urlscan.io logo urlscan.io
SecurityTrails logo

espace-contrats.cofinoga.fr Open in urlscan Pro
2a02:26f0:ab00::5c7a:d732  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://espace-contrats.cofinoga.fr/
Effective URL: https://espace-contrats.cofinoga.fr/
Submission Tags: tag
Submission: On May 06 via api from GB — Scanned from FR
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 14 HTTP transactions. The main IP is 2a02:26f0:ab00::5c7a:d732, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is espace-contrats.cofinoga.fr.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on February 19th 2024. Valid for: a year.
This is the only time espace-contrats.cofinoga.fr was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
11 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
3 2a02:26f0:350... 20940 (AKAMAI-ASN1)
14 2
Apex Domain
Subdomains		 Transfer
11 cofinoga.fr
espace-contrats.cofinoga.fr
374 KB
3 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 425
137 KB
14 2
Domain Requested by
11 espace-contrats.cofinoga.fr espace-contrats.cofinoga.fr
3 assets.adobedtm.com espace-contrats.cofinoga.fr
assets.adobedtm.com
14 2

This site contains no links.

Subject Issuer Validity Valid
bnp19b.bnpparibas.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-02-19 -
2025-02-19		 a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-11 -
2024-08-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://espace-contrats.cofinoga.fr/
Frame ID: F814FC69C5726B5E5F18A9B43EC9BEDF
Requests: 14 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Espace Contrat Cofinoga

Page URL History Show full URLs

  1. http://espace-contrats.cofinoga.fr/ HTTP 307
    https://espace-contrats.cofinoga.fr/ Page URL

Page Statistics

14
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

511 kB
Transfer

2040 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://espace-contrats.cofinoga.fr/ HTTP 307
    https://espace-contrats.cofinoga.fr/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
espace-contrats.cofinoga.fr/
Redirect Chain
  • http://espace-contrats.cofinoga.fr/
  • https://espace-contrats.cofinoga.fr/
5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0ab8425bfadf4dd6304d2fef68b7556d839bcdec34698848d4fd8476395565ee
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
fr-FR,fr;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Accept-Ranges
bytes
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2239
Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Content-Type
text/html
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Opener-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Date
Mon, 06 May 2024 05:02:34 GMT
ETag
"65e707b8-1565"
Last-Modified
Tue, 05 Mar 2024 11:53:28 GMT
Referrer-Policy
strict-origin-when-cross-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Frame-Options
SAMEORIGIN
X-XSS-Protection
1; mode=block

