Submitted URL: https://t2.notificationemails.microsoft.com/r/?id=h447103f,80f25a2,80f2878&e=b2NpZD1jbW1nZzUxYWlnaQ&s=42xghYxmS3xkBvOf--tc2HpQBH3c76KVdNouQz...
Effective URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Submission: On September 10 via api from BE — Scanned from CA

Summary

This website contacted 6 IPs in 1 countries across 5 domains to perform 11 HTTP transactions. The main IP is 2600:141b:1c00:2489::356e, located in Secaucus, United States and belongs to AKAMAI-ASN1, NL. The main domain is privacy.microsoft.com. The Cisco Umbrella rank of the primary domain is 36233.
TLS certificate: Issued by Microsoft Azure RSA TLS Issuing CA 04 on August 26th 2024. Valid for: a year.
This is the only time privacy.microsoft.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 20.122.129.140 8075 (MICROSOFT...)
1 1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
1 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 152.199.4.33 15133 (EDGECAST)
2 2600:141b:1c0... 20940 (AKAMAI-ASN1)
2 2600:141b:e80... 20940 (AKAMAI-ASN1)
1 2600:141b:e80... 20940 (AKAMAI-ASN1)
11 6
Apex Domain
Subdomains
Transfer
3 microsoft.com
t2.notificationemails.microsoft.com
go.microsoft.com — Cisco Umbrella Rank: 160
privacy.microsoft.com — Cisco Umbrella Rank: 36233
www.microsoft.com Failed
141 KB
2 onestore.ms
assets.onestore.ms — Cisco Umbrella Rank: 16605
46 KB
2 s-microsoft.com
c.s-microsoft.com — Cisco Umbrella Rank: 12541
10 KB
2 aspnetcdn.com
ajax.aspnetcdn.com — Cisco Umbrella Rank: 5661
65 KB
1 akamaized.net
img-prod-cms-rt-microsoft-com.akamaized.net — Cisco Umbrella Rank: 5144
4 KB
11 5
Domain Requested by
2 assets.onestore.ms privacy.microsoft.com
2 c.s-microsoft.com privacy.microsoft.com
2 ajax.aspnetcdn.com privacy.microsoft.com
1 img-prod-cms-rt-microsoft-com.akamaized.net privacy.microsoft.com
1 privacy.microsoft.com
1 go.microsoft.com 1 redirects
1 t2.notificationemails.microsoft.com 1 redirects
0 www.microsoft.com Failed privacy.microsoft.com
11 8

This site contains no links.

Subject Issuer Validity Valid
www.microsoft.com
Microsoft Azure RSA TLS Issuing CA 04
2024-08-26 -
2025-08-21
a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA
2024-06-06 -
2025-06-06
a year crt.sh
wildcard.onestore.ms
Microsoft Azure RSA TLS Issuing CA 07
2024-06-13 -
2025-06-08
a year crt.sh
a248.e.akamai.net
DigiCert TLS RSA SHA256 2020 CA1
2024-04-18 -
2025-04-19
a year crt.sh

This page contains 1 frames:

Primary Page: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Frame ID: F81DE525C942350AF0C99709B9973408
Requests: 11 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://t2.notificationemails.microsoft.com/r/?id=h447103f,80f25a2,80f2878&e=b2NpZD1jbW1nZzUxYWlnaQ&s=42xghYxmS3xkBvOf--... HTTP 302
    https://go.microsoft.com/fwlink/?LinkId=521839&ocid=cmmgg51aigi HTTP 302
    https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

73 %
HTTPS

71 %
IPv6

5
Domains

8
Subdomains

6
IPs

1
Countries

266 kB
Transfer

964 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://t2.notificationemails.microsoft.com/r/?id=h447103f,80f25a2,80f2878&e=b2NpZD1jbW1nZzUxYWlnaQ&s=42xghYxmS3xkBvOf--tc2HpQBH3c76KVdNouQz71dXo HTTP 302
    https://go.microsoft.com/fwlink/?LinkId=521839&ocid=cmmgg51aigi HTTP 302
    https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request privacystatement
privacy.microsoft.com/en-ca/
Redirect Chain
  • https://t2.notificationemails.microsoft.com/r/?id=h447103f,80f25a2,80f2878&e=b2NpZD1jbW1nZzUxYWlnaQ&s=42xghYxmS3xkBvOf--tc2HpQBH3c76KVdNouQz71dXo
  • https://go.microsoft.com/fwlink/?LinkId=521839&ocid=cmmgg51aigi
  • https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
407 KB
140 KB
Document
General
Full URL
https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:2489::356e Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
f984d7261c5494f9dc5547dba25d88df69f859ae93319a54846014714f447ec9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods
GET, POST, PUT, DELETE, OPTIONS
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive Transfer-Encoding
Content-Encoding
gzip
Content-Type
text/html
CorrelationVector
mytoxSyQO0yK7vgA.1.0
Date
Tue, 10 Sep 2024 14:01:18 GMT
Expires
Tue, 10 Sep 2024 14:01:18 GMT
P3P
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
x-azure-ref
20240910T140117Z-er1c6b6b8ff24zsbbw2bf27vf80000000nyg000000004egy
x-sitemuse-origin
Azure

