URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Submission: On December 12 via api from GB — Scanned from NL

Summary

This website contacted 4 IPs in 3 countries across 2 domains to perform 11 HTTP transactions. The main IP is 2a01:8800::77:80, located in Netherlands and belongs to BUSINESSCONNECT, NL. The main domain is linux-audit.com.
TLS certificate: Issued by R3 on November 24th 2023. Valid for: 3 months.
This is the only time linux-audit.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
3 2a01:8800::77:80 15693 (BUSINESSC...)
6 2a0b:4d07:101::1 44239 (PROINITY ...)
2 2a04:fa87:fff... 2635 (AUTOMATTIC)
11 4
Apex Domain
Subdomains
Transfer
9 linux-audit.com
linux-audit.com
assets.linux-audit.com
167 KB
2 gravatar.com
secure.gravatar.com — Cisco Umbrella Rank: 2168
4 KB
11 2
Domain Requested by
6 assets.linux-audit.com linux-audit.com
3 linux-audit.com assets.linux-audit.com
2 secure.gravatar.com linux-audit.com
11 3
Subject Issuer Validity Valid
linux-audit.com
R3
2023-11-24 -
2024-02-22
3 months crt.sh
assets.linux-audit.com
R3
2023-10-26 -
2024-01-24
3 months crt.sh
*.gravatar.com
Sectigo ECC Domain Validation Secure Server CA
2023-12-05 -
2025-01-04
a year crt.sh

This page contains 1 frames:

Primary Page: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Frame ID: C855923B6C0479B3592D81E4F2472D6C
Requests: 12 HTTP requests in this frame

Screenshot

Page Title

Configure HSTS (HTTP Strict Transport Security) for Apache and Nginx - Linux Audit

Detected technologies

Overall confidence: 100%
Detected patterns
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

11
Requests

100 %
HTTPS

100 %
IPv6

2
Domains

3
Subdomains

4
IPs

3
Countries

185 kB
Transfer

403 kB
Size

0
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

11 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
37 KB
10 KB
Document
General
Full URL
https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8800::77:80 , Netherlands, ASN15693 (BUSINESSCONNECT, NL),
Reverse DNS
Software
nginx /
Resource Hash
60e6dcac71578b1578812d65cdd735db2d34775fa52d935c63aa11907f8698d8
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36
accept-language
nl-NL,nl;q=0.9

