Submitted URL: https://www.sitemaps.acousta.at/
Effective URL: https://x-svr.at/index.php?page=domain_not_found
Submission: On December 02 via api from US — Scanned from AT

Summary

This website contacted 1 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 62.141.49.65, located in Germany and belongs to KEYWEB-AS Keyweb AG, DE. The main domain is x-svr.at.
TLS certificate: Issued by R11 on October 28th 2024. Valid for: 3 months.
This is the only time x-svr.at was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 62.141.48.65 31103 (KEYWEB-AS...)
14 62.141.49.65 31103 (KEYWEB-AS...)
14 1
Apex Domain
Subdomains
Transfer
14 x-svr.at
x-svr.at
282 KB
1 acousta.at
www.sitemaps.acousta.at
354 B
14 2
Domain Requested by
14 x-svr.at x-svr.at
1 www.sitemaps.acousta.at 1 redirects
14 2

This site contains links to these domains. Also see Links.

Domain
symdeg.com
Subject Issuer Validity Valid
x-svr.at
R11
2024-10-28 -
2025-01-26
3 months crt.sh

This page contains 1 frames:

Primary Page: https://x-svr.at/index.php?page=domain_not_found
Frame ID: 84AB2489274C83ED07BCE01403617055
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

SYMDEG - Ihr Administrations-Panel

Page URL History Show full URLs

  1. https://www.sitemaps.acousta.at/ HTTP 302
    https://x-svr.at/index.php?page=domain_not_found Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • \.php(?:$|\?)

Overall confidence: 75%
Detected patterns
  • /Chart(?:\.bundle)?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • handlebars(?:\.runtime)?(?:-v([\d.]+?))?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • select2(?:\.min|\.full)?\.js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

1
IPs

1
Countries

282 kB
Transfer

940 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.sitemaps.acousta.at/ HTTP 302
    https://x-svr.at/index.php?page=domain_not_found Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request index.php
x-svr.at/
Redirect Chain
  • https://www.sitemaps.acousta.at/
  • https://x-svr.at/index.php?page=domain_not_found
4 KB
2 KB
Document
General
Full URL
https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
/ KeyHelp
Resource Hash
bb508129c73ed9bc4fd13cb37ce5666aa2757849100baef18ca0f54f77ad36d6
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
max-age=0
content-encoding
gzip
content-length
1113
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:;
content-type
text/html; charset=utf-8
date
Mon, 02 Dec 2024 14:48:57 GMT
expires
Mon, 02 Dec 2024 14:48:57 GMT
permissions-policy
geolocation=(), camera=(), magnetometer=(), accelerometer=(), gyroscope=(), microphone=()
referrer-policy
no-referrer
server
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-powered-by
KeyHelp
x-xss-protection
1; mode=block

