URL: https://www.verifysfpmail.pro/
Submission: On September 12 via automatic, source certstream-suspicious — Scanned from SG

Summary

This website contacted 7 IPs in 3 countries across 6 domains to perform 13 HTTP transactions. The main IP is 139.59.219.157, located in Singapore, Singapore and belongs to DIGITALOCEAN-ASN, US. The main domain is www.verifysfpmail.pro.
TLS certificate: Issued by E6 on August 19th 2024. Valid for: 3 months.
This is the only time www.verifysfpmail.pro was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 139.59.219.157 14061 (DIGITALOC...)
1 2404:6800:400... 15169 (GOOGLE)
2 185.30.21.27 60527 (XSOLLA-AS)
5 2606:4700:303... 13335 (CLOUDFLAR...)
1 2404:6800:400... 15169 (GOOGLE)
1 34.146.3.71 396982 (GOOGLE-CL...)
13 7
Domain Requested by
4 cdn.wortal.ai www.verifysfpmail.pro
2 www.verifysfpmail.pro www.verifysfpmail.pro
1 wombat.digitalwill.co.jp www.verifysfpmail.pro
1 login-widget.xsolla.com login-sdk.xsolla.com
1 fonts.gstatic.com fonts.googleapis.com
1 games.wortal.ai www.verifysfpmail.pro
1 login-sdk.xsolla.com www.verifysfpmail.pro
1 fonts.googleapis.com www.verifysfpmail.pro
13 8

This site contains no links.

Subject Issuer Validity Valid
banghawe.com
E6
2024-08-19 -
2024-11-17
3 months crt.sh
upload.video.google.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
*.xsolla.com
Thawte TLS RSA CA G1
2024-08-19 -
2025-09-19
a year crt.sh
games.wortal.ai
WE1
2024-08-30 -
2024-11-28
3 months crt.sh
cdn.wortal.ai
WE1
2024-08-30 -
2024-11-28
3 months crt.sh
*.gstatic.com
WR2
2024-08-12 -
2024-11-04
3 months crt.sh
wombat.digitalwill.co.jp
R10
2024-09-03 -
2024-12-02
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.verifysfpmail.pro/
Frame ID: EEE6D87E7BECB9AA8EAEEBE5A291A0B9
Requests: 11 HTTP requests in this frame

Frame: https://login-widget.xsolla.com/latest?projectId=6f11db11-0f45-40cf-b968-e9178beaa070&locale=en_US&client_id=10349&scope=offline&state=https://www.verifysfpmail.pro/&redirect_uri=https://dash.wortal.ai/oauth/xsolla/callback&response_type=code
Frame ID: F4178F34DB6D5553B250CF72FA2AF637
Requests: 2 HTTP requests in this frame

Screenshot

Page Title

Play the Best HTML5 Games Online | Fun & Free Games Portal

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Page Statistics

13
Requests

77 %
HTTPS

50 %
IPv6

6
Domains

8
Subdomains

7
IPs

3
Countries

133 kB
Transfer

199 kB
Size

1
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

13 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.verifysfpmail.pro/
22 KB
8 KB
Document
General
Full URL
https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
139.59.219.157 Singapore, Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
a01ac68c730ab75d55c0b97d044fc83b564fedeadb98c699357800703fcb7308
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-encoding
gzip
content-type
text/html; charset=utf-8
cross-origin-opener-policy
same-origin
date
Thu, 12 Sep 2024 18:33:22 GMT
referrer-policy
strict-origin-when-cross-origin
server
nginx/1.22.1
vary
Accept-Encoding origin
x-content-type-options
nosniff
x-frame-options
DENY
css2
fonts.googleapis.com/
14 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::5f Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
3f6e8efb65dff0486271d787d60be7d84387c203bebd36159794e6e2c28c31f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 12 Sep 2024 18:33:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 12 Sep 2024 18:02:59 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 12 Sep 2024 18:33:22 GMT
base.css
www.verifysfpmail.pro/static/portals/css/dist/
30 KB
6 KB
Stylesheet
General
Full URL
https://www.verifysfpmail.pro/static/portals/css/dist/base.css
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
139.59.219.157 Singapore, Singapore, ASN14061 (DIGITALOCEAN-ASN, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
d086e02f1f18dcf4f0dc05abf79e7027438d514568ad601b2ffefeb0dc5faef8

