classic.astrazenecarespreview1.review.steeprockinc.com Open in urlscan Pro
216.154.201.85  Public Scan

URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Submission: On November 10 via api from US — Scanned from US

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 15 HTTP transactions. The main IP is 216.154.201.85, located in Tucker, United States and belongs to QTS-SUW1-ATL1, US. The main domain is classic.astrazenecarespreview1.review.steeprockinc.com.
TLS certificate: Issued by R10 on October 22nd 2024. Valid for: 3 months.
This is the only time classic.astrazenecarespreview1.review.steeprockinc.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 216.154.201.85 20141 (QTS-SUW1-...)
1 2607:f8b0:400... 15169 (GOOGLE)
15 3
Apex Domain
Subdomains
Transfer
11 steeprockinc.com
classic.astrazenecarespreview1.review.steeprockinc.com
284 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
1 KB
15 2
Domain Requested by
11 classic.astrazenecarespreview1.review.steeprockinc.com classic.astrazenecarespreview1.review.steeprockinc.com
1 fonts.googleapis.com classic.astrazenecarespreview1.review.steeprockinc.com
15 2

This site contains no links.

Subject Issuer Validity Valid
classic.astrazenecarespreview1.review.steeprockinc.com
R10
2024-10-22 -
2025-01-20
3 months crt.sh
upload.video.google.com
WR2
2024-10-07 -
2024-12-30
3 months crt.sh

This page contains 2 frames:

Primary Page: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Frame ID: 0780CE66226EE44EA5CCCA9EDBFA0181
Requests: 9 HTTP requests in this frame

Frame: https://classic.astrazenecarespreview1.review.steeprockinc.com/b5main/index.html?redir=1&preventBootstrap=1
Frame ID: 289B196C2EB4825CBB0AFEF6E87765FB
Requests: 6 HTTP requests in this frame

Screenshot

Page Title

AstraZeneca Product Strategy Insights Platform

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Page Statistics

15
Requests

80 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

3
IPs

1
Countries

285 kB
Transfer

752 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

15 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
classic.astrazenecarespreview1.review.steeprockinc.com/
5 KB
2 KB
Document
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
99cf0a90bb39c337859165145932652a1b8f09561eabc5a83b3e21749e3060bb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, must-revalidate
content-encoding
gzip
content-length
1523
content-type
text/html
date
Sun, 10 Nov 2024 15:04:31 GMT
expires
Sun, 10 Nov 2024 15:04:31 GMT
pragma
no-cache
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-envoy-upstream-service-time
39
x-xss-protection
1; mode=block
landing.css
classic.astrazenecarespreview1.review.steeprockinc.com/landing/QWADL/
13 KB
4 KB
Stylesheet
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/QWADL/landing.css
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
0f13b9a8cf28c65ab73079ab74e1bc7aef71a16681fdce3b2e037623868875d1
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
content-encoding
gzip
etag
"5E3FA60729A12225B519D8184BA47DA6"
pragma
no-cache
x-envoy-upstream-service-time
11
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
3246
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
text/css
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
info.png
classic.astrazenecarespreview1.review.steeprockinc.com/landing/VG9SG/
1 KB
1 KB
Image
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/VG9SG/info.png
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
f1232be822bbd15daf96b149d72c2881b0938def3bca2349d848a8c39049fa24
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
etag
"71DA381C7A3ABA4C5E00437F9D69A2ED"
pragma
no-cache
x-envoy-upstream-service-time
14
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
1193
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
error.png
classic.astrazenecarespreview1.review.steeprockinc.com/landing/WND7K/
1 KB
2 KB
Image
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/WND7K/error.png
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
dd741d3cad945064738bd7227979977fcf04c5bf88c6e7629aa33a904953ec32
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
etag
"F11E4206AF40EB237CF84D3C32232DC1"
pragma
no-cache
x-envoy-upstream-service-time
15
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
1484
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
call.png
classic.astrazenecarespreview1.review.steeprockinc.com/landing/8R9IY/
562 B
892 B
Image
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/8R9IY/call.png
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
caefd50d231e1f51733e055eb930065664ecb9e990788717474b2d88c374292f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
etag
"D04CF612363E95F5909A7E2A67D05BB3"
pragma
no-cache
x-envoy-upstream-service-time
6
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
562
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
mail.png
classic.astrazenecarespreview1.review.steeprockinc.com/landing/L2CK7/
617 B
949 B
Image
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/L2CK7/mail.png
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
abece1b1605288070486ff4e2a7777dda06e4d6a922af077ee3435febafe4694
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
etag
"EC8F0262379FD58A1CB4CDDD302CE4EE"
pragma
no-cache
x-envoy-upstream-service-time
23
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
617
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
image/png
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
landing.js
classic.astrazenecarespreview1.review.steeprockinc.com/landing/IR6IZ/
109 KB
38 KB
Script
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/IR6IZ/landing.js
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
52b5517075150740aa0312a2da9078695f66a12261321e363376fbba42e2d8fc
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
content-encoding
gzip
etag
"265C0E41226A02594C69121C5AED8A3E"
pragma
no-cache
x-envoy-upstream-service-time
33
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
38839
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
application/javascript
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
bg.jpg
classic.astrazenecarespreview1.review.steeprockinc.com/landing/3YLKC/
178 KB
178 KB
Image
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/landing/3YLKC/bg.jpg
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
76259438c2aaced79fda6b0c288c87c3a1ccf105e5d5ee1b4b9dfebe9a6a72c5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
etag
"3CD1DC948F58994B8E1B8335D15E1AD1"
pragma
no-cache
x-envoy-upstream-service-time
25
expires
Mon, 10 Nov 2025 15:04:31 GMT
accept-ranges
bytes
content-length
181870
date
Sun, 10 Nov 2024 15:04:31 GMT
x-xss-protection
1; mode=block
content-type
image/jpeg
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:25 GMT
index.html
classic.astrazenecarespreview1.review.steeprockinc.com/b5main/ Frame 289B
39 KB
9 KB
Document
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5main/index.html?redir=1&preventBootstrap=1
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
2060d8b355fe3db1d26acd0e00279c25babf763e122e99093931ab942c9a0f8e
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding
gzip
content-length
9187
content-type
text/html
date
Sun, 10 Nov 2024 15:04:32 GMT
expires
Sun, 10 Nov 2024 15:04:32 GMT
pragma
no-cache
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-envoy-upstream-service-time
349
x-xss-protection
1; mode=block
css
fonts.googleapis.com/ Frame 289B
13 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Roboto:400,400i,500,500i,700,700i
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/b5main/index.html?redir=1&preventBootstrap=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80b::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f435bca75b0989f340b8656b09eab90e3d5642e38902fb0d0986bfb13d5bacf8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Sun, 10 Nov 2024 15:04:33 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Sun, 10 Nov 2024 15:04:33 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Sun, 10 Nov 2024 14:26:39 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
b5all.css
classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/CF00D6DAA065173C6221E8F09C17ED61/ Frame 289B
0
0

