Submitted URL: https://6261812.app.netsuite.com/
Effective URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Submission: On March 28 via manual from IN — Scanned from DE

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 16 HTTP transactions. The main IP is 2.19.244.88, located in Düsseldorf, Germany and belongs to AKAMAI-AS, US. The main domain is 6261812.app.netsuite.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 10th 2024. Valid for: a year.
This is the only time 6261812.app.netsuite.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 18 2.19.244.88 16625 (AKAMAI-AS)
16 1
Apex Domain
Subdomains
Transfer
18 netsuite.com
6261812.app.netsuite.com
413 KB
16 1
Domain Requested by
18 6261812.app.netsuite.com 2 redirects 6261812.app.netsuite.com
16 1

This site contains links to these domains. Also see Links.

Domain
www.netsuite.com
www.oracle.com
www.suiteapp.com
status.netsuite.com
Subject Issuer Validity Valid
*.app.netsuite.com
DigiCert TLS RSA SHA256 2020 CA1
2024-03-10 -
2025-03-12
a year crt.sh

This page contains 1 frames:

Primary Page: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Frame ID: D76CA0991EF54FAAEB462AD4485D325A
Requests: 16 HTTP requests in this frame

Screenshot

Page Title

NetSuite - Customer Login

Page URL History Show full URLs

  1. https://6261812.app.netsuite.com/ HTTP 301
    https://6261812.app.netsuite.com/app/login/secure/loginrouter.nl?firstlogin=T HTTP 302
    https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence= Page URL

Detected technologies

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

16
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

412 kB
Transfer

641 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://6261812.app.netsuite.com/ HTTP 301
    https://6261812.app.netsuite.com/app/login/secure/loginrouter.nl?firstlogin=T HTTP 302
    https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence= Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

16 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request customerlogin.jsp
6261812.app.netsuite.com/pages/
Redirect Chain
  • https://6261812.app.netsuite.com/
  • https://6261812.app.netsuite.com/app/login/secure/loginrouter.nl?firstlogin=T
  • https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
8 KB
3 KB
Document
General
Full URL
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7a6d40e32ec685d7ae0fa2a747ba549d47b243a5c19f59f509874ec40a44296d
Security Headers
Name Value
Content-Security-Policy default-src https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ 'nonce-e29d64e3ed6ad753307bc82ca35f67c4' 'none'; base-uri 'none'; font-src 'self' data:; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; script-src 'nonce-e29d64e3ed6ad753307bc82ca35f67c4' 'self' 'report-sample'; style-src 'self'; worker-src 'self' suitephone:; upgrade-insecure-requests; report-uri /app/security/csp/cspaudit.nl;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

akamai-grn
0.9fb20f17.1711654387.57e07b0
cache-control
No-Cache,no-store
content-encoding
gzip
content-length
2205
content-security-policy
default-src https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ 'nonce-e29d64e3ed6ad753307bc82ca35f67c4' 'none'; base-uri 'none'; font-src 'self' data:; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; script-src 'nonce-e29d64e3ed6ad753307bc82ca35f67c4' 'self' 'report-sample'; style-src 'self'; worker-src 'self' suitephone:; upgrade-insecure-requests; report-uri /app/security/csp/cspaudit.nl;
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
content-type
text/html;charset=utf-8
date
Thu, 28 Mar 2024 19:33:07 GMT
expires
0
ns_rtimer_composite
1768479756:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
pragma
No-Cache
strict-transport-security
max-age=31536000
vary
User-Agent Accept-Encoding
x-akamai-transformed
9 2109 0 pmb=mTOE,1
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-n-operationid
5087fbb5-82b9-46da-abab-cb75ccc22fce
x-request-id
090aa9ca1baec37c7efac5fe9fdd4132
x-xss-protection
1; mode=block

Redirect headers

akamai-grn
0.9fb20f17.1711654387.57e0707
content-length
282
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
content-type
text/html;charset=utf-8
date
Thu, 28 Mar 2024 19:33:07 GMT
location
/pages/customerlogin.jsp?c=6261812&whence=
ns_rtimer_composite
562418061:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
strict-transport-security
max-age=31536000
vary
User-Agent
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
x-n-operationid
3df15bf3-c772-4094-9cb8-8d725dd3faac
x-request-id
4d7a710ab19ce532dec3de29b5dc5ef1
2748716420.css
6261812.app.netsuite.com/assets/loginpage_commonlook/
40 KB
5 KB
Stylesheet
General
Full URL
https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
028be20a22b91e716c6c483da71c84af7b1cda50a443ecb87d7dc69f2ebca035
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Thu, 28 Mar 2024 19:15:43 GMT
server
Akamai Resource Optimizer
akamai-grn
0.3ec1ce17.1711653342.5b9ae41, 0.9fb20f17.1711654387.57e08d0
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
text/css
ns_rtimer_composite
1900627664:616363743231342E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
max-age=2592000
accept-ranges
bytes
content-length
4328
x-n-operationid
3b89945f-48ed-4a7e-941b-290cc926cdc2
x-request-id
bb0b1ff7ec48405c0af4cd769a505506
jquery-3.5.1.min.js
6261812.app.netsuite.com/ui/jquery/
87 KB
31 KB
Script
General
Full URL
https://6261812.app.netsuite.com/ui/jquery/jquery-3.5.1.min.js?NS_VER=2023.2&minver=17
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6150a35c0f486c46cadf0e230e2aa159c7c23ecfbb5611b64ee3f25fcbff341f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.933a2f17.1711654388.ea1c4835, 0.9fb20f17.1711654387.57e08d1
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent, Accept-Encoding
content-type
text/javascript
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
521737033:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
max-age=86400
accept-ranges
bytes
content-length
30946
x-n-operationid
168fb1cc-9ff7-4762-a51b-91f4fa07ca75
x-request-id
64d144e5c9f1ba79790ed3a0a9feca82
jquery_isolation.js
6261812.app.netsuite.com/ui/jquery/
69 B
580 B
Script
General
Full URL
https://6261812.app.netsuite.com/ui/jquery/jquery_isolation.js?NS_VER=2023.2&minver=17
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
79668dc7e33a2dde801e79e4cdcb42cc0ffa0fef18286093853d2780907b5874
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.933a2f17.1711654388.ea1c4836, 0.9fb20f17.1711654387.57e08d2
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent
content-type
text/javascript
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
521737031:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
max-age=86400
accept-ranges
bytes
content-length
69
x-n-operationid
0daea4dd-3638-4e2f-911d-81d2fb2ca2dc
x-request-id
524ade1b74314b333f0993af4449e0a9
966245790.js
6261812.app.netsuite.com/assets/loginpage_customerloginv2/
2 KB
1 KB
Script
General
Full URL
https://6261812.app.netsuite.com/assets/loginpage_customerloginv2/966245790.js?NS_VER=2023.2&minver=17
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
Akamai Resource Optimizer /
Resource Hash
1dbbae481cba82da370c80c0dc528a3427662a69de554a8b20bff070f0d81adc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Thu, 28 Mar 2024 05:17:43 GMT
server
Akamai Resource Optimizer
akamai-grn
0.e936d917.1711603061.97d15ad, 0.9fb20f17.1711654387.57e08d3
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
text/javascript
ns_rtimer_composite
123759090:616363743234382E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
max-age=2592000
accept-ranges
bytes
content-length
615
x-n-operationid
7dc9bd7c-17df-4d8a-be97-d70014e7a8bb
x-request-id
db1369bbb811c9d15b29ad27bc92974a
NLPortal.jsp
6261812.app.netsuite.com/javascript/
5 KB
2 KB
Script
General
Full URL
https://6261812.app.netsuite.com/javascript/NLPortal.jsp?JSP_VER=1&NS_VER=2023.2&minver=17&buildver=31267
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
5930bb7846db71e4c91eb258e000cdadd3f296326888c5f5a2652c2a540b47ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 29 Mar 2024 06:15:07 GMT
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.9fb20f17.1711654387.57e08d4
vary
User-Agent, Accept-Encoding
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
content-type
text/javascript;charset=utf-8
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
2075824651:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
content-length
1751
x-request-id
1d80d2ea6a09b08fa44f357146fc1667
x-n-operationid
517c9ca3-59e0-4e41-afcb-232530ed9411
orale-netsuite-white-logo.svg
6261812.app.netsuite.com/authentication/ui/loginpage/assets/images/
6 KB
3 KB
Image
General
Full URL
https://6261812.app.netsuite.com/authentication/ui/loginpage/assets/images/orale-netsuite-white-logo.svg
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
73d93561c25ea002677b9bf02ac9645595f17faab8caf7d50d2714baa12438d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.5cf47568.1711654388.26146eb, 0.9fb20f17.1711654387.57e08d5
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent, Accept-Encoding
content-type
image/svg+xml
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
2082551028:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
max-age=86400
accept-ranges
bytes
content-length
2779
x-n-operationid
cbffa0f8-4854-4b05-a384-f7d7bffd9dac
x-request-id
5598a90d4337431e0ff8e173cf0f58bc
LSQ
6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/
207 KB
76 KB
Script
General
Full URL
https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7b45e755dc9057b4666894684b8c9740fa35bfe815a74616d832663489710262

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 28 Mar 2024 19:33:07 GMT
content-encoding
br
last-modified
Wed, 02 Aug 2023 16:13:44 GMT
akamai-grn
0.9fb20f17.1711654387.57e08d6
etag
"490f0bfba331afb8c050a2766ce1f2274344a2b4ac38e5384dd547e658a24916"
stored-attribute-sha-checksum
7b45e755dc9057b4666894684b8c9740fa35bfe815a74616d832663489710262
vary
Accept-Encoding
x-cache
TCP_HIT from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
application/javascript
cache-control
max-age=21600, max-age=21600
content-length
76918
LSQ
6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/
18 B
786 B
XHR
General
Full URL
https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bef9393fcdfc7a7299c058ba2a69253c32e0964dd3e97834e17a8cdb5dce7cf6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 28 Mar 2024 19:33:08 GMT
akamai-grn
0.9fb20f17.1711654388.57e0c8f
vary
Origin
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
application/json
access-control-allow-origin
https://6261812.app.netsuite.com
access-control-allow-credentials
true
x_req_id
e2d03439-52b8-4b3a-81bb-6f63a9daa608
access-control-allow-headers
Content-Type
content-length
18
OracleSans-XBd.woff2
6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/
29 KB
30 KB
Font
General
Full URL
https://6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/OracleSans-XBd.woff2
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
bd0d14f91562f1faf5c2f31433c7a373d210b6d2d65c7797078183e4e7609d1f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Origin
https://6261812.app.netsuite.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.9fb20f17.1711654388.57e0c94
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent
content-type
font/woff2
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
562418070:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
accept-ranges
bytes
content-length
29952
x-n-operationid
61ba1492-a90d-46b1-9a32-8e90cec7c4a4
x-request-id
2c429f4208cb35abffb24b231c844a0e
OracleSans-Rg.woff2
6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/
41 KB
41 KB
Font
General
Full URL
https://6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/OracleSans-Rg.woff2
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0abc65911840d86019c5e62403dbe5ad1b91ca6b1fa861a4346f9c6972752124
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Origin
https://6261812.app.netsuite.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.9fb20f17.1711654388.57e0c95
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent
content-type
font/woff2
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
1389999066:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
accept-ranges
bytes
content-length
41512
x-n-operationid
f8157a6d-880f-4dcf-aed9-1c75d30f03ea
x-request-id
f1ac58e0a957ba50d09903981024003b
OracleSans-Bd.woff2
6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/
41 KB
42 KB
Font
General
Full URL
https://6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/OracleSans-Bd.woff2
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0ba1d1add1865c52c8f2ed3711394487805d790ddb4618ef011123c990dddb1b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Origin
https://6261812.app.netsuite.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.9fb20f17.1711654388.57e0c96
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent
content-type
font/woff2
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
1768479766:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
accept-ranges
bytes
content-length
42356
x-n-operationid
20ffdfbd-c75b-42d2-a83c-0375fbd7b843
x-request-id
915a96066b0969f9f505f9ed6340ec1f
OracleSans-SBd.woff2
6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/
29 KB
29 KB
Font
General
Full URL
https://6261812.app.netsuite.com/authentication/ui/loginpage/assets/fonts/OracleSans-SBd.woff2
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
583509a2d5b6b72fe70837bd5c9ba6ed833a72aac9d6bc04b32c8c443de016d8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/assets/loginpage_commonlook/2748716420.css?NS_VER=2023.2&minver=17
Origin
https://6261812.app.netsuite.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.9fb20f17.1711654388.57e0ca4
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent
content-type
font/woff2
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
2075824659:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
accept-ranges
bytes
content-length
29396
x-n-operationid
53a32066-32d9-4c1f-aaa5-fef81720b0ab
x-request-id
5dc09e8774a24c7beb398c8c07d20224
resource.nl
6261812.app.netsuite.com/app/login/loginpage/
103 KB
103 KB
Image
General
Full URL
https://6261812.app.netsuite.com/app/login/loginpage/resource.nl?resourcename=violator-817x446-suiteconnect-new-york-city-032024.jpg&language=US
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
2001f17dbc6b4868e81ad15de44e120da35ca445cf1487f0ee48a6a595579608
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Mon, 04 Mar 2024 06:01:38 GMT
akamai-grn
0.9fb20f17.1711654388.57e0ca5
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
image/jpeg;charset=utf-8
ns_rtimer_composite
1813686457:616363743234352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
public, max-age=604800
content-length
105385
x-n-operationid
9ab36dcb-d838-47ac-8c17-bbb1ad1758ba
x-request-id
8276b0cbceb37fbfd7b90282ac9464b5
resource.nl
6261812.app.netsuite.com/app/login/loginpage/
41 KB
42 KB
Image
General
Full URL
https://6261812.app.netsuite.com/app/login/loginpage/resource.nl?resourcename=bnr-leasequery-031124.png&language=US
Requested by
Host: 6261812.app.netsuite.com
URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6fa4da5991c67bf102d71409b6b7ca2b7bc3cd15dee0a7c9cda12035ca022bce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Mon, 11 Mar 2024 01:56:25 GMT
akamai-grn
0.9fb20f17.1711654388.57e0ca6
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
image/png;charset=utf-8
ns_rtimer_composite
1763291568:616363743131342E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
public, max-age=604800
content-length
42199
x-n-operationid
26dba5a3-7756-47d3-b391-1a58121af291
x-request-id
66a18be6871d7e44d8331a13b3c70136
favicon.png
6261812.app.netsuite.com/authentication/ui/loginpage/assets/icon/
2 KB
2 KB
Other
General
Full URL
https://6261812.app.netsuite.com/authentication/ui/loginpage/assets/icon/favicon.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.19.244.88 Düsseldorf, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-19-244-88.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
87f538d24cb5d0438386808f73a210c63531193858170df651e3eae756c8f642
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000
date
Thu, 28 Mar 2024 19:33:08 GMT
last-modified
Wed, 27 Mar 2024 21:27:13 GMT
akamai-grn
0.9fb20f17.1711654388.57e0e31
content-security-policy-report-only
frame-ancestors 'self'; report-uri /app/security/csp/cspaudit.nl
vary
User-Agent
content-type
image/png
x-cache
TCP_MISS from a23-15-178-159.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
ns_rtimer_composite
1768479769:616363743232352E70726F642D6C68722D6575342E636F72652E6E732E696E7465726E616C:80
cache-control
max-age=86400
accept-ranges
bytes
content-length
1717
x-n-operationid
0dab2b52-2f24-44dc-8b1d-110e717351ba
x-request-id
01dd585dbcdd5cb9064678f6183cd7b8