Redirect headers

content-length
232
content-type
text/html; charset=iso-8859-1
date
Mon, 02 Dec 2024 14:48:57 GMT
location
https://x-svr.at/index.php?page=domain_not_found
server
Apache
style.css
x-svr.at/theme/bulma/assets/css/
332 KB
55 KB
Stylesheet
General
Full URL
https://x-svr.at/theme/bulma/assets/css/style.css?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
771e44226439119b5e5edf922642b71c4ce9e120f00f12560f8d962911bed9b4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"52e8d-61d6ccb5ff180-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
56208
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Wed, 17 Jul 2024 07:56:06 GMT
vary
Accept-Encoding
server
Apache
content-type
text/css
white_label_cdn.php
x-svr.at/misc/
14 KB
14 KB
Image
General
Full URL
https://x-svr.at/misc/white_label_cdn.php?image_id=logo_extern&language=de&v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
9960923d5c7d885aa74cf3821769061a18b098bcaa5b70be39208f5b368b7acb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
expires
Mon, 09 Dec 2024 15:48:57
cache-control
private, max-age=604800
pragma
private
date
Mon, 02 Dec 2024 14:48:57 GMT
content-type
image/png
server
Apache
jquery.min.js
x-svr.at/theme/bulma/assets/vendor/jquery/
85 KB
30 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/jquery/jquery.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
3e7501d15c3630e791c8b20392eb9dee31a9f65ce3efdde76cef5c710141ab24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"155ec-604852bd7fa40-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
30361
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Mon, 04 Sep 2023 09:31:13 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
perfect-scrollbar.min.js
x-svr.at/theme/bulma/assets/vendor/perfect-scrollbar/
19 KB
6 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/perfect-scrollbar/perfect-scrollbar.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
6185c2bc8600979627ff5d4f977b6b49c53b18d7cfb7b481ba1dce6bc5ab42ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"4c5c-5cf2c46a0b080-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
5975
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Mon, 25 Oct 2021 12:12:34 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
chart.min.js
x-svr.at/theme/bulma/assets/vendor/chartjs/
201 KB
68 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/chartjs/chart.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
473ee39a9f53b54448837634192b17bce499078fe13229b458e8d4461ea1c003
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"3220d-618f1ed702a80-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Tue, 21 May 2024 07:40:10 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
handlebars.min.js
x-svr.at/theme/bulma/assets/vendor/handlebars/
86 KB
26 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/handlebars/handlebars.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
0e5416f145e7bf16c58504356c732fe7e99671f4696194c5b140a252db02f0af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"1596a-601ee81652e40-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
26975
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Wed, 02 Aug 2023 10:55:45 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
popper.min.js
x-svr.at/theme/bulma/assets/vendor/tippy/
18 KB
7 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/tippy/popper.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
d66adc675fe5b2cf79db658dbb44dc711a57ee780b2d20edadf56d95ae5f36b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"4943-5ce4c2fe61f00-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
6683
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Thu, 14 Oct 2021 08:51:40 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
tippy.min.js
x-svr.at/theme/bulma/assets/vendor/tippy/
25 KB
8 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/tippy/tippy.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
a15581a5e19328c1bf881586910174d899c620c14f62e16a4e3516789637a59d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"6444-5d084fb7bac40-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
8544
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Thu, 11 Nov 2021 15:27:37 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
select2.min.js
x-svr.at/theme/bulma/assets/vendor/select2/
69 KB
20 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/select2/select2.min.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
c8467b98f112bb1b06a33cde66a70de85c05d22a455f91f592554c804a50a729
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"114eb-5ce4c2fe61f00-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
19900
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Thu, 14 Oct 2021 08:51:40 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
de.js
x-svr.at/theme/bulma/assets/vendor/select2/i18n/
866 B
546 B
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/vendor/select2/i18n/de.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
e5bb297dc8a1329f325c3c1f72abc2fe75774136ed06e403991ddced43d0b45c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"362-5ce4c2fe61f00-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
467
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Thu, 14 Oct 2021 08:51:40 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
functions.js
x-svr.at/theme/bulma/assets/js/
27 KB
7 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/js/functions.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
587c9fc45093b01ff6c29991787f1b0f0d7f0c698dabf8eb0eeb94d706ac0ccc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"6b03-61270d73cff40-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
7527
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Wed, 28 Feb 2024 13:08:37 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
main.js
x-svr.at/theme/bulma/assets/js/
27 KB
6 KB
Script
General
Full URL
https://x-svr.at/theme/bulma/assets/js/main.js?v=3353175beecb52c38cdbd59ce65fe769f718a708
Requested by
Host: x-svr.at
URL: https://x-svr.at/index.php?page=domain_not_found
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
680ddf78b55b1be97e4cb8c688443beafc12a817a05385ab3466262ebca6f410
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
cache-control
max-age=2592000
content-encoding
gzip
etag
"6d21-61ce33f467540-gzip"
expires
Wed, 01 Jan 2025 14:48:57 GMT
accept-ranges
bytes
content-length
6128
date
Mon, 02 Dec 2024 14:48:57 GMT
last-modified
Wed, 10 Jul 2024 11:50:05 GMT
vary
Accept-Encoding
server
Apache
content-type
application/javascript
white_label_cdn.php
x-svr.at/misc/
32 KB
32 KB
Other
General
Full URL
https://x-svr.at/misc/white_label_cdn.php?image_id=favicon&language=de
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
62.141.49.65 , Germany, ASN31103 (KEYWEB-AS Keyweb AG, DE),
Reverse DNS
ns2.x-svr.at
Software
Apache /
Resource Hash
62b9ee0b69402f76506cd4bbcb088ebc9a1c5685bb83115b6c73541d770ec4cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

strict-transport-security
max-age=31536000
expires
Mon, 09 Dec 2024 15:48:57
cache-control
private, max-age=604800
pragma
private
date
Mon, 02 Dec 2024 14:48:57 GMT
content-type
image/vnd.microsoft.icon
server
Apache

Verdicts & Comments Add Verdict or Comment

42 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| hash function| $ function| jQuery function| PerfectScrollbar function| Chart object| __core-js_shared__ object| Handlebars object| Popper function| tippy function| setActiveTab function| copyToClipboard function| animateButton function| loadPreviewImage function| clock function| bindCopyToClipboardEvents function| nl2br function| isElementOverflowing function| generatePassword function| calculatePasswordStrength function| ajax function| ajaxLogError function| misc function| getUrlQueryParameters function| getUrlQueryParameterValue function| getUrlFragment function| toggleCardCollapse function| setCookie function| getCookie function| deleteCookie function| cookieEnabled function| toggleVisibilityByCheckbox function| openPopup function| formatBytes function| select2_prepareSelect function| select2_formatUsers function| initTinyMce function| initCodemirror object| tippySettingsDefault object| tippySettingsTooltip object| tippySettingsTooltipMandatory object| tippySettingsTooltipButtonClick object| tippySettingsTooltipClick

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval'; img-src * data:; font-src *; object-src 'self' data:; frame-src 'self' data:; media-src 'self' data:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block