Submitted URL: http://polyfill.io/
Effective URL: https://polyfill.io/v3/
Submission: On April 03 via manual from IN — Scanned from DE

Summary

This website contacted 3 IPs in 1 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2a04:4e42:a00::282, located in United States and belongs to FASTLY, US. The main domain is polyfill.io. The Cisco Umbrella rank of the primary domain is 1464.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2022 Q4 on December 10th 2022. Valid for: a year.
This is the only time polyfill.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 6 2a04:4e42:a00... 54113 (FASTLY)
5 151.101.194.209 54113 (FASTLY)
1 2a04:4e42::282 54113 (FASTLY)
11 3
Apex Domain
Subdomains
Transfer
7 polyfill.io
polyfill.io — Cisco Umbrella Rank: 1464
cdn.polyfill.io — Cisco Umbrella Rank: 2675
60 KB
5 ft.com
www.ft.com — Cisco Umbrella Rank: 26342
160 KB
11 2
Domain Requested by
6 polyfill.io 1 redirects polyfill.io
5 www.ft.com polyfill.io
1 cdn.polyfill.io polyfill.io
11 3

This site contains links to these domains. Also see Links.

Domain
github.com
Subject Issuer Validity Valid
polyfill.io
GlobalSign Atlas R3 DV TLS CA 2022 Q4
2022-12-10 -
2024-01-11
a year crt.sh
*.ft.com
GlobalSign Atlas R3 DV TLS CA 2023 Q1
2023-03-31 -
2024-05-01
a year crt.sh

This page contains 1 frames:

Primary Page: https://polyfill.io/v3/
Frame ID: 2BE10375C6A2A02E070A7ADC13647DD4
Requests: 11 HTTP requests in this frame

Screenshot

Page Title

Polyfill.io

Page URL History Show full URLs

  1. http://polyfill.io/ HTTP 307
    https://polyfill.io/ HTTP 301
    https://polyfill.io/v3/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:prototype|protoaculous)(?:-([\d.]*[\d]))?.*\.js

Overall confidence: 100%
Detected patterns
  • /polyfill\.min\.js

Page Statistics

11
Requests

100 %
HTTPS

67 %
IPv6

2
Domains

3
Subdomains

3
IPs

1
Countries

219 kB
Transfer

493 kB
Size

0
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://polyfill.io/ HTTP 307
    https://polyfill.io/ HTTP 301
    https://polyfill.io/v3/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
polyfill.io/v3/
Redirect Chain
  • http://polyfill.io/
  • https://polyfill.io/
  • https://polyfill.io/v3/
10 KB
11 KB
Document
General
Full URL
https://polyfill.io/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
36061af37a750d42287d7791a63e287f307f2849db8bbfe192d6804bd59e7e54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
1118586
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
content-length
10645
content-type
text/html
date
Mon, 03 Apr 2023 08:47:40 GMT
etag
W/"NgYa83p1DUIofXeRpj4ofzB/KEnbi7/hktaAS9WeflQ="
last-modified
Thu, 09 Feb 2023 12:35:12 GMT
referrer-policy
origin-when-cross-origin
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1
strict-transport-security
max-age=31536000; includeSubdomains; preload
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

