urlscan.io logo urlscan.io
SecurityTrails logo

www.kreditkartenbanking.de Open in urlscan Pro
89.106.184.22  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://www.kreditkartenbanking.de/BahnCard
Effective URL: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Submission Tags: falconsandbox
Submission: On February 15 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 10 HTTP transactions. The main IP is 89.106.184.22, located in Frankfurt am Main, Germany and belongs to WORLDLINE-GERMANY Atos Worldline SAS, FR. The main domain is www.kreditkartenbanking.de.
TLS certificate: Issued by Entrust Certification Authority - L1K on November 5th 2020. Valid for: a year.
This is the only time www.kreditkartenbanking.de was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 10 89.106.184.22 5630 (WORLDLINE...)
2 212.149.50.185 16365 (COMMERZBA...)
10 2
Apex Domain
Subdomains		 Transfer
10 kreditkartenbanking.de
www.kreditkartenbanking.de
39 KB
2 commerzbank.de
www.commerzbank.de
129 KB
10 2
Domain Requested by
10 www.kreditkartenbanking.de 2 redirects www.kreditkartenbanking.de
2 www.commerzbank.de www.kreditkartenbanking.de
10 2

This site contains no links.

Subject Issuer Validity Valid
www.kreditkartenbanking.de
Entrust Certification Authority - L1K		 2020-11-05 -
2021-12-04		 a year crt.sh
www.commerzbank.de
GlobalSign Extended Validation CA - SHA256 - G3		 2019-05-08 -
2021-06-29		 2 years crt.sh

This page contains 1 frames:

Primary Page: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Frame ID: 15CE7B4FE1E1509FB769A9CBCA1E5384
Requests: 10 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://www.kreditkartenbanking.de/BahnCard HTTP 302
    https://www.kreditkartenbanking.de/BahnCard HTTP 302
    https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS Page URL

Page Statistics

10
Requests

100 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

167 kB
Transfer

161 kB
Size

2
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.kreditkartenbanking.de/BahnCard HTTP 302
    https://www.kreditkartenbanking.de/BahnCard HTTP 302
    https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

10 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set dispatch.do
www.kreditkartenbanking.de/BahnCard/cas/
Redirect Chain
  • http://www.kreditkartenbanking.de/BahnCard
  • https://www.kreditkartenbanking.de/BahnCard
  • https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
9 KB
10 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
f6754b6558e9a42b15b46d2af539a7fba4b060c12a27dbe5ad3e2a71d800f857
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Host
www.kreditkartenbanking.de
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
X-FRAME-OPTIONS
DENY
Cache-Control
no-cache, no-store, must-revalidate
Pragma
no-cache
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Content-Type
text/html;charset=UTF-8
Keep-Alive
timeout=5, max=100
Connection
Keep-Alive
Set-Cookie
persistence_cookie=!QWNEI4TkrgRlDJbNkYaD9IZpb0ArXLZoBVRruidhzhEVaOkYW+LxhtqnG86u+O7JEsoIjsii5OqRbOhQFCGTqcC1YpXb7H+mZ9shqLa6fve0; path=/; Httponly; Secure TS0189a7d5=012b07f91b997eac7171670915e5e72094e4ca4358805fe04c8a6476525cb6a4cda5ca48823ab293c2a94b22f8c2277077f9d39e87; Path=/; Domain=.www.kreditkartenbanking.de
Strict-Transport-Security
max-age=16070400; includeSubDomains
Transfer-Encoding
chunked