Redirect headers

Location
https://espace-contrats.cofinoga.fr/
Non-Authoritative-Reason
HttpsUpgrades
vendor-d41d8cd98f00b204e9800998ecf8427e.css
espace-contrats.cofinoga.fr/assets/ 		0
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/vendor-d41d8cd98f00b204e9800998ecf8427e.css
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:13 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707a9-0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Accept-Ranges
bytes
web-bnpppf-customer-client-d41d8cd98f00b204e9800998ecf8427e.css
espace-contrats.cofinoga.fr/assets/ 		0
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/web-bnpppf-customer-client-d41d8cd98f00b204e9800998ecf8427e.css
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:13 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707a9-0"
X-Frame-Options
SAMEORIGIN
Content-Type
text/css
Accept-Ranges
bytes
customer-default-4d283297419b69311cf57ee1e9556d32.css
espace-contrats.cofinoga.fr/assets/ 		85 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/customer-default-4d283297419b69311cf57ee1e9556d32.css
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fd1c7486bff4e7601828c7a64e2cae0ced204c5352b3f59d820bbe2dd187cbe4
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
14504
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:13 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707a9-152d2"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
vendor-d2092ced158575b70652d7c9479e683b.js
espace-contrats.cofinoga.fr/assets/ 		1 MB
293 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/vendor-d2092ced158575b70652d7c9479e683b.js
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
47ab0a1f0f3fa8c7802616c1dd69d42575ebbcc5255d2fef29e848d9b51edb49
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive, Transfer-Encoding
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:28 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707b8-11a379"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
chunk.868.9d0f1e023c7f70cc1de7.js
espace-contrats.cofinoga.fr/assets/ 		59 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/chunk.868.9d0f1e023c7f70cc1de7.js
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
d9abb063c6ce9d3db48e62833625c28b969f5802c0038dbdd3e7ec0e74b52d16
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
13988
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:15 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707ab-edff"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
chunk.143.5bea7fbd36d4797bdaff.js
espace-contrats.cofinoga.fr/assets/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/chunk.143.5bea7fbd36d4797bdaff.js
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
892679082ac1f645a417aad4dde8876b3e3e0f538834f3cd8a07ee4f4417a427
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
1550
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:14 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707aa-15a5"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
web-bnpppf-customer-client-fb9b24cc913599e2b0bb25fa008498c7.js
espace-contrats.cofinoga.fr/assets/ 		115 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/web-bnpppf-customer-client-fb9b24cc913599e2b0bb25fa008498c7.js
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8bc90df48ac20c15ad490c10b4d2377ff7c508f587ab5e8f8f8ee4dd82dcf970
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
19502
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:15 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707ab-1cc8c"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Accept-Ranges
bytes
launch-c2b388534b47.min.js
assets.adobedtm.com/d398b9f3a685/f93e12333b87/ 		514 KB
124 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/d398b9f3a685/f93e12333b87/launch-c2b388534b47.min.js
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
95601401ca1836375857fed4345394f24a23acfabaedad7a3a12903438b80448

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 05:02:34 GMT
content-encoding
gzip
last-modified
Thu, 20 Apr 2023 07:39:38 GMT
server
AkamaiNetStorage
etag
"acfabebb22d6115680d4aadc436bd120:1681976378.192585"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://espace-contrats.cofinoga.fr
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
126719
expires
Mon, 06 May 2024 06:02:34 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/ 		34 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbf7b42aa08bc4f10879b1484195e80d1/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/d398b9f3a685/f93e12333b87/launch-c2b388534b47.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6d01246a30e9d483531c27721f73f266fa4af35effdb21683ac02a620ab8aaf

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 05:02:34 GMT
content-encoding
gzip
last-modified
Thu, 22 Sep 2022 16:16:49 GMT
server
AkamaiNetStorage
etag
"dfdd9e1f988805f0c2fbb10cd6b8f034:1663863409.614694"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://espace-contrats.cofinoga.fr
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12384
expires
Mon, 06 May 2024 06:02:34 GMT
customer-cofinoga-67f880fc463c2757004d81f668059acc.css
espace-contrats.cofinoga.fr/assets/ 		85 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/assets/customer-cofinoga-67f880fc463c2757004d81f668059acc.css
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/assets/vendor-d2092ced158575b70652d7c9479e683b.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
c01ff42e6e4f51dae2d01bf01f1abb0bbca6df9772d6716d83caefa0a058f2c5
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/login
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
14523
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:13 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707a9-152e6"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css
Accept-Ranges
bytes
RCf94146e1a07641069eb61a5716813904-source.min.js
assets.adobedtm.com/d398b9f3a685/f93e12333b87/eb862f78eab7/ 		453 B
511 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/d398b9f3a685/f93e12333b87/eb862f78eab7/RCf94146e1a07641069eb61a5716813904-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/d398b9f3a685/f93e12333b87/launch-c2b388534b47.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:58f::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
28c2e4dded730d4898e3e4e3c93635346d2e49728224e391748a9da97fb065d5