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 18:33:22 GMT
content-encoding
gzip
last-modified
Thu, 12 Sep 2024 08:56:14 GMT
server
nginx/1.22.1
etag
W/"66e2acae-7685"
vary
Accept-Encoding
content-type
text/css
/
login-sdk.xsolla.com/latest/
95 KB
96 KB
Script
General
Full URL
https://login-sdk.xsolla.com/latest/
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.30.21.27 , United States, ASN60527 (XSOLLA-AS, US),
Reverse DNS
Software
nginx /
Resource Hash
88abe4d8e3b800ff923de09df4f6ecc965863902d54382d7e9b0986bccc5458a
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains, max-age=63072000

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date
Thu, 12 Sep 2024 18:33:22 GMT
Strict-Transport-Security
max-age=15724800; includeSubDomains, max-age=63072000
Server
nginx
Connection
keep-alive
Transfer-Encoding
chunked
Content-Type
application/javascript
index.js
games.wortal.ai/in-page-prebid-ad/
12 KB
4 KB
Script
General
Full URL
https://games.wortal.ai/in-page-prebid-ad/index.js
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c155d13e96f71f167e6de09961b7b1a6c512a956baf767f919db630546d2122e

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 18:33:22 GMT
content-encoding
br
cf-cache-status
DYNAMIC
last-modified
Wed, 11 Sep 2024 09:46:48 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"0eab1db015559427f35b1ac8f9804609"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RAV%2FiOoap0vPaznSOhx2hAz92FuPE85Iobdzc7bby0qqkr%2BjCw54DHbsaEUg%2BQL3szzD%2FdGBppSFfUjwI3VN9KS%2BvdQuoWeyzmTq%2BeZa1cyCep0ohO%2BYXrub3VRCwvm4viyvuD6zBiikWbgfFw4%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript
cf-ray
8c21fc4aefcb9f7d-SIN
alt-svc
h3=":443"; ma=86400
wortal.ai.png
cdn.wortal.ai/fixed-static/
6 KB
7 KB
Image
General
Full URL
https://cdn.wortal.ai/fixed-static/wortal.ai.png
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c785fc219f6d29374a3c5777ee1c6d57d9da5301206a74cef2a05397bf14b62

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 18:33:22 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 21 Jan 2024 12:57:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"15cb357a7cfc12ef36eaf0efbf7f36ec"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x9tMde7m6x1j00oQe7rwnaJnAX0p%2BDhYd%2FQY8y4266h3FJDK9CHRkJPw4676p4ONHtjQmv8NnVoUxZzlJJb%2BCJbQHcyQZKDfCiZcnCrAfsRFdNpWfMc3EVTyOLroDTrOLRj0oxtDqG%2BOBpPN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8c21fc4ae92e48dc-SIN
alt-svc
h3=":443"; ma=86400
content-length
6381
new.svg
cdn.wortal.ai/category-icons/
4 KB
2 KB
Image
General
Full URL
https://cdn.wortal.ai/category-icons/new.svg
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
eb54e7d75821d32d3135b1220049fa6068fd08f3d87ed2214b3990513a68fa9c

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 18:33:22 GMT
content-encoding
br
cf-cache-status
MISS
last-modified
Fri, 30 Aug 2024 07:31:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"cb91cd987e90f8fd64ac03d383a4cc3d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gT8fNi9K8jWXF2WXC3sUTLPTp8yHMHMmD9SxjxtWBEr70YxK%2BHHBdiz%2FsoTWrPXPvyHrZq1fbVdTTpzKE11ScgOGPf0SbMAAG5lYVrj0eqH%2BqPcKUdIHI%2B9z2wIhOUJ4bE%2BEsho0OWKG5nlE"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
8c21fc4ae92d48dc-SIN
alt-svc
h3=":443"; ma=86400
recent.svg
cdn.wortal.ai/category-icons/
2 KB
1 KB
Image
General
Full URL
https://cdn.wortal.ai/category-icons/recent.svg
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b1cf56bec0268e67d3b3e2a806088cee4d4e87a32408ca05f598b42bf7d4071

