urlscan.io logo urlscan.io
SecurityTrails logo

www.service-carte-achat.com Open in urlscan Pro
160.92.181.193  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.service-carte-achat.com/
Effective URL: https://www.service-carte-achat.com/purch/
Submission: On September 20 via automatic, source certstream-suspicious — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 11 HTTP transactions. The main IP is 160.92.181.193, located in France and belongs to WORLDLINE, FR. The main domain is www.service-carte-achat.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on November 15th 2023. Valid for: a year.
This is the only time www.service-carte-achat.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 12 160.92.181.193 8677 (WORLDLINE)
11 1
Apex Domain
Subdomains		 Transfer
12 service-carte-achat.com
www.service-carte-achat.com
112 KB
11 1
Domain Requested by
12 www.service-carte-achat.com 1 redirects www.service-carte-achat.com
11 1

This site contains no links.

Subject Issuer Validity Valid
www.service-carte-achat.com
Entrust Certification Authority - L1K		 2023-11-15 -
2024-12-15		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.service-carte-achat.com/purch/
Frame ID: E9E66E94BA70240FB85BB1E2016A70DB
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Worldline Carte Achat : Identification

Page URL History Show full URLs

  1. https://www.service-carte-achat.com/ HTTP 302
    https://www.service-carte-achat.com/purch/ Page URL

Page Statistics

11
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

111 kB
Transfer

140 kB
Size

4
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.service-carte-achat.com/ HTTP 302
    https://www.service-carte-achat.com/purch/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.service-carte-achat.com/purch/
Redirect Chain
  • https://www.service-carte-achat.com/
  • https://www.service-carte-achat.com/purch/
6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
7792280d8931f0372c0630502bef5ded0d2538d523256aeed9796d5738d5334c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Cache-Control
private, no-store, must-revalidate
Connection
Keep-Alive
Content-Length
5661
Content-Security-Policy
frame-ancestors 'self'
Content-Type
text/html;charset=ISO-8859-15
Date
Fri, 20 Sep 2024 22:06:58 GMT
Keep-Alive
timeout=15, max=99
Pragma
no-cache
Referrer-Policy
no-referrer-when-downgrade
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff
X-Xss-Protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
226
Content-Security-Policy
frame-ancestors 'self'
Content-Type
text/html; charset=iso-8859-1
Date
Fri, 20 Sep 2024 22:06:58 GMT
Keep-Alive
timeout=15, max=100
Location
https://www.service-carte-achat.com/purch/
Referrer-Policy
no-referrer-when-downgrade
Strict-Transport-Security
max-age=15768000
X-Content-Type-Options
nosniff
X-Xss-Protection
1; mode=block
login.css
www.service-carte-achat.com/purch/css/ 		2 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/purch/css/login.css
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
110af2477d991b59ea98f02ef5890fa025152cefd364c8a2106e950b9b942830
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"2489-1725343734841"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
2489
Keep-Alive
timeout=15, max=98
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:54 GMT
Content-Type
text/css
main.css
www.service-carte-achat.com/purch/css/ 		17 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/purch/css/main.css
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
b546f0b7894d429ea5ae6ad77bc73ec89dbf8a0ae88fc3535c1c76c4c144aa30
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"17131-1725343725551"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
17131
Keep-Alive
timeout=15, max=97
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:45 GMT
Content-Type
text/css
08f2e9b63bab200074ca08fd94b496b0eaebb337fdb547a86841b5ebc1f093f13c0399d7ecef8cdd
www.service-carte-achat.com/TSbd/ 		51 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/TSbd/08f2e9b63bab200074ca08fd94b496b0eaebb337fdb547a86841b5ebc1f093f13c0399d7ecef8cdd?type=2
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
bf4e4a43440b7cbb0b13ed43a7e504c47e710b765bad337c87d05d8c61fbe9ae
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