Redirect headers

Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Length
0
Date
Tue, 10 Sep 2024 14:01:17 GMT
Expires
Tue, 10 Sep 2024 14:01:17 GMT
Location
https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Pragma
no-cache
Request-Context
appId=cid-v1:9b037ab9-fa5a-4c09-81bd-41ffa859f01e
Server
Kestrel
Strict-Transport-Security
max-age=31536000 ; includeSubDomains
X-Response-Cache-Status
True
jquery-1.11.2.min.js
ajax.aspnetcdn.com/ajax/jQuery/
94 KB
33 KB
Script
General
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.11.2.min.js
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.4.33 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D18B) /
Resource Hash
2ecd295d295bec062cedebe177e54b9d6b19fc0a841dc5c178c654c9ccff09c0
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6120209
x-cache
HIT
content-length
33367
x-xss-protection
1; mode=block
last-modified
Mon, 31 Oct 2016 23:10:50 GMT
server
ECAcc (nyd/D18B)
etag
"0b9275cc33d21:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
ca-ae3ce4
www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/1b-9d8ed9/c9-be0100/a6-e969ef/43-9f2e7c/82-8b5456/a0-5d3913/43-5a5ab8/
0
0

style.csx
c.s-microsoft.com/en-ca/CMSStyles/
1 KB
1 KB
Stylesheet
General
Full URL
https://c.s-microsoft.com/en-ca/CMSStyles/style.csx?k=b38e7b38-f2bd-90bd-16b5-45a457a50550
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:20a0::356e Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b45282310aa60be4271b36993ff203791b9fd961f1c59b6d59e02e8a2082ee38
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
content-encoding
gzip
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-length
765
etag
"UaouCUX0+Z0/+7o1GRNFBQ=="
x-sitemuse-origin
Azure
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
x-azure-ref
20240908T225158Z-17c78cd668btvsndz332nsqvc40000000egg000000009h0c
access-control-allow-methods
GET,POST
cache-control
private, max-age=463831
access-control-allow-credentials
true
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
expires
Sun, 15 Sep 2024 22:51:49 GMT
app.css
assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/css/
256 KB
36 KB
Stylesheet
General
Full URL
https://assets.onestore.ms/cdnfiles/external/oneui/oneui1.16.2/dist/css/app.css
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2600:141b:e800:1196::2957 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
f7d9fb0479de843cf3fb0b78fc56bbb9e30bf0a238c6f79d9209fa8b22efb574
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
content-encoding
GZIP
x-content-type-options
nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff, nosniff
last-modified
Mon, 14 Sep 2015 20:44:41 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
8PrmzKRoT5ax8p//u5A82g==
etag
"0x8D2BD4550E00E3A"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=2592000
accept-ranges
bytes
content-length
35436
x-ms-lease-state
available
shell.min.css
assets.onestore.ms/cdnfiles/onestorerolling-1510-19009/shell/v3/scss/
80 KB
10 KB
Stylesheet
General
Full URL
https://assets.onestore.ms/cdnfiles/onestorerolling-1510-19009/shell/v3/scss/shell.min.css
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2600:141b:e800:1196::2957 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
49e5166f40d8586714f86e08ab76a977199df979357147a0e81980a804151c2a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 28 Oct 2015 00:30:12 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
H5mVq5N6xCmnM2S0OQ/26A==
etag
"0x8D2DF2EF1AC02B1"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,x-ms-meta-Signature_dnetKey0,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-lease-state,x-ms-blob-type,Accept-Ranges,Content-Length,Date,Transfer-Encoding
cache-control
max-age=2592000
accept-ranges
bytes
content-length
10284
x-ms-lease-state
available
jquery-1.9.1.min.js
ajax.aspnetcdn.com/ajax/jQuery/
90 KB
32 KB
Script
General
Full URL
https://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.9.1.min.js
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
152.199.4.33 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nyd/D130) /
Resource Hash
c12f6098e641aaca96c60215800f18f5671039aecf812217fab3c0d152f6adb4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
6120209
x-cache
HIT
content-length
32857
x-xss-protection
1; mode=block
last-modified
Mon, 31 Oct 2016 23:11:01 GMT
server
ECAcc (nyd/D130)
etag
"8030b6bcc33d21:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
2b-8e0ae6
www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/d4-fb1f57/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/f9...
0
0

