urlscan.io logo urlscan.io
SecurityTrails logo

connect.mrcgo.com Open in urlscan Pro
85.222.140.13  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://connect.mrcgo.com/shop/ccrz__ProductDetails?sku=09C41798&cartId=03e1fb17-e92a-456e-83fe-46a0a5b35a02&effectiveAcco...
Effective URL: https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-...
Submission: On February 02 via manual from US — Scanned from GB
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 3 IPs in 2 countries across 2 domains to perform 12 HTTP transactions. The main IP is 85.222.140.13, located in United States and belongs to SALESFORCE, US. The main domain is connect.mrcgo.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 18th 2022. Valid for: a year.
This is the only time connect.mrcgo.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 11 85.222.140.13 14340 (SALESFORCE)
3 2a02:26f0:dc:... 20940 (AKAMAI-ASN1)
12 3
Apex Domain
Subdomains		 Transfer
11 mrcgo.com
connect.mrcgo.com
453 KB
3 force.com
static.lightning.force.com — Cisco Umbrella Rank: 8373
749 KB
12 2
Domain Requested by
11 connect.mrcgo.com 2 redirects connect.mrcgo.com
static.lightning.force.com
3 static.lightning.force.com
12 2

This site contains links to these domains. Also see Links.

Domain
www.mrcglobal.com
Subject Issuer Validity Valid
*.mrcgo.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-03-18 -
2023-04-18		 a year crt.sh
static.lightning.salesforce.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-05-12 -
2023-05-12		 a year crt.sh

This page contains 1 frames:

Primary Page: https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Frame ID: F5DCEB695E1A596BCE4599FB97A7655B
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login

Page URL History Show full URLs

  1. https://connect.mrcgo.com/shop/ccrz__ProductDetails?sku=09C41798&cartId=03e1fb17-e92a-456e-83fe-46a0a5... HTTP 302
    https://connect.mrcgo.com/shop/s/login?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cart... HTTP 302
    https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26car... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

12
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

2
Countries

1290 kB
Transfer

4854 kB
Size

7
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://connect.mrcgo.com/shop/ccrz__ProductDetails?sku=09C41798&cartId=03e1fb17-e92a-456e-83fe-46a0a5b35a02&effectiveAccount=0013m00002IdnWmAAJ&cclcl=en_US&categoryId=a0Z3m00000PIbxbEAD HTTP 302
    https://connect.mrcgo.com/shop/s/login?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD HTTP 302
    https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
connect.mrcgo.com/shop/s/login/
Redirect Chain
  • https://connect.mrcgo.com/shop/ccrz__ProductDetails?sku=09C41798&cartId=03e1fb17-e92a-456e-83fe-46a0a5b35a02&effectiveAccount=0013m00002IdnWmAAJ&cclcl=en_US&categoryId=a0Z3m00000PIbxbEAD
  • https://connect.mrcgo.com/shop/s/login?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_...
  • https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den...
94 KB
26 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
d11983e4588e486e3a7cd4a602388a4ad31557a1f1d6bbe1c4759ebd5cbcb13a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests frame-ancestors 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
accept-language
en-GB,en;q=0.9