X-Frame-Options
SAMEORIGIN
Cache-Control
public, max-age=86400
Content-Length
16883
Content-Encoding
gzip
X-XSS-Protection
1; mode=block
Content-Type
text/javascript
X-Content-Type-Options
nosniff
Saisie.js
www.service-carte-achat.com/purch/javascript/ 		39 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/purch/javascript/Saisie.js
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
250ad804f304258d4fcae9fb7505fa705a9de4d863f74d8a27f0be1710965d59
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"39649-1725343724657"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
39649
Keep-Alive
timeout=15, max=100
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:44 GMT
Content-Type
text/javascript
utils_decache.js
www.service-carte-achat.com/purch/javascript/ 		19 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/purch/javascript/utils_decache.js
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
dda83d1d3a3e4237488a87a4d0166c2638f143d33bac16552f200bfbc6b9d117
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"19793-1725343724661"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
19793
Keep-Alive
timeout=15, max=100
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:44 GMT
Content-Type
text/javascript
annuaire.jpg
www.service-carte-achat.com/purch/images/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.service-carte-achat.com/purch/images/annuaire.jpg
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
e5eda154f4c9e25d1ba5e6106333567b280de3e051c943d86945cddb7928a835
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"2133-1725343724733"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
2133
Keep-Alive
timeout=15, max=100
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:44 GMT
Content-Type
image/jpeg
contact.gif
www.service-carte-achat.com/purch/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.service-carte-achat.com/purch/images/contact.gif
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
97fee9635f016ab2dcd0f0efa533ff86b13cb1829128c082a5a9e2ecf5452786
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"1764-1725343726192"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
1764
Keep-Alive
timeout=15, max=100
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:46 GMT
Content-Type
image/gif
logo_big.gif
www.service-carte-achat.com/purch/images/logos/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.service-carte-achat.com/purch/images/logos/logo_big.gif
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
a8412aa6752b27dd264d596fb7a949eb9cc5f3665e4c0d05af11c8fa4d81987a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"2369-1725343730871"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
2369
Keep-Alive
timeout=15, max=96
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:50 GMT
Content-Type
image/gif
picto_close.png
www.service-carte-achat.com/purch/images/ 		278 B
807 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.service-carte-achat.com/purch/images/picto_close.png
Requested by
Host: www.service-carte-achat.com
URL: https://www.service-carte-achat.com/purch/css/main.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
ee0a5bbbe5439f4506d1918afa78dacf9c332f038dc09e35b71f52d919d09549
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/css/main.css

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Cache-Control
private, no-store, must-revalidate
Pragma
no-cache
ETag
W/"278-1725343724426"
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Accept-Ranges
bytes
Content-Length
278
Keep-Alive
timeout=15, max=99
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Last-Modified
Tue, 03 Sep 2024 06:08:44 GMT
Content-Type
image/png
favicon.ico
www.service-carte-achat.com/ 		0
383 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.service-carte-achat.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
160.92.181.193 , France, ASN8677 (WORLDLINE, FR),
Reverse DNS
prd-ssl-vpc-ca.web-ppc.vdm.as8677.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.service-carte-achat.com/purch/

Response headers

Strict-Transport-Security
max-age=15768000
Content-Security-Policy
frame-ancestors 'self'
Connection
Keep-Alive
Referrer-Policy
no-referrer-when-downgrade
X-Content-Type-Options
nosniff
Content-Length
0
Keep-Alive
timeout=15, max=95
Date
Fri, 20 Sep 2024 22:06:58 GMT
X-Xss-Protection
1; mode=block
Content-Type
image/vnd.microsoft.icon

Verdicts & Comments Add Verdict or Comment

54 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| _csrf_ object| F object| kb function| lb function| mb object| D function| hb object| Cb boolean| hYOsoewid10dsjsGHS_2 boolean| yxf9zbxoay boolean| isNN object| checkObjects object| language number| max_error function| define function| MAJproprietes function| rendreFacultatif function| rendreObligatoire function| formResult function| validate function| autoTab function| annee_bisextile function| coherenceDate function| coherenceCompareDate function| coherenceCompareDateNaissance function| isLettreLogin function| isLogin function| isLettreEmbossage function| isEmbossage function| ouvrePopup function| activerPointeur function| printPage function| testEmbossable function| testEmbossablePor function| testEmbossablePorBNP function| testBirthPlace function| testAdresse3 function| testEmbossableNBP function| testMDP function| testMail function| testPassword function| testPasswordBis function| annulerForm function| testEmbossableCarteCNCE function| testEmbossableEntrepriseCNCE function| testIBAN function| testBIC function| testRUM function| dateFormat function| displayPAN function| updateQueryStringParameter boolean| envoi function| initialiser boolean| Pm

4 Cookies

Domain/Path Name / Value
www.service-carte-achat.com/purch Name: JSESSIONID
Value: 051BC942D697FC76D10015857714D365.worker01
www.service-carte-achat.com/purch Name: TS015c3d25
Value: 01950d9a9a3bfa10bbc22f3caed82e23b51efe42e249883537a54f3b36bc41a668abb5b1da8ea8198009dde30144c5898668c7346e
www.service-carte-achat.com/ Name: TS0132af37
Value: 01950d9a9a3bfa10bbc22f3caed82e23b51efe42e249883537a54f3b36bc41a668abb5b1da8ea8198009dde30144c5898668c7346e
www.service-carte-achat.com/ Name: TS0132af37028
Value: 018bd131e0f98f54b6c93239c95af58ac33cdf035b51e6306ccf29c8e1a1f18a5614bc67b1cf36cc87a53e1a0c08591c76b08ace9c

1 Console Messages

Source Level URL
Text
network error URL: https://www.service-carte-achat.com/favicon.ico
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15768000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block