script.jsx
c.s-microsoft.com/en-ca/CMSScripts/
31 KB
9 KB
Script
General
Full URL
https://c.s-microsoft.com/en-ca/CMSScripts/script.jsx?k=08e9f1ba-f4e7-80f5-d4c5-f75b4dc5cf51
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:1c00:20a0::356e Secaucus, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
9af3c8e1b582febecef2a475989dc02902a772cefac1896c9baaafd218d2ca04
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
content-encoding
gzip
p3p
CP="ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI"
content-length
8951
etag
"bAtRISEkDiLexVdERR3tAg=="
x-sitemuse-origin
Azure
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/javascript
x-azure-ref
20240910T092501Z-17c78cd668bgpw6nzdzehhgmmg0000000gmg00000000q98e
access-control-allow-methods
GET,POST
cache-control
private, max-age=588188
access-control-allow-credentials
true
access-control-allow-origin
*
accept-ranges
bytes
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
expires
Tue, 17 Sep 2024 09:24:26 GMT
RE1Mu3b
img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/
4 KB
4 KB
Image
General
Full URL
https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Requested by
Host: privacy.microsoft.com
URL: https://privacy.microsoft.com/en-ca/privacystatement?ocid=cmmgg51aigi
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:e800:25::1721:2ada Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
112fec798b78aa02e102a724b5cb1990c0f909bc1d8b7b1fa256eab41bbc0960
Security Headers
Name Value
X-Frame-Options DENY

Request headers

Referer
https://privacy.microsoft.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Tue, 10 Sep 2024 14:01:18 GMT
last-modified
Sun, 08 Sep 2024 10:04:15 GMT
x-resizerversion
1.0
x-datacenter
eastus
x-source-length
4054
x-frame-options
DENY
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=244965
x-activityid
5ff98a30-3e27-407a-b713-63de919fbba0
timing-allow-origin
*
content-location
https://image.prod.cms.rt.microsoft.com/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
content-length
4054
alt-svc
h3-Q050=":443"; ma=93600,quic=":443"; ma=93600; v="46,43"
expires
Fri, 13 Sep 2024 10:04:03 GMT
Print-new-2.png
c.s-microsoft.com/en-ca/CMSImages/
0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.microsoft.com
URL
https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/west-european/shell/_scrf/css/themes=default.device=uplevel_web_pc/1b-9d8ed9/c9-be0100/a6-e969ef/43-9f2e7c/82-8b5456/a0-5d3913/43-5a5ab8/ca-ae3ce4?ver=2.0&_cf=02242021_3231
Domain
www.microsoft.com
URL
https://www.microsoft.com/onerfstatics/marketingsites-eus-prod/shell/_scrf/js/themes=default/54-af9f9f/d4-fb1f57/e1-a50eee/e7-954872/d8-97d509/f0-251fe2/46-be1318/77-04a268/11-240c7b/63-077520/a4-34de62/f9-a5b2ce/db-bc0148/dc-7e9864/6d-c07ea1/6f-dafe8c/f6-aa5278/73-a24d00/6d-1e7ed0/b7-cadaa7/c4-898cf2/ca-40b7b0/4e-ee3a55/3e-f5c39b/c3-6454d7/f9-7592d3/d0-e64f3e/92-10345d/79-499886/7e-cda2d3/58-ab4971/ca-108466/e0-3c9860/de-884374/1f-100dea/33-abe4df/2b-8e0ae6?ver=2.0&_cf=02242021_3231&iife=1
Domain
c.s-microsoft.com
URL
https://c.s-microsoft.com/en-ca/CMSImages/Print-new-2.png?version=4eafce11-a3df-e971-f481-fed76428ffa1

Verdicts & Comments Add Verdict or Comment

2 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery

2 Cookies

Domain/Path Name / Value
.microsoft.com/ Name: AMCV_EA76ADE95776D2EC7F000101%40AdobeOrg
Value: MCMID%7C58980266619950858234539628424389459967
.microsoft.com/ Name: nlid
Value: 447103f|80f25a2

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN