urlscan.io logo urlscan.io
SecurityTrails logo

secure25ea.top Open in urlscan Pro
2606:4700:3032::ac43:ccf2  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://secure25ea.top/wmail/1webmail/web/auth/index.html
Effective URL: https://secure25ea.top/wmail/1webmail/web/auth/index.html
Submission: On February 06 via api from US — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 7 HTTP transactions. The main IP is 2606:4700:3032::ac43:ccf2, located in United States and belongs to CLOUDFLARENET, US. The main domain is secure25ea.top.
TLS certificate: Issued by E1 on January 6th 2024. Valid for: 3 months.
This is the only time secure25ea.top was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 2606:4700:303... 13335 (CLOUDFLAR...)
2 9 2606:4700:303... 13335 (CLOUDFLAR...)
7 1
Apex Domain
Subdomains		 Transfer
10 secure25ea.top
secure25ea.top
32 KB
7 1
Domain Requested by
10 secure25ea.top 3 redirects secure25ea.top
7 1

This site contains no links.

Subject Issuer Validity Valid
secure25ea.top
E1		 2024-01-06 -
2024-04-05		 3 months crt.sh

This page contains 3 frames:

Primary Page: https://secure25ea.top/wmail/1webmail/web/auth/index.html
Frame ID: 319DA172478ACF10A160F9B391C5E2E8
Requests: 3 HTTP requests in this frame

Frame: https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
Frame ID: A8A5BAF52361F0440FE3D991F83E58B6
Requests: 2 HTTP requests in this frame

Frame: https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
Frame ID: 84DF36922D828CF5D62B3DD888EF5516
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

403 Forbidden

Page URL History Show full URLs

  1. http://secure25ea.top/wmail/1webmail/web/auth/index.html HTTP 301
    https://secure25ea.top/wmail/1webmail/web/auth/index.html Page URL
  2. https://secure25ea.top/wmail/1webmail/web/auth/index.html Page URL

Page Statistics

7
Requests

71 %
HTTPS

100 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

30 kB
Transfer

35 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://secure25ea.top/wmail/1webmail/web/auth/index.html HTTP 301
    https://secure25ea.top/wmail/1webmail/web/auth/index.html Page URL
  2. https://secure25ea.top/wmail/1webmail/web/auth/index.html Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 0
  • http://secure25ea.top/wmail/1webmail/web/auth/index.html HTTP 301
  • https://secure25ea.top/wmail/1webmail/web/auth/index.html
Request Chain 2
  • https://secure25ea.top/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
Request Chain 4
  • https://secure25ea.top/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js

7 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
index.html
secure25ea.top/wmail/1webmail/web/auth/
Redirect Chain
  • http://secure25ea.top/wmail/1webmail/web/auth/index.html
  • https://secure25ea.top/wmail/1webmail/web/auth/index.html
19 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/wmail/1webmail/web/auth/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c371fdfb158e35b454210daa0eae156508d55a181bbfb14faf34f45e72ccf1a
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-cache-status
DYNAMIC
cf-ray
8510715db843b3da-MIA
content-type
text/html; charset=utf-8
date
Tue, 06 Feb 2024 03:52:52 GMT
expires
0
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
pragma
no-cache
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AinnkP8%2BGEIbaHPPf0hXof2KRG10trBFYdbdocjRMkpVdu5vOagnIJ1oCcg5TMBPgMw3nKt0KmZ6xbCSStM7GI2%2BcYSWU%2FlkL1Q25yKG%2BOsG9m%2Ft%2F0nXzacpx%2FSTM4GE3zC51F4gTof2qObJ8w%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
x-content-type-options
nosniff nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block 1; mode=block

Redirect headers

CF-RAY
8510715d0b8b9aef-MIA
Cache-Control
max-age=3600
Connection
keep-alive
Date
Tue, 06 Feb 2024 03:52:52 GMT
Expires
Tue, 06 Feb 2024 04:52:52 GMT
Location
https://secure25ea.top/wmail/1webmail/web/auth/index.html
NEL
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yo%2FWx7zvaZmBpd5Q94g2rZ6CWIYu7u2sQk3mZYrLlIyYo2pC7SoV28v%2Bm%2FJet0AclgUnSiCKor2xA4umBTo2kgeMP78yQI6tYyp8oGNxScwE0Ox6UMj%2BV3gcuvA2%2Bpiby4UM48xYt%2B1w3WNApw%3D%3D"}],"group":"cf-nel","max_age":604800}
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
alt-svc
h3=":443"; ma=86400
index.html
secure25ea.top/wmail/1webmail/web/auth/ 		0
728 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/wmail/1webmail/web/auth/index.html
Requested by
Host: secure25ea.top
URL: https://secure25ea.top/wmail/1webmail/web/auth/index.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff, nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block, 1; mode=block

