
Location
https://mastodon.stsecurity.moe/about
Content-Type
text/html; charset=utf-8
Vary
Accept-Encoding
Content-Encoding
gzip
Cache-Control
no-cache
Content-Security-Policy
base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.stsecurity.moe; img-src 'self' https: data: blob: https://mastodon.stsecurity.moe; style-src 'self' https://mastodon.stsecurity.moe 'nonce-xjO59LS+SS/lRlqWWVZVuA=='; media-src 'self' https: data: https://mastodon.stsecurity.moe; frame-src 'self' https:; manifest-src 'self' https://mastodon.stsecurity.moe; connect-src 'self' data: blob: https://mastodon.stsecurity.moe https://s3.stsecurity.moe wss://mastodon.stsecurity.moe; script-src 'self' https://mastodon.stsecurity.moe; child-src 'self' blob: https://mastodon.stsecurity.moe; worker-src 'self' blob: https://mastodon.stsecurity.moe
X-Request-Id
06bed8ba-8e56-4a7b-a192-15dc0503256d
X-Runtime
0.003872
Set-Cookie
_mastodon_session=4oKJNKj7J2MfCpLn5EUW7DlQZg2wGNS1bNmHxjA%2FhoOh%2F3gr7yxNTdNGHFyd20q2%2FycFCvoIFeMJlD7g37gJRwwlwO00VH%2Bo1zdGLQesJ2Fai5XVPs35KUttPUQnFDA9zCgubUtm2G2BsVPDNjMC%2FLPVLwl%2BKzTiJOzScnEk2t7%2F4jgRi1hAMdST7O8mE5Sehwqka0SBzkv%2Femqnkr3TkEdBkrI3kOOOYNv0aiUFyJv9s2jt5Q%3D%3D--49eZ7LpynzqJF%2BsP--OUhvpUmnIQtNTAsqUHcOmg%3D%3D; path=/; secure; HttpOnly; SameSite=Lax
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Transfer-Encoding
chunked
common-6632dedd.css
mastodon.stsecurity.moe/packs/css/
29 KB
8 KB
Stylesheet
General
Full URL
https://mastodon.stsecurity.moe/packs/css/common-6632dedd.css
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
6868cfb2319b61515eac6cea5f95bf8dcd4c95184bec6e3ec85812dc3623be54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/about
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:57 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
text/css
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=98
default-751f3f06.chunk.css
mastodon.stsecurity.moe/packs/css/
316 KB
63 KB
Stylesheet
General
Full URL
https://mastodon.stsecurity.moe/packs/css/default-751f3f06.chunk.css
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
4a2fd95ef1c491140181025b248c84e6694decaae12b7852c178b2589c963f6c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/about
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:58 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
text/css
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=97
common-d565873f079d3ff13aa3.js
mastodon.stsecurity.moe/packs/js/
1 MB
335 KB
Script
General
Full URL
https://mastodon.stsecurity.moe/packs/js/common-d565873f079d3ff13aa3.js
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
77bea4bf4732d7aa49e081bfd5b1ed399235fb9148c0656116de9f270b126c99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/about
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:58 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
locale_de-15ae0f0b9e0402d551f0.chunk.js
mastodon.stsecurity.moe/packs/js/
31 KB
10 KB
Script
General
Full URL
https://mastodon.stsecurity.moe/packs/js/locale_de-15ae0f0b9e0402d551f0.chunk.js
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
f47ef799e2212ba73224dc62596990e9b3637235ac64809aa4c4fda9fe629da0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/about
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:58 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
inert.css
mastodon.stsecurity.moe/
180 B
587 B
Stylesheet
General
Full URL
https://mastodon.stsecurity.moe/inert.css
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
0fc25792c3f64d06a40835b591de174e650b14b92fcdcdf379fe657ccaf084cd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
text/css,*/*;q=0.1
Cache-Control
no-cache
Sec-Fetch-Dest
style
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://mastodon.stsecurity.moe/about
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:58 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Wed, 28 Jul 2021 04:42:47 GMT
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
Content-Length
118
public-cf0e322ca5ca6106ac75.chunk.js
mastodon.stsecurity.moe/packs/js/
23 KB
8 KB
Script
General
Full URL
https://mastodon.stsecurity.moe/packs/js/public-cf0e322ca5ca6106ac75.chunk.js
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
a631278eff43baa35dadfb770c6e25b9cca234f35b435512a5dd12960743ba31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
script
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/about
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:58 GMT
Content-Encoding
gzip
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Vary
Accept-Encoding
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
application/javascript
Transfer-Encoding
chunked
Connection
Keep-Alive
Keep-Alive
timeout=5, max=100
preview-5df98290371ead9a70bc3cd4733bbfa7.jpg
mastodon.stsecurity.moe/packs/media/images/
285 KB
286 KB
Image
General
Full URL
https://mastodon.stsecurity.moe/packs/media/images/preview-5df98290371ead9a70bc3cd4733bbfa7.jpg
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
b8556858b5041ca9c3e98a9a42d1907d3798f9dfd266de8b6647aa979f6888f0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
no-cors
Accept
image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
Cache-Control
no-cache
Sec-Fetch-Dest
image
Referer
https://mastodon.stsecurity.moe/about
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Accept-Language
de-DE,de;q=0.9
Referer
https://mastodon.stsecurity.moe/about
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:58 GMT
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
image/jpeg
Connection
Keep-Alive
Keep-Alive
timeout=5, max=96
Content-Length
292252
67749dc1899bfac2.jpg
s3.stsecurity.moe/lab4/accounts/avatars/000/000/001/original/
88 KB
89 KB
Image
General
Full URL
https://s3.stsecurity.moe/lab4/accounts/avatars/000/000/001/original/67749dc1899bfac2.jpg
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/about
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
209.141.55.73 Las Vegas, United States, ASN53667 (PONYNET, US),
Reverse DNS
Software
nginx/1.19.2 /
Resource Hash
36c035345b0a74ae728497542360c85a1f905fecf4d485be758d788094d1a0a4
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://mastodon.stsecurity.moe/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Content-Security-Policy
block-all-mixed-content
Strict-Transport-Security
max-age=31536000; includeSubDomains
ETag
"0c7128927a41ddfba2b163087bd93197"
X-Amz-Request-Id
16A2D15E93346F06
Connection
keep-alive
Content-Length
90325
X-Xss-Protection
1; mode=block
X-Amz-Bucket-Region
us-la-1
Last-Modified
Tue, 10 Aug 2021 10:24:56 GMT
Server
nginx/1.19.2
x-amz-meta-s3cmd-attrs
atime:1614310250/ctime:1614310250/gid:33/gname:www-data/md5:0c7128927a41ddfba2b163087bd93197/mode:33206/mtime:1614310250/uid:33/uname:www-data
Date
Wed, 08 Sep 2021 10:16:59 GMT
Vary
Origin
Content-Type
image/jpeg
Cache-Control
public, max-age=315576000, immutable
Accept-Ranges
bytes
X-Content-Type-Options
nosniff
fontawesome-webfont-20fd1704.woff2
mastodon.stsecurity.moe/packs/media/fonts/
75 KB
76 KB
Font
General
Full URL
https://mastodon.stsecurity.moe/packs/media/fonts/fontawesome-webfont-20fd1704.woff2
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/packs/css/common-6632dedd.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://mastodon.stsecurity.moe/packs/css/common-6632dedd.css
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/packs/css/common-6632dedd.css
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:59 GMT
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
application/font-woff2
Connection
Keep-Alive
Keep-Alive
timeout=5, max=99
Content-Length
77160
Montserrat-Medium-598141984583bec971227f25ae811626.ttf
mastodon.stsecurity.moe/packs/media/fonts/montserrat/
188 KB
188 KB
Font
General
Full URL
https://mastodon.stsecurity.moe/packs/media/fonts/montserrat/Montserrat-Medium-598141984583bec971227f25ae811626.ttf
Requested by
Host: mastodon.stsecurity.moe
URL: https://mastodon.stsecurity.moe/packs/css/default-751f3f06.chunk.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
13.228.226.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-13-228-226-41.ap-southeast-1.compute.amazonaws.com
Software
Apache/2.4.38 (Debian) /
Resource Hash
a4d412d818d5fc0215a4593b23d8b5dea20a607e4f1510509f0a7366ca6b931b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains

Request headers

Pragma
no-cache
Sec-Fetch-Site
same-origin
Origin
https://mastodon.stsecurity.moe
Accept-Encoding
gzip, deflate, br
Host
mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
Sec-Fetch-Mode
cors
Accept
*/*
Cache-Control
no-cache
Sec-Fetch-Dest
font
Referer
https://mastodon.stsecurity.moe/packs/css/default-751f3f06.chunk.css
Cookie
_mastodon_session=k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D
Connection
keep-alive
Referer
https://mastodon.stsecurity.moe/packs/css/default-751f3f06.chunk.css
Origin
https://mastodon.stsecurity.moe
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

Response headers

Date
Wed, 08 Sep 2021 10:16:59 GMT
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 10 Aug 2021 10:52:00 GMT
Server
Apache/2.4.38 (Debian)
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
Content-Type
application/octet-stream
Connection
Keep-Alive
Keep-Alive
timeout=5, max=95
Content-Length
192488

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect boolean| originAgentCluster object| webpackJsonp boolean| _rails_loaded

1 Cookies

Domain/Path Name / Value
mastodon.stsecurity.moe/ Name: _mastodon_session
Value: k2ZL8n4%2FzzpNhkAdA51f70IGFu5Atd7qVEiHNMCmPW48vqU9TDinE0q91PUb4XBmlFsyzs%2FJrY5Wt201pRc8qoeQ5ORRDLyKI8QckksUzRmauyU0FMWOL4%2BMaU52kP5EUP2o3dLWhy20rRofFsFwpm2gE6M2Ra7PaLzcanMxKwS%2Bhn7ZPX7vOx%2Fg8lf4GrT6McJiO4CAPDh8sfGKLQG7KNJlrpIao0fvjhHpQlZi260HXeTGVXT3GltqBf6iZr0sLfrchOVbKgQEPAYm6XAvsvRiquEg5zeUtqBeaHm1SbmBEgXBhW1i%2FncETi9ILzCMdeVlWvNHjGJJcAeBHB5OJ91QKuTz12XGOCVuPyGomJ9EhPuV77pkWRvQ1Cwc4qewln4BtLrksfxCMgVU%2FZ41MkwRdvtAEwAWTK3wM9FoUyxUF823cy6xBMH%2BJTZAG04oYccuxMU%3D--LYyTbYEMyJDNtmJm--CRKcuRi%2FLVyycS2vKhUtBw%3D%3D

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mastodon.stsecurity.moe; img-src 'self' https: data: blob: https://mastodon.stsecurity.moe; style-src 'self' https://mastodon.stsecurity.moe 'nonce-EqXrWRjffR6YPl7372ybWA=='; media-src 'self' https: data: https://mastodon.stsecurity.moe; frame-src 'self' https:; manifest-src 'self' https://mastodon.stsecurity.moe; connect-src 'self' data: blob: https://mastodon.stsecurity.moe https://s3.stsecurity.moe wss://mastodon.stsecurity.moe; script-src 'self' https://mastodon.stsecurity.moe; child-src 'self' blob: https://mastodon.stsecurity.moe; worker-src 'self' blob: https://mastodon.stsecurity.moe
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block