Verdicts & Comments Add Verdict or Comment

28 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onpagereveal undefined| $ function| jQuery object| NS string| protocol string| path string| domain function| wash function| checkWash function| submitButtonAction function| initRandomBanner function| initTop function| initBottom function| validateLoginForm function| init function| getQueryParameter function| HandleReferralInfo function| selectAndGo function| openTourWindow function| closeAndGoTo function| fieldHelp function| setLoginCookie function| populateEmailFromCookie function| populateEmailFromCookieNoFocus function| hasFlash object| _cf object| bmak string| _sdTrace

2 Cookies

Domain/Path Name / Value
.netsuite.com/ Name: bm_sz
Value: C7AC7A6CBE3050008267F2594C39E749~YAAQn7IPF4akz3+OAQAAzz+NhhcTzIes2b8JLZ5WKMokDDapNoecLOdxPCUEw61igNiQCaFS4VgeL4/FVS51vokJiIiWpxK+t+NWuBuK7G+PLevorSrHlnWEpbYLXkF8l/179XvhHYII5PMCmrVenJ4alU+c3C5DI77bk9McO9h7jM3kU/7fUG1Yg8VbpoTzjidnUjQz4k52Rh0PERMFeSxSDFdjhZP2j+szGJz7M9jASlcBXuUpTvlsMYK4LNm9nhqmJBtsujaowTS6WcGkMQA1kMI/RJBnrNFPdsQuOxCCfBFAfTu7haW/hdHpbNSsFb9uM1fz52fSscIaxd+f08ih2XhZqUEs/gQlwQKcSmSREu0WTe2V9A==~4274484~3488068
.netsuite.com/ Name: _abck
Value: D17703110E998DDC5D6D2E65CC6DF275~0~YAAQn7IPF5Okz3+OAQAApUSNhgsIDHPIjq+TXhIh6D92BMHCWgnw3g15/TJkHm+mvj0ZIRjvO2fsjZLnuV6gDXDbns0CMeY3/+ba/oXQ4tffocnNJT3YnAJ/nSocCOtM+AOq0Fy/OAQnjM4CIrJokWRQNj2Ix4H8CIetKNfa/bbxznqPBxYaTjbOegdSWF1AAGyreERfvh2Ekb/MJQJ4yizJLpD/xKBJ+MQevi3+x8U0TEY1LSZ7+zQPyuFiYcMp1OcJF46i1DbvXfot0jD0gzE5vCvzeYEkwaRAr0Choeb99BmxKxSbMZ+jrQIB+bWM1u+oRjYXTCUOHegqOyqNRsgh6WC7kVdtPLseMTsPVf8g+gSxtYB3FVx/1jN2Q7RSem+PglzlhEWTLAMUUEYrTjKh1ZX7qdHy7D4=~-1~-1~-1

8 Console Messages

Source Level URL
Text
security error URL: https://6261812.app.netsuite.com/pages/customerlogin.jsp?c=6261812&whence=
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.
security error URL: https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ
Message:
The Content-Security-Policy directive 'default-src' contains the keyword 'none' alongside with other source expressions. The keyword 'none' must be the only source expression in the directive value, otherwise it is ignored.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src https://6261812.app.netsuite.com/LpP41I/_Ug/CPY/rvNRyo3i/ubwEpSJpfiYL/KSsCAQ/LxtGMAp1/LSQ 'nonce-e29d64e3ed6ad753307bc82ca35f67c4' 'none'; base-uri 'none'; font-src 'self' data:; frame-ancestors 'self'; img-src 'self'; manifest-src 'self'; script-src 'nonce-e29d64e3ed6ad753307bc82ca35f67c4' 'self' 'report-sample'; style-src 'self'; worker-src 'self' suitephone:; upgrade-insecure-requests; report-uri /app/security/csp/cspaudit.nl;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block