Request headers

K6tRrOEYBvY3sBAzYZTiyyVvzc
m0dhouoplVt1hIIGC9qjZXftq3A
X-Requested-TimeStamp-Expire
accept-language
en-US,en;q=0.9
X-Requested-TimeStamp-Combination
X-Requested-Type-Combination
GET
Content-type
application/x-www-form-urlencoded
X-Requested-Type
GET
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Referer
https://secure25ea.top/wmail/1webmail/web/auth/index.html
X-Requested-with
XMLHttpRequest
X-Requested-TimeStamp
aeKTA3An-Gz0oJbodcRvYDxBIY
24262228

Response headers

pragma
no-cache
date
Tue, 06 Feb 2024 03:52:52 GMT
x-server-powered-by
Engintron
x-content-type-options
nosniff, nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-frame-options
SAMEORIGIN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FffpYrT8bDEUpNBv%2FLisTCIxkGviAzjZZrw5k4WbAb5eSR7XBoegppN3zlLVSeJ6OjuI6YeLuNBQY3B7Rsh%2FYNCJ0rYjj5txZh9WUHlkxKHCZAz7eqQxHQo8uO78ameiUcwqjbqIz%2Fzy8RNftQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0
cf-ray
85107160ad8eb3da-MIA
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block, 1; mode=block
expires
0
main.js
secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/ Frame A8A5
Redirect Chain
  • https://secure25ea.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
Protocol
H2
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7510ea1b51bef33f141b9b2782bcc1b5c743ed4104841b41324cddb06669aae2
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 03:52:52 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ug55Lk0cPdCbsWlXYGJ%2BweccvqyNOwQSXjpEP1aZh3wQRc4Wu1d6MUs%2BU2gPwsVBQTFkbN%2F9LIG9R%2BK5CD7R%2FCExBV4ISrLLuirlhlSVd4TgZpy5%2B7kfMfOuqMJzlyDgajvt9CKAIX2F9avN9w%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
85107160fe68b3da-MIA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Tue, 06 Feb 2024 03:52:52 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Io0cdfzm7P0zG%2BYXjXfLtbwQRTofzg3S%2Fdu1qPqajBg%2BcOTqAgVS2S8MZoZDhx5WsuJyBoNS0j7GHPyq3syFnbiJWTMi7HiAfDEBkVP1e%2FFPxcWSD97Dn4QBChQ0qJx1PlJqesGBrccygE3XrA%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
cache-control
max-age=300, public
cf-ray
85107160bdc3b3da-MIA
alt-svc
h3=":443"; ma=86400
8510715db843b3da
secure25ea.top/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame A8A5 		0
643 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/cdn-cgi/challenge-platform/h/g/jsd/r/8510715db843b3da
Requested by
Host: secure25ea.top
URL: https://secure25ea.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 06 Feb 2024 03:52:52 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vBDdRiSbIUfDdnwsosDUlJVpmqW45iCD%2FyULBxQdWyuDnZVtvEVbYD2WBE7%2FbOHCOj3%2BE4QZ3y8%2BHhPa5bwX5sMKKC7ilfb0jvpSmWFc7%2BG1xfXne8%2FIZO66fNMRJq2KP%2BsvA0lBw2LB9wIdbA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
85107161fd173346-MIA
alt-svc
h3=":443"; ma=86400
Primary Request index.html
secure25ea.top/wmail/1webmail/web/auth/ 		2 KB
1015 B 		Document
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/wmail/1webmail/web/auth/index.html
Requested by
Host: secure25ea.top
URL: https://secure25ea.top/wmail/1webmail/web/auth/index.html
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
27ce1e1a8565957307346e37284f1d503fe5b09193c5cefb470f85deb302deb6
Security Headers
Name Value
X-Content-Type-Options nosniff nosniff
X-Xss-Protection 1; mode=block 1; mode=block

Request headers

Referer
https://secure25ea.top/wmail/1webmail/web/auth/index.html
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
accept-language
en-US,en;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
851071620d213346-MIA
content-encoding
br
content-type
text/html
date
Tue, 06 Feb 2024 03:52:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=69m%2BJmLhPfw9BSzJGsIWusLxU4Tfvt1YPyf%2BCjurkQnl6P20tb8HeFlESnUtk9rUUtLr%2BjzCF0G%2FS7%2BJtX0pSp4DyvWOrDqkEbcokRpgw1XnVip2H%2Bmrr8sDkom8F%2BM6hQTaaxvujdz4UB6fPA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
x-content-type-options
nosniff nosniff
x-xss-protection
1; mode=block 1; mode=block
main.js
secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/ Frame 84DF
Redirect Chain
  • https://secure25ea.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
7 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
Protocol
H3
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
908add5d20932a6239a109d2314300776698e7cdc119835bf29f082e0d84439b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
en-US,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36