Response headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
upgrade-insecure-requests frame-ancestors 'self'
Content-Type
text/html;charset=UTF-8
Date
Thu, 02 Feb 2023 22:53:28 GMT
Expires
Wed, 02 Feb 2022 22:53:28 GMT
Last-Modified
Wed, 02 Feb 2022 22:53:28 GMT
Link
<https://static.lightning.force.com/na116/auraFW/javascript/Vo_clYDmAijdWOzW3-3Mow/aura_prod.js>;rel=preload;as=script,<https://static.lightning.force.com/na116/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-240.1.10-2.20.7-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/appcore.js?2=>;rel=preload;as=script,<https://static.lightning.force.com/na116/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-240.1.10-2.20.7-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/app.js?2=>;rel=preload;as=script
Referrer-Policy
origin-when-cross-origin
Server
sfdcedge
Server-Timing
Total;dur=145
Strict-Transport-Security
max-age=63072000; includeSubDomains
Timing-Allow-Origin
*
Transfer-Encoding
chunked
Vary
Origin, Accept-Encoding
X-Content-Type-Options
nosniff
X-FRAME-OPTIONS
SAMEORIGIN
X-SFDC-Request-Id
4f5bacb2fae540693a974e9777497aa2
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Connection
keep-alive
Content-Length
0
Content-Security-Policy
upgrade-insecure-requests
Date
Thu, 02 Feb 2023 22:53:28 GMT
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Location
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Referrer-Policy
origin-when-cross-origin
Server
sfdcedge
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
X-SFDC-Request-Id
c6c0f7fddadc10c060a24c15ac90a7ed
X-XSS-Protection
1; mode=block
aura_prod.js
static.lightning.force.com/na116/auraFW/javascript/Vo_clYDmAijdWOzW3-3Mow/ 		798 KB
251 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.lightning.force.com/na116/auraFW/javascript/Vo_clYDmAijdWOzW3-3Mow/aura_prod.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:dc:386::38e9 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
35a384aea0322a276ebdc1ea927fad564e9f427ca1408d5b31e367347db53f49
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 22:53:29 GMT
server-timing
Total;dur=24
content-length
255996
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Thu, 12 Jan 2023 06:58:24 GMT
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-allow-methods
GET,POST,OPTIONS,HEAD
access-control-expose-headers
Server-Timing
cache-control
public, max-age=29750694, immutable
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
timing-allow-origin
*
expires
Sat, 13 Jan 2024 06:58:23 GMT
appcore.js
static.lightning.force.com/na116/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-240.1.10-2.20.7-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%... 		895 KB
169 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.lightning.force.com/na116/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-240.1.10-2.20.7-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/appcore.js?2=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:dc:386::38e9 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
52bd4d6feda3aed51e637dbb837d5addd5fbf8c03b757a06e4ba16a7d36d8acc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 22:53:29 GMT
content-length
171772
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 31 Jan 2023 08:02:34 GMT
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-allow-methods
GET,POST,OPTIONS,HEAD
cache-control
public, max-age=31396059, immutable
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
timing-allow-origin
*
expires
Thu, 01 Feb 2024 08:01:08 GMT
app.js
static.lightning.force.com/na116/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-240.1.10-2.20.7-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%... 		1 MB
329 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.lightning.force.com/na116/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22serializationVersion%22%3A%221-240.1.10-2.20.7-b%22%2C%22parts%22%3A%22t%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/app.js?2=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:dc:386::38e9 Vienna, Austria, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
85f5474968046aaf2f8a06ae25322ca380860b5c5977b7c12d3749b5fa82de01
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 02 Feb 2023 22:53:29 GMT
content-length
335249
x-xss-protection
1; mode=block
referrer-policy
origin-when-cross-origin
last-modified
Tue, 31 Jan 2023 08:02:39 GMT
vary
Accept-Encoding
access-control-max-age
86400
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-allow-methods
GET,POST,OPTIONS,HEAD
cache-control
public, max-age=31396060, immutable
access-control-allow-credentials
false
x-robots-tag
none
access-control-allow-headers
*
timing-allow-origin
*
expires
Thu, 01 Feb 2024 08:01:09 GMT
fonts.css
connect.mrcgo.com/shop/s/sfsites/runtimedownload/ 		336 KB
242 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/runtimedownload/fonts.css?lastMod=1635451435000&brandSet=7dbd22c2-4c39-475c-a9af-7d4c66c6afff
Requested by
Host: connect.mrcgo.com
URL: https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
fde2b53d9ecca030e389cd2bf404b89a59a6626f944a32a5e15cf674a6df41cd
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 22:53:29 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Thu, 28 Oct 2021 20:03:55 GMT
Server
sfdcedge
Content-Encoding
gzip
X-SFDC-Request-Id
5acabcbc75a3f7e821cd1a61ca3f0f0f
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css; charset=utf-8
Cache-Control
public,max-age=31536000
Connection
keep-alive
X-XSS-Protection
1; mode=block
Expires
Fri, 02 Feb 2024 22:53:28 GMT
app.css
connect.mrcgo.com/shop/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15... 		974 KB