accept-ranges
bytes
age
3444762
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
content-length
38
content-type
text/plain; charset=utf-8
date
Mon, 03 Apr 2023 08:47:40 GMT
location
/v3/
referrer-policy
origin-when-cross-origin
server-timing
HIT, fastly;desc="Edge time";dur=0 HIT, fastly;desc="Edge time";dur=0
strict-transport-security
max-age=31536000; includeSubdomains; preload
timing-allow-origin
*
x-content-type-options
nosniff
MetricWeb-Semibold.woff
www.ft.com/__origami/service/build/v2/files/o-fonts-assets@1.3.2/
50 KB
50 KB
Font
General
Full URL
https://www.ft.com/__origami/service/build/v2/files/o-fonts-assets@1.3.2/MetricWeb-Semibold.woff
Requested by
Host: polyfill.io
URL: https://polyfill.io/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.209 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8aaace27bb0d6f4f3d61d12596fed0038a6ca18250e98f71bde9be4eadcf5ab5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://polyfill.io/
Origin
https://polyfill.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 08:47:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 08 Jul 2022 15:56:57 GMT
age
400
vary
FT-Site, Accept-Encoding,Origin
content-type
font/woff
access-control-allow-origin
https://polyfill.io
cache-control
public, max-age=300, stale-while-revalidate=600, stale-if-error=600, s-maxage=600
server-timing
total; dur=49.648033; desc="Total Response Time"
ft-suppress-friendly-error
true
accept-ranges
bytes
content-length
51558
MetricWeb-Regular.woff
www.ft.com/__origami/service/build/v2/files/o-fonts-assets@1.3.2/
49 KB
49 KB
Font
General
Full URL
https://www.ft.com/__origami/service/build/v2/files/o-fonts-assets@1.3.2/MetricWeb-Regular.woff
Requested by
Host: polyfill.io
URL: https://polyfill.io/v3/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.209 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6696d1217c24fb848514b39dd908a3f645a5122719cf2bf7640ef9cd5da5bd5d
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://polyfill.io/
Origin
https://polyfill.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 08:47:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Fri, 08 Jul 2022 15:56:51 GMT
age
417
vary
FT-Site, Accept-Encoding,Origin
content-type
font/woff
access-control-allow-origin
https://polyfill.io
cache-control
public, max-age=300, stale-while-revalidate=600, stale-if-error=600, s-maxage=600
server-timing
total; dur=35.501371; desc="Total Response Time"
ft-suppress-friendly-error
true
accept-ranges
bytes
content-length
50290
index.css
polyfill.io/css/
112 KB
19 KB
Stylesheet
General
Full URL
https://polyfill.io/css/index.css
Requested by
Host: polyfill.io
URL: https://polyfill.io/v3/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
6084e01d51416d77eef26bf6b6e2102cb3d4b8963396c95cbf7063e441abc4e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://polyfill.io/v3/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Thu, 09 Feb 2023 12:35:15 GMT
date
Mon, 03 Apr 2023 08:47:40 GMT
age
518328
etag
W/W/"YITgHVFBbXfu8mv2tuIQLLPUuJYzlslcv3Bj5EGrxOk="
content-type
text/css
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
18953
polyfill.min.js
cdn.polyfill.io/v3/
101 B
654 B
Script
General
Full URL
https://cdn.polyfill.io/v3/polyfill.min.js?features=Array.from,Array.isArray,Array.prototype.entries,Array.prototype.filter,Array.prototype.forEach,Array.prototype.includes,Array.prototype.indexOf,Array.prototype.keys,Array.prototype.map,Array.prototype.reduce,ArrayBuffer,console,CustomEvent,document,Element,Function.prototype.bind,JSON,Map,Object.assign,Object.defineProperty,Object.entries,Object.getOwnPropertyDescriptor,Object.keys,Set,String.prototype.includes,String.prototype.trim,Symbol,Symbol.iterator,URLSearchParams,WeakMap,WeakSet
Requested by
Host: polyfill.io
URL: https://polyfill.io/v3/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d7f817255acac24d24766a420471f23c0796b5228b84f8432bf70570ed870b72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://polyfill.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Mon, 03 Apr 2023 08:47:40 GMT
age
2195337
detected-user-agent
Chrome/111.0.0
useragent_normaliser
chrome/111.0.0
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
113
referrer-policy
origin-when-cross-origin
last-modified
Sun, 05 Mar 2023 16:54:09 GMT
vary
User-Agent, Accept-Encoding
access-control-allow-methods
GET,HEAD,OPTIONS
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
normalized-user-agent
chrome/111.0.0
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
accept-ranges
bytes
timing-allow-origin
*
index.min.js
polyfill.io/js/
43 KB
12 KB
Script
General
Full URL
https://polyfill.io/js/index.min.js
Requested by
Host: polyfill.io
URL: https://polyfill.io/v3/
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
678527eff268c13a897cf619643cf0f77daccc3b179885377a377797352cb707
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://polyfill.io/v3/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 10 Jan 2023 10:59:14 GMT
date
Mon, 03 Apr 2023 08:47:40 GMT
age
2254038
etag
W/"aa53-1859b558fd0"
content-type
application/javascript; charset=UTF-8
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
server-timing
HIT, fastly;desc="Edge time";dur=0, HIT, fastly;desc="Edge time";dur=0
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
12332
logo.svg
polyfill.io/img/
283 B
561 B
Image
General
Full URL
https://polyfill.io/img/logo.svg
Requested by
Host: polyfill.io
