Submitted URL: https://pexipcn3.video.banken.gl/
Effective URL: https://pexipcn3.video.banken.gl/webapp3/
Submission: On November 29 via automatic, source certstream-suspicious — Scanned from CA

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 14 HTTP transactions. The main IP is 194.177.240.28, located in Nuuk, Greenland and belongs to Tusass A/S, GL. The main domain is pexipcn3.video.banken.gl.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on November 3rd 2023. Valid for: a year.
This is the only time pexipcn3.video.banken.gl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 15 194.177.240.28 8818 (Tusass A/S)
14 1
Apex Domain
Subdomains
Transfer
15 banken.gl
pexipcn3.video.banken.gl
3 MB
14 1
Domain Requested by
15 pexipcn3.video.banken.gl 1 redirects pexipcn3.video.banken.gl
14 1

This site contains links to these domains. Also see Links.

Domain
www.pexip.com
Subject Issuer Validity Valid
video.banken.gl
GlobalSign RSA OV SSL CA 2018
2023-11-03 -
2024-12-04
a year crt.sh

This page contains 1 frames:

Primary Page: https://pexipcn3.video.banken.gl/webapp3/
Frame ID: F1761F377BA740A38653EFC3072F28A9
Requests: 14 HTTP requests in this frame

Screenshot

Page Title

Velkommen til GrønlandsBANKEN

Page URL History Show full URLs

  1. https://pexipcn3.video.banken.gl/ HTTP 302
    https://pexipcn3.video.banken.gl/webapp3/ Page URL

Page Statistics

14
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

2992 kB
Transfer

3030 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://pexipcn3.video.banken.gl/ HTTP 302
    https://pexipcn3.video.banken.gl/webapp3/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

14 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
pexipcn3.video.banken.gl/webapp3/
Redirect Chain
  • https://pexipcn3.video.banken.gl/
  • https://pexipcn3.video.banken.gl/webapp3/
1 KB
2 KB
Document
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
1bcb69c9ccdeafdf0296915075f1f812c9be73481435fae3780649d2750bf5fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

cache-control
max-age=30
content-encoding
gzip
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
content-type
text/html; charset=UTF-8
date
Fri, 29 Nov 2024 10:32:22 GMT
etag
W/"6682d965-5bb"
expires
Fri, 29 Nov 2024 10:32:52 GMT
last-modified
Mon, 01 Jul 2024 16:29:25 GMT
referrer-policy
same-origin
server
Pexip Infinity
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block

Redirect headers

content-length
138
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
content-type
text/html
date
Fri, 29 Nov 2024 10:32:22 GMT
location
/webapp3/
referrer-policy
same-origin
server
Pexip Infinity
strict-transport-security
max-age=63072000; includeSubdomains;
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-xss-protection
1; mode=block
manifest.json
pexipcn3.video.banken.gl/webapp3/branding/
509 B
1 KB
Other
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/branding/manifest.json
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
5badbd1f4e98065b43ed1eb2f8ddd0673fcfa9d2cb8e741ea28bd4538f450210
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"63bc106b-1fd"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:52 GMT
accept-ranges
bytes
content-length
509
date
Fri, 29 Nov 2024 10:32:22 GMT
x-xss-protection
1; mode=block
content-type
application/json
last-modified
Mon, 09 Jan 2023 13:02:35 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
index-56b8d982.js
pexipcn3.video.banken.gl/webapp3/assets/
2 MB
2 MB
Script
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/index-56b8d982.js
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
c83bf3699ad6b9e9ea550a84adfb67ef3005905c70db201582f91cd507f70933
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://pexipcn3.video.banken.gl
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-1cb7f7"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:52 GMT
accept-ranges
bytes
content-length
1882103
date
Fri, 29 Nov 2024 10:32:22 GMT
x-xss-protection
1; mode=block
content-type
application/javascript; charset=UTF-8
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
index.1a99b6e5.css
pexipcn3.video.banken.gl/webapp3/assets/
272 KB
273 KB
Stylesheet
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
1a99b6e5d34d9b3a2a0cd228f535f33d4dc5fa2c56414d3c9a67ca527def563f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-4406a"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:52 GMT
accept-ranges
bytes
content-length
278634
date
Fri, 29 Nov 2024 10:32:22 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
undefined
pexipcn3.video.banken.gl/webapp3/
1 KB
2 KB
Fetch
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/undefined
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index-56b8d982.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
1bcb69c9ccdeafdf0296915075f1f812c9be73481435fae3780649d2750bf5fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
content-encoding
gzip
etag
W/"6682d965-5bb"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
last-modified
Mon, 01 Jul 2024 16:29:25 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
translation.ccb055a1.json
pexipcn3.video.banken.gl/webapp3/assets/
50 KB
50 KB
Fetch
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/translation.ccb055a1.json
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index-56b8d982.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
ccb055a161aa0b14f7d78c9fc3a825d7577e37891d6b4a8aa7edcc889495a42c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-c61d"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
50717
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
application/json
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
watermark_icon.png
pexipcn3.video.banken.gl/webapp3/branding/
4 KB
5 KB
Image
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/branding/watermark_icon.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
05dd13a9b274b460badedcab82f48683467266e3dc4c4fc93a9ded500f3464fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"63bc106b-f20"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
3872
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
image/png
last-modified
Mon, 09 Jan 2023 13:02:35 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
undefined
pexipcn3.video.banken.gl/webapp3/
1 KB
0
Fetch
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/undefined
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index-56b8d982.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
1bcb69c9ccdeafdf0296915075f1f812c9be73481435fae3780649d2750bf5fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
content-encoding
gzip
etag
W/"6682d965-5bb"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
text/html; charset=UTF-8
last-modified
Mon, 01 Jul 2024 16:29:25 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
translation.ccb055a1.json
pexipcn3.video.banken.gl/webapp3/assets/
50 KB
0
Fetch
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/translation.ccb055a1.json
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index-56b8d982.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
ccb055a161aa0b14f7d78c9fc3a825d7577e37891d6b4a8aa7edcc889495a42c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-c61d"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
50717
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
application/json
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
background.jpg
pexipcn3.video.banken.gl/webapp3/branding/
374 KB
375 KB
Image
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/branding/background.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
c20c80df8fdf71f95fc70d2ed9dc2ecd96347a932c12f4bfc7ccb6074a02b8e3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"63bc106b-5d6f5"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
382709
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
image/jpeg
last-modified
Mon, 09 Jan 2023 13:02:35 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
2020-banken-uredigeret.jpg
pexipcn3.video.banken.gl/webapp3/branding/
135 KB
136 KB
Image
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/branding/2020-banken-uredigeret.jpg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
d7a35d77ac00078142e09b3e189159772737661b204f280e064cfd3ee4bb544d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer
https://pexipcn3.video.banken.gl/webapp3/

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"63bc106b-21c26"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
138278
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
image/jpeg
last-modified
Mon, 09 Jan 2023 13:02:35 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
Inter-Bold.c63158ba.woff2
pexipcn3.video.banken.gl/webapp3/assets/
104 KB
105 KB
Font
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/Inter-Bold.c63158ba.woff2?v=3.19
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
c63158babcb7902203ed73476ccf901db34825ea524d4a36a52b5e5f97e1abf7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://pexipcn3.video.banken.gl
Referer
https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-19e9c"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
106140
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
font/woff2
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
Inter-Regular.d612f121.woff2
pexipcn3.video.banken.gl/webapp3/assets/
97 KB
98 KB
Font
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/Inter-Regular.d612f121.woff2?v=3.19
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
d612f1212b452af07f1a5defb2b672e76a91f7139e7499fa48bb9b2b985c22d6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://pexipcn3.video.banken.gl
Referer
https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-18234"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
98868
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
font/woff2
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN
Inter-SemiBold.15226129.woff2
pexipcn3.video.banken.gl/webapp3/assets/
103 KB
104 KB
Font
General
Full URL
https://pexipcn3.video.banken.gl/webapp3/assets/Inter-SemiBold.15226129.woff2?v=3.19
Requested by
Host: pexipcn3.video.banken.gl
URL: https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
194.177.240.28 Nuuk, Greenland, ASN8818 (Tusass A/S, GL),
Reverse DNS
host-240-028.greennet.gl
Software
Pexip Infinity /
Resource Hash
152261291c938aa5aad6a56d52b47ffcb893d1c0387e76d7f270a7382ff786d5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin
https://pexipcn3.video.banken.gl
Referer
https://pexipcn3.video.banken.gl/webapp3/assets/index.1a99b6e5.css

Response headers

strict-transport-security
max-age=63072000; includeSubdomains;
content-security-policy
upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
cache-control
max-age=30
etag
"6682d964-19d4c"
referrer-policy
same-origin
x-content-type-options
nosniff
expires
Fri, 29 Nov 2024 10:32:54 GMT
accept-ranges
bytes
content-length
105804
date
Fri, 29 Nov 2024 10:32:24 GMT
x-xss-protection
1; mode=block
content-type
font/woff2
last-modified
Mon, 01 Jul 2024 16:29:24 GMT
server
Pexip Infinity
x-frame-options
SAMEORIGIN

Verdicts & Comments Add Verdict or Comment

4 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| applyFocusVisiblePolyfill object| _tfGlobals object| _tfengine object| __SENTRY__

1 Cookies

Domain/Path Name / Value
pexipcn3.video.banken.gl/webapp3 Name: path
Value: /webapp3/

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests; default-src 'self'; frame-src 'self' https://telemetryservice.firstpartyapps.oaspapps.com/telemetryservice/telemetryproxy.html https://*.microsoft.com https://*.office.com; style-src 'self' 'unsafe-inline' https://*.microsoft.com https://*.office.com; object-src 'self'; font-src 'self' https://*.microsoft.com https://*.office.com; img-src 'self' https://www.adobe.com data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.microsoft.com https://*.office.com https://ajax.aspnetcdn.com https://api.keen.io; media-src 'self' blob:; connect-src 'self' https://*.microsoft.com https://*.office.com https://example.com; frame-ancestors 'self';
Strict-Transport-Security max-age=63072000; includeSubdomains;
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block