121 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22styleContext%22%3A%7B%22c%22%3A%22webkit%22%2C%22x%22%3A%5B%22isDesktop%22%5D%2C%22tokens%22%3A%5B%22markup%3A%2F%2Fforce%3AsldsTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AnapiliAuraTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AneutralTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AserializedTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AcommunityTokens%22%2C%22markup%3A%2F%2Fsiteforce%3AauraDynamicTokens%22%5D%2C%22tuid%22%3A%22OibuLdH_H1507haWIxAJ3w%22%2C%22cuid%22%3A-1760229250%7D%2C%22pathPrefix%22%3A%22%2Fshop%22%7D/app.css?2=&aura.attributes=%7B%22ac%22%3A%22%22%2C%22authenticated%22%3A%22false%22%2C%22brandingSetId%22%3A%227dbd22c2-4c39-475c-a9af-7d4c66c6afff%22%2C%22formFactor%22%3A%22LARGE%22%2C%22isHybrid%22%3A%22false%22%2C%22language%22%3A%22en_US%22%2C%22pageId%22%3A%22bc74c662-2b7b-45a1-b25b-3fa08e4fc6cc%22%2C%22publishedChangelistNum%22%3A%2212%22%2C%22schema%22%3A%22Published%22%2C%22themeLayoutType%22%3A%22Login%22%2C%22viewType%22%3A%22Published%22%7D
Requested by
Host: connect.mrcgo.com
URL: https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
f31624339ebf707c062bce4ded9973e4ab0a6c1843c4e600e1deef58076bfeb5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 22:53:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 01 Feb 2023 22:53:30 GMT
Server
sfdcedge
Content-Encoding
gzip
X-SFDC-Request-Id
e7dbd852821addb989a8e95347eff910
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/css;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000,public,immutable
Connection
keep-alive
X-XSS-Protection
1; mode=block
resources.js
connect.mrcgo.com/shop/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22Vo_clYDmAijdWOzW3-3Mow%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2... 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22Vo_clYDmAijdWOzW3-3Mow%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22rvKmbyOrUtGmx3I1aEouwg%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2Fshop%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/resources.js?pv=1675313132000-682632119&rv=1674153765000
Requested by
Host: connect.mrcgo.com
URL: https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
af033fc83861cd3cde30b8e94dfb039d059e8015c85359b61f8e0bdf084352f3
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 22:53:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 01 Feb 2023 22:53:30 GMT
Server
sfdcedge
Content-Encoding
gzip
X-SFDC-Request-Id
73ebeb6ee9a7f48b142bd79d8637b028
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=31536000,private,immutable
Connection
keep-alive
X-XSS-Protection
1; mode=block
bootstrap.js
connect.mrcgo.com/shop/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22Vo_clYDmAijdWOzW3-3Mow%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2... 		66 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/l/%7B%22mode%22%3A%22PROD%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22fwuid%22%3A%22Vo_clYDmAijdWOzW3-3Mow%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22apce%22%3A1%2C%22apck%22%3A%22rvKmbyOrUtGmx3I1aEouwg%22%2C%22mlr%22%3A1%2C%22pathPrefix%22%3A%22%2Fshop%22%2C%22dns%22%3A%22c%22%2C%22ls%22%3A1%2C%22lrmc%22%3A%22601638718%22%7D/bootstrap.js?aura.attributes=%7B%22ac%22%3A%22%22%2C%22authenticated%22%3A%22false%22%2C%22brandingSetId%22%3A%227dbd22c2-4c39-475c-a9af-7d4c66c6afff%22%2C%22formFactor%22%3A%22LARGE%22%2C%22isHybrid%22%3A%22false%22%2C%22language%22%3A%22en_US%22%2C%22pageId%22%3A%22bc74c662-2b7b-45a1-b25b-3fa08e4fc6cc%22%2C%22publishedChangelistNum%22%3A%2212%22%2C%22schema%22%3A%22Published%22%2C%22themeLayoutType%22%3A%22Login%22%2C%22viewType%22%3A%22Published%22%7D
Requested by
Host: connect.mrcgo.com
URL: https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
63011cca31fb77fe697cea3493c9176381a0ac85783b05d091f5e531bceb93fc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 22:53:30 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 02 Feb 2022 22:53:30 GMT
Server
sfdcedge
X-SFDC-Request-Id
4d3852861d0845d1af6ac22e8d0e51aa
Vary
Accept-Encoding
Content-Type
text/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Expires
Wed, 02 Feb 2022 22:53:30 GMT
aura
connect.mrcgo.com/shop/s/sfsites/ 		111 KB
27 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/aura?message=%7B%22actions%22%3A%5B%7B%22descriptor%22%3A%22serviceComponent%3A%2F%2Fui.comm.runtime.components.aura.components.siteforce.controller.PubliclyCacheableComponentLoaderController%2FACTION%24getPageComponent%22%2C%22callingDescriptor%22%3A%22UNKNOWN%22%2C%22params%22%3A%7B%22attributes%22%3A%7B%22viewId%22%3A%223950b1b4-7992-4708-8a62-505cb8befc64%22%2C%22routeType%22%3A%22login-home%22%2C%22themeLayoutType%22%3A%22Login%22%2C%22params%22%3A%7B%22startURL%22%3A%22%22%2C%22viewid%22%3A%2282579ebb-dc50-47eb-a610-9cb83e94fcff%22%2C%22view_uddid%22%3A%22%22%2C%22entity_name%22%3A%22%22%2C%22audience_name%22%3A%22%22%2C%22picasso_id%22%3A%22%22%2C%22routeId%22%3A%22%22%7D%2C%22hasAttrVaringCmps%22%3Afalse%2C%22pageLoadType%22%3A%22STANDARD_PAGE_CONTENT%22%2C%22includeLayout%22%3Atrue%7D%2C%22publishedChangelistNum%22%3A12%2C%22brandingSetId%22%3A%227dbd22c2-4c39-475c-a9af-7d4c66c6afff%22%7D%7D%5D%7D&aura.context=%7B%22mode%22%3A%22PROD%22%2C%22fwuid%22%3A%22Vo_clYDmAijdWOzW3-3Mow%22%2C%22app%22%3A%22siteforce%3AloginApp2%22%2C%22loaded%22%3A%7B%22APPLICATION%40markup%3A%2F%2Fsiteforce%3AloginApp2%22%3A%226cWl6r2qy15opsI7zKnxIA%22%7D%2C%22apck%22%3A%22rvKmbyOrUtGmx3I1aEouwg%22%2C%22uad%22%3Afalse%7D&aura.isAction=true
Requested by
Host: static.lightning.force.com
URL: https://static.lightning.force.com/na116/auraFW/javascript/Vo_clYDmAijdWOzW3-3Mow/aura_prod.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
b3fb810c2b5d0a42e2b8a514119df6926f271fc45de0c9b5c6bfcb7ad4e75b5b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
accept-language
en-GB,en;q=0.9
X-SFDC-Page-Scope-Id
ce164aa4-f7f9-471d-9745-2d572c3199cf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 22:53:31 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 01 Feb 2023 22:53:31 GMT
Server
sfdcedge
X-SFDC-Request-Id
c54a96931aeb270d574bfd339e3679d5
Vary
Accept-Encoding
Content-Type
application/json
Access-Control-Allow-Origin
*
Cache-Control
max-age=1800,public
Expires
Wed, 02 Feb 2022 22:53:31 GMT
truncated
/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
336e47855a2634b17ab1e87428f96b51e21a434dca8c8327b47dc0fd2e0d3b51

Request headers

Referer
https://connect.mrcgo.com/
Origin
https://connect.mrcgo.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/x-font-woff
aura
connect.mrcgo.com/shop/s/sfsites/ 		10 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/aura?r=1&ui-force-components-controllers-hostConfig.HostConfig.getConfigData=1
Requested by
Host: static.lightning.force.com
URL: https://static.lightning.force.com/na116/auraFW/javascript/Vo_clYDmAijdWOzW3-3Mow/aura_prod.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
014c8b2c2e9881704c7f2b4ec63b13214bd431cedad154c5bb1c9dab57b40ab4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
accept-language
en-GB,en;q=0.9
X-SFDC-Page-Scope-Id
ce164aa4-f7f9-471d-9745-2d572c3199cf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Thu, 02 Feb 2023 22:53:31 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
Server-Timing
Total;dur=191
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 02 Feb 2022 22:53:31 GMT
Server
sfdcedge
X-SFDC-Request-Id
1aa216eed729344c40fa894c4cc8f0d7
Vary
Origin, Accept-Encoding
Content-Type
application/json
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Timing-Allow-Origin
*
Expires
Wed, 02 Feb 2022 22:53:31 GMT
aura
connect.mrcgo.com/shop/s/sfsites/ 		2 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://connect.mrcgo.com/shop/s/sfsites/aura?r=2&applauncher.SocialLogin.getAuthProviders=1&applauncher.SocialLogin.getSamlProviders=1&applauncher.SocialLogin.handleIdp=1&ui-communities-components-aura-components-forceCommunity-richText.RichText.getParsedRichTextValue=1
Requested by
Host: static.lightning.force.com
URL: https://static.lightning.force.com/na116/auraFW/javascript/Vo_clYDmAijdWOzW3-3Mow/aura_prod.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
4a47b8234c05d15cdeb972fe03153e3304c37509996eddd7e647b5c2b4994b6f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
accept-language
en-GB,en;q=0.9
X-SFDC-Page-Scope-Id
ce164aa4-f7f9-471d-9745-2d572c3199cf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date
Thu, 02 Feb 2023 22:53:31 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Encoding
gzip
Transfer-Encoding
chunked
Connection
keep-alive
Server-Timing
Total;dur=142
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Last-Modified
Wed, 02 Feb 2022 22:53:31 GMT
Server
sfdcedge
X-SFDC-Request-Id
f53584b2ad722fc4ee199dca22e71166
Vary
Origin, Accept-Encoding
Content-Type
application/json
Cache-Control
no-cache,must-revalidate,max-age=0,no-store,private
Timing-Allow-Origin
*
Expires
Wed, 02 Feb 2022 22:53:31 GMT
truncated
/ 		45 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
718b98352fcff4165da6f7df4efb9231c835d9fe5ffb7c38744993adb282c145