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 18:33:22 GMT
content-encoding
br
cf-cache-status
REVALIDATED
last-modified
Fri, 30 Aug 2024 07:32:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
W/"a3da2925c01a4f41abdedfd7fcbb345d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yi9V%2BwmmOVFoQH%2Bw65eMaMBZRw1lEosY4VANILKsTNahiJxNOnS3mEqtk4AIAx88Yq53XCJP7hjkXHn8NfT4JaJtnLsJpw7hqDlc5QWzof2sJYmdhthi7Vu2wXAI4im1RcOcWPx%2F4kypqws6"}],"group":"cf-nel","max_age":604800}
content-type
image/svg+xml
cache-control
max-age=14400
cf-ray
8c21fc4c49f648dc-SIN
alt-svc
h3=":443"; ma=86400
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.gstatic.com/s/poppins/v21/
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v21/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Poppins:ital,wght@0,100;0,200;0,300;0,400;0,500;0,600;0,700;0,800;0,900;1,100;1,200;1,300;1,400;1,500;1,600;1,700;1,800;1,900&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1c::5e Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://www.verifysfpmail.pro
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 11 Sep 2024 08:50:01 GMT
x-content-type-options
nosniff
age
121402
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7816
x-xss-protection
0
last-modified
Fri, 22 Mar 2024 00:00:32 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 11 Sep 2025 08:50:01 GMT
latest
login-widget.xsolla.com/ Frame F417
0
0

latest
login-widget.xsolla.com/ Frame F417
0
0
Document
General
Full URL
https://login-widget.xsolla.com/latest?projectId=6f11db11-0f45-40cf-b968-e9178beaa070&locale=en_US&client_id=10349&scope=offline&state=https://www.verifysfpmail.pro/&redirect_uri=https://dash.wortal.ai/oauth/xsolla/callback&response_type=code
Requested by
Host: login-sdk.xsolla.com
URL: https://login-sdk.xsolla.com/latest/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.30.21.27 , United States, ASN60527 (XSOLLA-AS, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains max-age=63072000

Request headers

Referer
https://www.verifysfpmail.pro/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html
Date
Thu, 12 Sep 2024 18:33:24 GMT
Server
nginx
Strict-Transport-Security
max-age=15724800; includeSubDomains max-age=63072000
Transfer-Encoding
chunked
events
wombat.digitalwill.co.jp/wortal/
0
156 B
Ping
General
Full URL
https://wombat.digitalwill.co.jp/wortal/events
Requested by
Host: www.verifysfpmail.pro
URL: https://www.verifysfpmail.pro/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.146.3.71 Tokyo, Japan, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
71.3.146.34.bc.googleusercontent.com
Software
nginx/1.14.2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
*
Date
Thu, 12 Sep 2024 18:33:23 GMT
Server
nginx/1.14.2
Connection
keep-alive
Vary
Origin
wortal.ai.png
cdn.wortal.ai/fixed-static/
6 KB
0
Other
General
Full URL
https://cdn.wortal.ai/fixed-static/wortal.ai.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3037::6815:c8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c785fc219f6d29374a3c5777ee1c6d57d9da5301206a74cef2a05397bf14b62

Request headers

Referer
https://www.verifysfpmail.pro/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Thu, 12 Sep 2024 18:33:22 GMT
cf-cache-status
REVALIDATED
last-modified
Sun, 21 Jan 2024 12:57:29 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
etag
"15cb357a7cfc12ef36eaf0efbf7f36ec"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x9tMde7m6x1j00oQe7rwnaJnAX0p%2BDhYd%2FQY8y4266h3FJDK9CHRkJPw4676p4ONHtjQmv8NnVoUxZzlJJb%2BCJbQHcyQZKDfCiZcnCrAfsRFdNpWfMc3EVTyOLroDTrOLRj0oxtDqG%2BOBpPN"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
max-age=14400
accept-ranges
bytes
cf-ray
8c21fc4ae92e48dc-SIN
alt-svc
h3=":443"; ma=86400
content-length
6381

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
login-widget.xsolla.com
URL
https://login-widget.xsolla.com/latest?projectId=6f11db11-0f45-40cf-b968-e9178beaa070

Verdicts & Comments Add Verdict or Comment

31 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| XsollaLogin function| XsollaAnalytics object| pbjs function| createScript function| wombatEvent function| fetchCountry function| getCountry function| initPrebid function| renderAllAdUnits function| renderOne function| callPrebidAd function| showAd function| createPrebidAdObserver function| monitorAdSenseStatus function| isLoggedIn function| setLogin function| logout function| setLoginState function| showLoginPage function| getToken function| parseJwt function| isTokenExpiringSoon function| isTokenExpired function| refreshToken function| isValidString function| generateUUID function| getGuestUserID function| getUserID function| sendPageVisit function| initializePage

1 Cookies

Domain/Path Name / Value
.xsolla.com/ Name: xsollauid
Value: 354672367324102670

1 Console Messages

Source Level URL
Text
security warning URL: https://login-sdk.xsolla.com/latest/
Message:
An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can escape its sandboxing.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options DENY