Response headers

content-encoding
gzip
content-length
9430
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
content-type
text/html; charset=utf-8
date
Tue, 12 Dec 2023 01:13:08 GMT
etag
"6577a1da-24d6"
last-modified
Mon, 11 Dec 2023 23:57:14 GMT
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin <https://fonts.googleapis.com/>; rel=preconnect; crossorigin <https://fonts.gstatic.com/>; rel=preconnect; crossorigin
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
autoptimize_7ddbb2658b3a8c51cdecd95b3c08bfc3.css
assets.linux-audit.com/wp-content/cache/autoptimize/css/
178 KB
46 KB
Stylesheet
General
Full URL
https://assets.linux-audit.com/wp-content/cache/autoptimize/css/autoptimize_7ddbb2658b3a8c51cdecd95b3c08bfc3.css
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
2c50b0d3717eed2260f40d2de28cd8e5bc07f1bc21f1e8d91d74f8332f129f91
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
content-encoding
gzip
x-edge-location
defr
x-cache-status
HIT
x-cache
HIT
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Apr 2023 12:34:58 GMT
server
keycdn
etag
W/"643fdff2-2c8f8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=7257600, public
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin, <https://linux-audit.com/wp-content/cache/autoptimize/css/autoptimize_7ddbb2658b3a8c51cdecd95b3c08bfc3.css>; rel="canonical"
expires
Sun, 21 Jan 2024 10:05:16 GMT
jquery.min.js
assets.linux-audit.com/wp-includes/js/jquery/
88 KB
37 KB
Script
General
Full URL
https://assets.linux-audit.com/wp-includes/js/jquery/jquery.min.js
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
afacce23cb4feaaaef37997f8439819d8f827df4951f3ff02704c9f16fb7f53a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
content-encoding
gzip
x-edge-location
defr
x-cache-status
HIT
x-cache
HIT
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Apr 2023 12:34:50 GMT
server
keycdn
etag
W/"643fdfea-15ed7"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=7257600, public
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin, <https://linux-audit.com/wp-includes/js/jquery/jquery.min.js>; rel="canonical"
expires
Sun, 21 Jan 2024 10:31:23 GMT
lynis-audit-forward-secrecy-hsts-hpkp.png
assets.linux-audit.com/wp-content/uploads/2014/08/
8 KB
9 KB
Image
General
Full URL
https://assets.linux-audit.com/wp-content/uploads/2014/08/lynis-audit-forward-secrecy-hsts-hpkp.png
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
bb004b6bd49f42acdbc300c4ba1a56af17e72dc3bff38147ef664b58d99c2c57
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
x-edge-location
defr
x-cache-status
HIT
x-cache
HIT
content-length
8209
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 02 Nov 2015 17:13:24 GMT
server
keycdn
etag
"563799b4-2011"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=4838400, public
accept-ranges
bytes
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin, <https://linux-audit.com/wp-content/uploads/2014/08/lynis-audit-forward-secrecy-hsts-hpkp.png>; rel="canonical"
expires
Fri, 02 Feb 2024 17:06:37 GMT
lynis-enterprise-screenshot-400.png
assets.linux-audit.com/wp-content/uploads/2016/10/
21 KB
23 KB
Image
General
Full URL
https://assets.linux-audit.com/wp-content/uploads/2016/10/lynis-enterprise-screenshot-400.png
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
93b6fd1e789ce82f741abede79fea697801adc80b6092919151c87c250aee55a
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
x-edge-location
defr
x-cache-status
HIT
x-cache
HIT
content-length
21989
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 11 Oct 2016 11:42:05 GMT
server
keycdn
etag
"57fcd00d-55e5"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=4838400, public
accept-ranges
bytes
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin, <https://linux-audit.com/wp-content/uploads/2016/10/lynis-enterprise-screenshot-400.png>; rel="canonical"
expires
Sun, 24 Dec 2023 03:56:37 GMT
cisofy-icon-60x60-more-spacing.png
assets.linux-audit.com/wp-content/uploads/2016/02/
1 KB
2 KB
Image
General
Full URL
https://assets.linux-audit.com/wp-content/uploads/2016/02/cisofy-icon-60x60-more-spacing.png
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
7c791456a318b24429c0d1c85eb50e7a98aeaf01cc2eac7e35fd7259ad541400
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
x-edge-location
defr
x-cache-status
HIT
x-cache
HIT
content-length
1122
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sun, 28 Feb 2016 10:29:41 GMT
server
keycdn
etag
"56d2cc15-462"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=4838400, public
accept-ranges
bytes
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin, <https://linux-audit.com/wp-content/uploads/2016/02/cisofy-icon-60x60-more-spacing.png>; rel="canonical"
expires
Sun, 24 Dec 2023 04:51:24 GMT
autoptimize_5fd533f71351341b20cede44dd75b857.js
assets.linux-audit.com/wp-content/cache/autoptimize/js/
24 KB
10 KB
Script
General
Full URL
https://assets.linux-audit.com/wp-content/cache/autoptimize/js/autoptimize_5fd533f71351341b20cede44dd75b857.js
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a0b:4d07:101::1 , Switzerland, ASN44239 (PROINITY PROINITY, CH),
Reverse DNS
Software
keycdn /
Resource Hash
6df9b774db31246848c5b9f1bce40d574d57fa4878309769aa9388416757d872
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
content-encoding
gzip
x-edge-location
defr
x-cache-status
HIT
x-cache
HIT
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 19 Apr 2023 12:34:58 GMT
server
keycdn
etag
W/"643fdff2-61a8"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=7257600, public
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin, <https://linux-audit.com/wp-content/cache/autoptimize/js/autoptimize_5fd533f71351341b20cede44dd75b857.js>; rel="canonical"
expires
Sun, 21 Jan 2024 10:31:24 GMT
truncated
/
14 KB
14 KB
Font
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1cfd32e37f8aba263101f06e8f702adfaef55a6601857cf5e2c6dd0b0388dcd6

Request headers

Referer
Origin
https://linux-audit.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

Content-Type
application/x-font-woff;charset=utf-8
socicons.ttf
linux-audit.com/wp-content/plugins/themezee-social-sharing/assets/socicons/
4 KB
5 KB
Font
General
Full URL
https://linux-audit.com/wp-content/plugins/themezee-social-sharing/assets/socicons/socicons.ttf
Requested by
Host: assets.linux-audit.com
URL: https://assets.linux-audit.com/wp-content/cache/autoptimize/css/autoptimize_7ddbb2658b3a8c51cdecd95b3c08bfc3.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8800::77:80 , Netherlands, ASN15693 (BUSINESSCONNECT, NL),
Reverse DNS
Software
nginx /
Resource Hash
e9b543650f4ca8a9eb30871e4e0a5fdca577eaf2ffa8c0f305f27208b48e7d1e
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assets.linux-audit.com/
Origin
https://linux-audit.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
x-cache-status
HIT
content-length
3604
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 24 Oct 2019 17:09:03 GMT
server
nginx
etag
"5db1daaf-e14"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
max-age=86400
accept-ranges
bytes
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 23:30:18 GMT
francois-one-v11-latin-ext_latin-regular.woff2
linux-audit.com/wp-content/themes/rubine-lite/fonts/
25 KB
26 KB
Font
General
Full URL
https://linux-audit.com/wp-content/themes/rubine-lite/fonts/francois-one-v11-latin-ext_latin-regular.woff2
Requested by
Host: assets.linux-audit.com
URL: https://assets.linux-audit.com/wp-content/cache/autoptimize/css/autoptimize_7ddbb2658b3a8c51cdecd95b3c08bfc3.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a01:8800::77:80 , Netherlands, ASN15693 (BUSINESSCONNECT, NL),
Reverse DNS
Software
nginx /
Resource Hash
d850e65552835b3f137b941d741625b693ada871207bc891d501aa16bc12acdb
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://assets.linux-audit.com/
Origin
https://linux-audit.com
accept-language
nl-NL,nl;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