b5all1.min.js
classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/04D91593E517D70211DC3D9AE93B03F9/ Frame 289B
0
0

b5all2-en_us.min.js
classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/173125107290/ Frame 289B
390 KB
46 KB
Script
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/173125107290/b5all2-en_us.min.js
Requested by
Host: classic.astrazenecarespreview1.review.steeprockinc.com
URL: https://classic.astrazenecarespreview1.review.steeprockinc.com/b5main/index.html?redir=1&preventBootstrap=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
84053484c66e173f3def5488d11a6a2c2b4e3d070e7da70e6c53107e941f5199
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5main/index.html?redir=1&preventBootstrap=1

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
cache-control
max-age=31536000
content-encoding
gzip
etag
"f32b2a61d0116dec679282a52b06d416"
x-envoy-upstream-service-time
258
expires
Fri, 10 Nov 2034 15:04:33 GMT
content-length
46694
date
Sun, 10 Nov 2024 15:04:33 GMT
x-xss-protection
1; mode=block
content-type
text/javascript
content-disposition
inline; filename="/home/sr/deploy/core/b5main/b5all2-en_us.min.js"
vary
Accept-Encoding
last-modified
Sun, 10 Nov 2024 15:04:33 GMT
b5all3.min.js
classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/4973564CA7E6C115270951F1371A4F56/ Frame 289B
0
0

favicon.ico
classic.astrazenecarespreview1.review.steeprockinc.com/b5main/resources/img/
946 B
1 KB
Other
General
Full URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5main/resources/img/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
216.154.201.85 Tucker, United States, ASN20141 (QTS-SUW1-ATL1, US),
Reverse DNS
Software
/
Resource Hash
c3671f1ea706c43bb9a4b52ef2e038ad2f455e6c05dce743d5c571dae59e46a2
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://classic.astrazenecarespreview1.review.steeprockinc.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
x-envoy-upstream-service-time
5
expires
Mon, 10 Nov 2025 15:04:36 GMT
accept-ranges
bytes
content-length
946
date
Sun, 10 Nov 2024 15:04:36 GMT
x-xss-protection
1; mode=block
content-type
image/x-icon
vary
Accept-Encoding
last-modified
Wed, 23 Oct 2024 12:53:23 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
classic.astrazenecarespreview1.review.steeprockinc.com
URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/CF00D6DAA065173C6221E8F09C17ED61/b5all.css
Domain
classic.astrazenecarespreview1.review.steeprockinc.com
URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/04D91593E517D70211DC3D9AE93B03F9/b5all1.min.js
Domain
classic.astrazenecarespreview1.review.steeprockinc.com
URL
https://classic.astrazenecarespreview1.review.steeprockinc.com/b5static/item/4973564CA7E6C115270951F1371A4F56/b5all3.min.js

Verdicts & Comments Add Verdict or Comment

7 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| $ function| jQuery function| Cookies function| Spinner object| custLanding object| jQuery183022008093740914658

1 Cookies

Domain/Path Name / Value
classic.astrazenecarespreview1.review.steeprockinc.com/ Name: l
Value:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Xss-Protection 1; mode=block