URL: https://polyfill.io/css/index.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
d02f73ecd9e7ea6d737f0cbf9aca23855dc5dc7b78443494f1e61c29c29914f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://polyfill.io/css/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 03 Jan 2023 01:34:12 GMT
date
Mon, 03 Apr 2023 08:47:40 GMT
age
1002094
etag
W/W/"0C9z7Nnn6m1zfwy/msojhV3F3Ht4RDSU8eYcKcKZFPE="
content-type
image/svg+xml
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
server-timing
HIT-CLUSTER, fastly;desc="Edge time";dur=1
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
193
home-page-hero.jpg
polyfill.io/img/
168 KB
16 KB
Image
General
Full URL
https://polyfill.io/img/home-page-hero.jpg
Requested by
Host: polyfill.io
URL: https://polyfill.io/css/index.css
Protocol
H3
Security
QUIC, , AES_256_GCM
Server
2a04:4e42:a00::282 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
08f193a191fd6d4319b975a30806d959a08b654a9bc6ab719fc13163d60160d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://polyfill.io/css/index.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubdomains; preload
content-encoding
gzip
x-content-type-options
nosniff
referrer-policy
origin-when-cross-origin
last-modified
Tue, 03 Jan 2023 01:34:12 GMT
date
Mon, 03 Apr 2023 08:47:40 GMT
age
1002093
etag
W/W/"CPGToZH9bUMZuXWjCAbZWaCLZUqbxqtxn8ExY9YBYNY="
content-type
image/jpeg
cache-control
public, s-maxage=31536000, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
server-timing
HIT, fastly;desc="Edge time";dur=1
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length
16161
font
www.ft.com/__origami/service/build/v3/
30 KB
31 KB
Font
General
Full URL
https://www.ft.com/__origami/service/build/v3/font?version=1.12&font_name=MetricWeb-Semibold&system_code=origami&font_format=woff2
Requested by
Host: polyfill.io
URL: https://polyfill.io/css/index.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.209 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
2d29f56691db39f980cbe5d600355b9fe1173563106aed67cf6bd3368af8f3af
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://polyfill.io/
Origin
https://polyfill.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 08:47:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Mon, 03 Apr 2023 01:30:39 GMT
age
26221
etag
W/"79ac-18744bcd73f"
vary
Origin
content-type
font/woff2
access-control-allow-origin
https://polyfill.io
cache-control
public, max-age=86400, stale-if-error=604800, stale-while-revalidate=300000
server-timing
total; dur=8337.085351; desc="Total Response Time"
ft-suppress-friendly-error
true
accept-ranges
bytes
content-length
31148
font
www.ft.com/__origami/service/build/v3/
28 KB
29 KB
Font
General
Full URL
https://www.ft.com/__origami/service/build/v3/font?version=1.12&font_name=MetricWeb-Regular&system_code=origami&font_format=woff2
Requested by
Host: polyfill.io
URL: https://polyfill.io/css/index.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.209 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
8ef66d8994585d8486b906d00462cbc9c0fd80482a381e3fdb237bac1bf18b59
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://polyfill.io/
Origin
https://polyfill.io
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 08:47:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Mon, 03 Apr 2023 01:30:37 GMT
age
26223
etag
W/"71c0-18744bccf92"
vary
Origin
content-type
font/woff2
access-control-allow-origin
https://polyfill.io
cache-control
public, max-age=86400, stale-if-error=604800, stale-while-revalidate=300000
server-timing
total; dur=8385.391207; desc="Total Response Time"
ft-suppress-friendly-error
true
accept-ranges
bytes
content-length
29120
ftsocial-v2%3Agithub
www.ft.com/__origami/service/image/v2/images/raw/
805 B
1 KB
Image
General
Full URL
https://www.ft.com/__origami/service/image/v2/images/raw/ftsocial-v2%3Agithub?source=origami-polyfill-service&tint=000000&format=svg
Requested by
Host: polyfill.io
URL: https://polyfill.io/css/index.css
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.209 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1fd07735c631cfb498b5472fd442f2225d219516bc386ee29308eb6cf459c045
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://polyfill.io/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.146 Safari/537.36

Response headers

date
Mon, 03 Apr 2023 08:47:40 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
last-modified
Mon, 14 Sep 2020 18:45:31 GMT
age
2351542
etag
"ebe6f0a7a3df845e333805aeabcd1de1"
vary
Content-Dpr, Accept, FT-Site, Accept-Encoding, FT-Site
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=604800, stale-while-revalidate=604800, stale-if-error=604800
server-timing
HIT, fastly;desc="Edge time";dur=0, HIT-CLUSTER, fastly;desc="Edge time";dur=1
ft-suppress-friendly-error
true
timing-allow-origin
*
accept-ranges
bytes
content-length
805

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

boolean| credentialless

0 Cookies

2 Console Messages

Source Level URL
Text
javascript warning URL: https://polyfill.io/v3/
Message:
The resource https://www.ft.com/__origami/service/build/v2/files/o-fonts-assets@1.3.2/MetricWeb-Regular.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://polyfill.io/v3/
Message:
The resource https://www.ft.com/__origami/service/build/v2/files/o-fonts-assets@1.3.2/MetricWeb-Semibold.woff was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubdomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block