Redirect headers

Location
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Server
BigIP
Connection
Keep-Alive
Content-Length
0
coba_kroko.css
www.kreditkartenbanking.de/BahnCard/cas/css/ 		11 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
ce48d3d83dc49bb0114d8c4c1930afbe25d3842cf5b98755ae6b0a0b6f73b97e
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"10768-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/css
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
10768
standard.js
www.kreditkartenbanking.de/BahnCard/cas/js/coba_kroko/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/js/coba_kroko/standard.js
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
e566bfbbd2484047de44e6ecdd342eb666130bcfdf76a1f8f0386071ad0023a7
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"1038-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
text/javascript
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=98
Content-Length
1038
Banner_KKBanking_eWL_Bahn_links.jpg
www.commerzbank.de/portal/media/a-10-produkte/karten/ewl/ 		60 KB
61 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.commerzbank.de/portal/media/a-10-produkte/karten/ewl/Banner_KKBanking_eWL_Bahn_links.jpg
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.149.50.185 Frankfurt am Main, Germany, ASN16365 (COMMERZBANK DE-60261 Frankfurt, DE),
Reverse DNS
www.commerzbank.de
Software
Apache /
Resource Hash
ff5537912ef206ca9634a055b6ade154d63d9572833fb9b01a67417b47a0c42d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 07 Dec 2020 06:38:08 GMT
Server
Apache
ETag
"-1002599172"
X-Frame-Options
DENY
Content-Language
de-DE
Cache-Control
no-cache="set-cookie, set-cookie2"
Connection
Keep-Alive
Content-Type
image/jpeg
Keep-Alive
timeout=15, max=100
Content-Length
61893
X-XSS-Protection
1; mode=block
Expires
Mon, 15 Feb 2021 14:09:08 GMT
start.gif
www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/ 		67 B
749 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/start.gif
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
17408e40b4f917662375547685212cdead07f99b7bb8d0c9d93bc7a701021d8d
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"67-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=97
Content-Length
67
Banner_KKBanking_eWL_Bahn_rechts.jpg
www.commerzbank.de/portal/media/a-10-produkte/karten/ewl/ 		67 KB
68 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.commerzbank.de/portal/media/a-10-produkte/karten/ewl/Banner_KKBanking_eWL_Bahn_rechts.jpg
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
212.149.50.185 Frankfurt am Main, Germany, ASN16365 (COMMERZBANK DE-60261 Frankfurt, DE),
Reverse DNS
www.commerzbank.de
Software
Apache /
Resource Hash
adb8aa957ee2c4b158a48ac6513c08bd3a50ab1a152e62467e1c53161e70c022
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/dispatch.do?bt_PRELON=1&ref=1500_KROKO&service=COS
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Last-Modified
Mon, 07 Dec 2020 06:38:08 GMT
Server
Apache
ETag
"-1002391721"
X-Frame-Options
DENY
Content-Language
de-DE
Cache-Control
no-cache="set-cookie, set-cookie2"
Connection
Keep-Alive
Content-Type
image/jpeg
Keep-Alive
timeout=15, max=100
Content-Length
68752
X-XSS-Protection
1; mode=block
Expires
Mon, 15 Feb 2021 14:09:08 GMT
logoline.gif
www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/ 		8 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/logoline.gif
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
3ffc6ad4423b94de6486f8e5ffece520cf3741ae091836b97ceb67bd3d54a80f
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"8642-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
8642
bgname.gif
www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/bgname.gif
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
42a5d877043d4b37e8c3ab6e2f0ddfc78a21be71fe79551bc14ec88e06574773
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"1869-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=100
Content-Length
1869
backinput.gif
www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/ 		462 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/backinput.gif
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
2a6bb1e950b387312bd452cd673b8ed0cb8e7fd7465c6f4827914d2dd73d1cd9
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"462-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=96
Content-Length
462
button.gif
www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.kreditkartenbanking.de/BahnCard/cas/img/coba_kroko/button.gif
Requested by
Host: www.kreditkartenbanking.de
URL: https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
89.106.184.22 Frankfurt am Main, Germany, ASN5630 (WORLDLINE-GERMANY Atos Worldline SAS, FR),
Reverse DNS
Software
/
Resource Hash
7182ad848ecf8c283415dd8f44378316908d2a1d103959b35fc827270e81bbb1
Security Headers
Name Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY

Request headers

Referer
https://www.kreditkartenbanking.de/BahnCard/cas/css/coba_kroko.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 15 Feb 2021 14:04:08 GMT
Last-Modified
Fri, 05 Feb 2021 07:34:54 GMT
X-FRAME-OPTIONS
DENY
ETag
W/"2232-1612510494000"
Strict-Transport-Security
max-age=16070400; includeSubDomains
Content-Type
image/gif
Connection
Keep-Alive
Accept-Ranges
bytes
Keep-Alive
timeout=5, max=99
Content-Length
2232

Verdicts & Comments Add Verdict or Comment

13 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated function| MM_goToURL function| P7_swapClass function| Lvl_openWin function| MM_reloadPage

2 Cookies

Domain/Path Name / Value
www.kreditkartenbanking.de/ Name: persistence_cookie
Value: !CnkfsSuKdFzGWMHNkYaD9IZpb0ArXO5ihIaP4OKdSnqKAo/VaazmqyFSDMeuq5DjzIAEyk/hvFmvPplMnZ/+H9uuG75FhdJmE7kIhiWcg1BN
.www.kreditkartenbanking.de/ Name: TS0189a7d5
Value: 012b07f91b997eac7171670915e5e72094e4ca4358805fe04c8a6476525cb6a4cda5ca48823ab293c2a94b22f8c2277077f9d39e87

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=16070400; includeSubDomains
X-Frame-Options DENY