date
Tue, 12 Dec 2023 01:13:08 GMT
content-security-policy
default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; IncludeSubDomains; preload
x-cache-status
HIT
content-length
25240
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Sat, 04 Aug 2018 12:36:23 GMT
server
nginx
etag
"5b659dc7-6298"
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
max-age=86400
accept-ranges
bytes
link
<https://assets.linux-audit.com/>; rel=preconnect; crossorigin, <https://fonts.googleapis.com/>; rel=preconnect; crossorigin, <https://fonts.gstatic.com/>; rel=preconnect; crossorigin
expires
Tue, 12 Dec 2023 22:55:33 GMT
432b14624c692e7a24b7ce1c1ec8db50
secure.gravatar.com/avatar/
135 B
501 B
Image
General
Full URL
https://secure.gravatar.com/avatar/432b14624c692e7a24b7ce1c1ec8db50?s=75&d=blank&r=g
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
0143b3bb117e24cac6b66bc0941ed8dea25100af9c35271ff523d1d9ec6ab812

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc
HIT ams 4
date
Tue, 12 Dec 2023 01:13:08 GMT
last-modified
Wed, 11 Jan 1984 08:00:00 GMT
server
nginx
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="432b14624c692e7a24b7ce1c1ec8db50.png"
accept-ranges
bytes
link
<https://gravatar.com/avatar/432b14624c692e7a24b7ce1c1ec8db50?s=75&d=blank&r=g>; rel="canonical"
content-length
135
alt-svc
h3=":443"; ma=86400
expires
Tue, 12 Dec 2023 01:18:08 GMT
75984f91ac11fd9244663f98311abf56
secure.gravatar.com/avatar/
3 KB
4 KB
Image
General
Full URL
https://secure.gravatar.com/avatar/75984f91ac11fd9244663f98311abf56?s=75&d=blank&r=g
Requested by
Host: linux-audit.com
URL: https://linux-audit.com/configure-hsts-http-strict-transport-security-apache-nginx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
92ffb59be9b8b7a8d5b15318131840cb9a34c57138f75dd1a642589010e04f7e

Request headers

accept-language
nl-NL,nl;q=0.9
Referer
https://linux-audit.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.71 Safari/537.36

Response headers

x-nc
HIT ams 4
date
Tue, 12 Dec 2023 01:13:08 GMT
last-modified
Fri, 16 Jan 2015 15:33:55 GMT
server
nginx
content-type
image/jpeg
access-control-allow-origin
*
cache-control
max-age=300
content-disposition
inline; filename="75984f91ac11fd9244663f98311abf56.jpeg"
accept-ranges
bytes
link
<https://www.gravatar.com/avatar/75984f91ac11fd9244663f98311abf56?s=75&d=blank&r=g>; rel="canonical"
content-length
3500
alt-svc
h3=":443"; ma=86400
expires
Tue, 12 Dec 2023 01:18:08 GMT

Verdicts & Comments Add Verdict or Comment

5 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture undefined| $ function| jQuery object| rubine_navigation_params object| addComment

0 Cookies

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://assets.linux-audit.com https://cdn.ampproject.org https://www.google-analytics.com ssl.google-analytics.com; img-src 'self' data: cisofy.com https://assets.linux-audit.com https://cdn.linux-audit.com https://*.cloudfront.net https://stats.g.doubleclick.net *.gravatar.com https://www.google-analytics.com ssl.google-analytics.com; style-src 'self' 'unsafe-inline' https://assets.linux-audit.com fonts.googleapis.com; font-src 'self' data: *.cloudfront.net https://assets.linux-audit.com fonts.gstatic.com s1.wp.com; child-src 'self'; connect-src 'self' *.google-analytics.com; object-src 'none'
Strict-Transport-Security max-age=31536000; IncludeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block