Response headers

date
Tue, 06 Feb 2024 03:52:53 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=O%2BrgvLboxlazQehdDmx%2BunIWwcefq7yrHN7DyFqUt94qvdWP7CRH8MXZfI5zrnstsX8hMoY3RXqr0Y6txtxOc8n9drXIFEiV0cIAhnEdZy7EOAK8hipjehsTXN7uehvEniLkhK1VfDwOCDjtwg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
8510716448a63346-MIA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Tue, 06 Feb 2024 03:52:53 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=q7cjbtKuavXuCwBfdwK8DifLTUwZoDUxytaL7omRZi62PZg7k%2Frtjh3nAPKWBsmH3yGkAqFt5OBeSjCOGTzX2wS4uFU%2F7cRZB6Ose%2FYbmFP3kPBfTkxqIFwYpkbO7oxSB9MaWo4Lp%2BYLjcIBgw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/g/scripts/jsd/ea25f566/main.js
cache-control
max-age=300, public
cf-ray
8510716418633346-MIA
alt-svc
h3=":443"; ma=86400
851071620d213346
secure25ea.top/cdn-cgi/challenge-platform/h/g/jsd/r/ Frame 84DF 		0
603 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure25ea.top/cdn-cgi/challenge-platform/h/g/jsd/r/851071620d213346
Requested by
Host: secure25ea.top
URL: https://secure25ea.top/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:3032::ac43:ccf2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
en-US,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.139 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 06 Feb 2024 03:52:53 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5wDsBeqsCdGTaVY5z3Y9sxKeDjxVCSmhRI5SnZWmt4i2UYWakL3P%2FJPZX4p%2B7bYK3ZaSvGpfuHbrseom8Y9pmPkjNmRRVrtLNWw1cLnjj77AqumRMi2yo1GAnvX4oK3YchSzk%2Bj8%2Bb%2BFBtrFAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
851071656a3a3346-MIA
alt-svc
h3=":443"; ma=86400

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0

11 Cookies

Domain/Path Name / Value
secure25ea.top/ Name: NBqccf1bahbiSrK3zjlhjUaamPg
Value: -Byp70gIXGTQyyDXYqcAEZAwTJ0
secure25ea.top/ Name: 6e2Dv_PSJ_LiW71LZJTQ5vecgZ4
Value: 1707191565
secure25ea.top/ Name: rM2lau3rfC9P31fRp769r4_yqbc
Value: 1707277965
secure25ea.top/ Name: FzCcFnZ1E9Q47Nk0NM4Pw_LoM5g
Value: jnyVP35utJ1fPF_5HI8o0erkBgw
secure25ea.top/ Name: 3uCPtdgdDJjgBrb0kIkkRHkt1Uk
Value: Uv3HbRN9SlH8sUaMct9zesaSSkg
secure25ea.top/ Name: I_OpeJH46M27irYAxBF2rb6pd28
Value: 0FUOrDql22bS6DKRGtiZhXQ4gmw
secure25ea.top/ Name: GqvuXJIEAyMBxk3ImbV5OopklvE
Value: 1707191572
secure25ea.top/ Name: OsGxXaKOWr96PxsdI4kyxGwuOrs
Value: 1707277972
secure25ea.top/ Name: _9OdNp9RUJXEVkzMD-w6XfNlKHQ
Value: nIJNWAZGzdAK5DQ6jQy9ux7fhdo
secure25ea.top/ Name: DvwYVZJeonVVr17vBOT_vT6-ER8
Value: _kSA-v7533MpUJhRDb0Qxf0cw2A
.secure25ea.top/ Name: cf_clearance
Value: GbgoFwtHw7dMWKe.CLpqqLzGgKmSwEfZYPmjyfEdPng-1707191573-1-AUt2mtiMAGVrx5qwIMN45NAEu+NywMmfUmSMmpE7OzNc6u3CdoQTCBW2uOEKlkjI3M1zs+hKE+6tlEWShaRgb/Q=

2 Console Messages

Source Level URL
Text
network error URL: https://secure25ea.top/wmail/1webmail/web/auth/index.html
Message:
Failed to load resource: the server responded with a status of 503 ()
network error URL: https://secure25ea.top/wmail/1webmail/web/auth/index.html
Message:
Failed to load resource: the server responded with a status of 403 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block 1; mode=block