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 05:02:34 GMT
content-encoding
gzip
last-modified
Thu, 20 Apr 2023 07:39:38 GMT
server
AkamaiNetStorage
etag
"e1b13aec82a5af01393bf1c66fd696aa:1681976379.000145"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://espace-contrats.cofinoga.fr
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
248
expires
Mon, 06 May 2024 06:02:34 GMT
logo_cofinoga.png
espace-contrats.cofinoga.fr/img/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://espace-contrats.cofinoga.fr/img/logo_cofinoga.png
Requested by
Host: espace-contrats.cofinoga.fr
URL: https://espace-contrats.cofinoga.fr/assets/customer-cofinoga-67f880fc463c2757004d81f668059acc.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b6b700427c0148943857d1e1369733ca713ace52bbd4672a93cc438317e72271
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/assets/customer-cofinoga-67f880fc463c2757004d81f668059acc.css
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
3416
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:51:27 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e7073f-d58"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Accept-Ranges
bytes
favicon.ico
espace-contrats.cofinoga.fr/ 		5 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://espace-contrats.cofinoga.fr/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::5c7a:d732 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0ab8425bfadf4dd6304d2fef68b7556d839bcdec34698848d4fd8476395565ee
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://espace-contrats.cofinoga.fr/login
Accept-Language
fr-FR,fr;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Date
Mon, 06 May 2024 05:02:34 GMT
Content-Encoding
gzip
Cross-Origin-Embedder-Policy
unsafe-none
Cross-Origin-Resource-Policy
same-site
Connection
keep-alive
Content-Length
2239
X-XSS-Protection
1; mode=block
Referrer-Policy
strict-origin-when-cross-origin
Last-Modified
Tue, 05 Mar 2024 11:53:28 GMT
Cross-Origin-Opener-Policy
unsafe-none
ETag
"65e707b8-1565"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/html
Accept-Ranges
bytes

Verdicts & Comments Add Verdict or Comment

77 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| dataLayer object| brands object| scr object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in object| launchRules object| subscribedLaunchEvents number| index number| analyticsRule object| configRules string| beaconType boolean| Analytics_setup_finished object| waitList object| semaphore function| checkRule function| pending function| Metronome object| hitTypes number| _dataLayerOverwriteMonitor function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| s function| getVisitDuration function| cleanStr object| loader function| define function| requireModule function| require function| requirejs boolean| runningTests boolean| preferNative function| _typeof function| _get function| _superPropBase function| _inherits function| _setPrototypeOf function| _createSuper function| _possibleConstructorReturn function| _assertThisInitialized function| _isNativeReflectConstruct function| _getPrototypeOf function| _classCallCheck function| _defineProperties function| _createClass function| _toPropertyKey function| _toPrimitive object| EmberENV function| moment object| __core-js_shared__ object| core function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| $ function| jQuery object| Ember object| Em object| webpackChunk_ember_auto_import_ object| __ember_auto_import__ function| _eai_r function| _eai_d function| emberAutoImportDynamic function| emberAutoImportSync function| cash object| M object| Waves function| cookieWrite function| cookieRead string| g

6 Cookies

Domain/Path Name / Value
espace-contrats.cofinoga.fr/assets Name:
Value: HttpOnly
espace-contrats.cofinoga.fr/img Name:
Value: HttpOnly
espace-contrats.cofinoga.fr/ Name:
Value: HttpOnly
.cofinoga.fr/ Name: AMCV_E17995E0558BCEBE7F000101%40AdobeOrg
Value: 179643557%7CMCMID%7C77345706940316313890654690519195991321%7CvVersion%7C5.5.0
.cofinoga.fr/ Name: prev_page
Value: %7B%22currentPage%22%3A%22Espace%20Contrats%20%3A%20Connexion%22%2C%22previousPage%22%3A%22%22%7D
.cofinoga.fr/ Name: 55_visitStarted
Value: page1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://assets.adobedtm.com https://cdn.cookielaw.org https://www.googletagmanager.com blob:; connect-src 'self' https://cdn.cookielaw.org *.onetrust.com blob:; img-src 'self' data: *.2o7.net *.neuges.org *.cetelem.fr creditclick.fr *.bnpparibas-pf.com; style-src 'self' 'unsafe-inline'; object-src none; frame-ancestors 'self'; form-action 'self'; upgrade-insecure-requests; block-all-mixed-content;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block