Request headers

Referer
https://connect.mrcgo.com/
Origin
https://connect.mrcgo.com
accept-language
en-GB,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Content-Type
application/x-font-woff
Horizontal_MRCGO_4501tmResized2
connect.mrcgo.com/shop/file-asset/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://connect.mrcgo.com/shop/file-asset/Horizontal_MRCGO_4501tmResized2?v=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
85.222.140.13 , United States, ASN14340 (SALESFORCE, US),
Reverse DNS
sledge1-fra.slb.sfdcsvc.net
Software
sfdcedge /
Resource Hash
b13bb47570bfe709a9c24e70bb4f6ea4f5158182d8f983105c724d1a0aad7e5d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-GB,en;q=0.9
Referer
https://connect.mrcgo.com/shop/s/login/?startURL=%2Fshop%2Fccrz__ProductDetails%3Fsku%3D09C41798%26cartId%3D03e1fb17-e92a-456e-83fe-46a0a5b35a02%26effectiveAccount%3D0013m00002IdnWmAAJ%26cclcl%3Den_US%26categoryId%3Da0Z3m00000PIbxbEAD
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.119 Safari/537.36

Response headers

Date
Thu, 02 Feb 2023 22:53:32 GMT
Strict-Transport-Security
max-age=63072000; includeSubDomains
X-Content-Type-Options
nosniff
P3P
CP="CUR OTR STA"
Content-Disposition
attachment; filename="Horizontal_MRCGO_4501tmResized2.gif"; filename*=utf-8''Horizontal_MRCGO_4501tmResized2.gif
Connection
keep-alive
Content-Length
8371
X-XSS-Protection
1; mode=block
Referrer-Policy
origin-when-cross-origin
Last-Modified
Mon, 24 Jun 2019 20:57:19 GMT
Server
sfdcedge
X-SFDC-Request-Id
35f50191e4adb86e6a6aaaaa5827f6b4
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=3888000
Expires
Sun, 19 Mar 2023 22:53:32 GMT

Verdicts & Comments Add Verdict or Comment

11 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| oncontentvisibilityautostatechange object| picassoSPA string| comm__attrVariationKey number| pageStartTime object| Aura object| AuraLocker object| AuraLockerDisabled object| $A object| aura function| DOMPurify function| Router

7 Cookies

Domain/Path Name / Value
connect.mrcgo.com/shop/s Name: renderCtx
Value: %7B%22pageId%22%3A%22bc74c662-2b7b-45a1-b25b-3fa08e4fc6cc%22%2C%22schema%22%3A%22Published%22%2C%22viewType%22%3A%22Published%22%2C%22brandingSetId%22%3A%227dbd22c2-4c39-475c-a9af-7d4c66c6afff%22%2C%22audienceIds%22%3A%22%22%7D
connect.mrcgo.com/ Name: CookieConsentPolicy
Value: 0:1
connect.mrcgo.com/ Name: LSKey-c$CookieConsentPolicy
Value: 0:1
connect.mrcgo.com/ Name: apex__cclgtkn
Value:
connect.mrcgo.com/ Name: apex__cc_anonymous_Currency
Value: GBP
connect.mrcgo.com/ Name: apex__cc_anonymous_Country
Value: GB
connect.mrcgo.com/ Name: sfdc-stream
Value: !hqrwC53wzeop6T8YBCc7n0RTGKRECwvIwlfOWCptWaJaxXPM8h7gCE6Cy98tHfW7tq/ElFmiH1zHRpc=

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests frame-ancestors 'self'
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block