urlscan.io logo urlscan.io
SecurityTrails logo

promotion-service-qa.elancoapps.com Open in urlscan Pro
216.70.34.151  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://promotion-service-qa.elancoapps.com/
Effective URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Submission: On September 30 via automatic, source certstream-suspicious — Scanned from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 9 HTTP transactions. The main IP is 216.70.34.151, located in Fargo, United States and belongs to ENVENTIS, US. The main domain is promotion-service-qa.elancoapps.com.
TLS certificate: Issued by Entrust Certification Authority - L1K on November 2nd 2023. Valid for: a year.
This is the only time promotion-service-qa.elancoapps.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 10 216.70.34.151 12042 (ENVENTIS)
1 2600:9000:251... 16509 (AMAZON-02)
9 2
Apex Domain
Subdomains		 Transfer
10 elancoapps.com
promotion-service-qa.elancoapps.com
1 MB
1 tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1505
552 B
9 2
Domain Requested by
10 promotion-service-qa.elancoapps.com 2 redirects promotion-service-qa.elancoapps.com
1 tags.tiqcdn.com promotion-service-qa.elancoapps.com
9 2

This site contains links to these domains. Also see Links.

Domain
www.enable-javascript.com
support.google.com
Subject Issuer Validity Valid
promotion-service.elanco.com
Entrust Certification Authority - L1K		 2023-11-02 -
2024-11-11		 a year crt.sh
tags.tiqcdn.com
Amazon RSA 2048 M02		 2024-03-19 -
2025-04-17		 a year crt.sh

This page contains 1 frames:

Primary Page: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Frame ID: 31053EC3C23EA436A90BBA811C2ED2BD
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Your Pet & You Rebates - Not Logged In

Page URL History Show full URLs

  1. https://promotion-service-qa.elancoapps.com/ HTTP 302
    https://promotion-service-qa.elancoapps.com/Rebate/Offers HTTP 302
    https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Page Statistics

9
Requests

100 %
HTTPS

50 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

1272 kB
Transfer

1269 kB
Size

3
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://promotion-service-qa.elancoapps.com/ HTTP 302
    https://promotion-service-qa.elancoapps.com/Rebate/Offers HTTP 302
    https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request NotLoggedIn
promotion-service-qa.elancoapps.com/Notification/
Redirect Chain
  • https://promotion-service-qa.elancoapps.com/
  • https://promotion-service-qa.elancoapps.com/Rebate/Offers
  • https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
9 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
0abce14633427dc792e08af7cbda09696156dbe37669620ebc19a278ef1dc27e
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
no-cache, no-store
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
content-type
text/html; charset=utf-8
date
Mon, 30 Sep 2024 15:43:34 GMT
pragma
no-cache
server
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-powered-by
ASP.NET

Redirect headers

cache-control
no-cache,no-store
content-length
0
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
date
Mon, 30 Sep 2024 15:43:33 GMT
expires
-1
location
/Notification/NotLoggedIn
pragma
no-cache
server
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-powered-by
ASP.NET
vendor.min.css
promotion-service-qa.elancoapps.com/css/ 		104 KB
104 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/css/vendor.min.css?v=Q0Yv9N7N49wInqZPgWOgAaHHsbyft7lXrIs9sPBb5YQ
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
43462ff4decde3dc089ea64f8163a001a1c7b1bc9fb7b957ac8b3db0f05be584
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961eb63ac"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
106284
date
Mon, 30 Sep 2024 15:43:34 GMT
content-type
text/css
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET
site.min.css
promotion-service-qa.elancoapps.com/css/ 		483 KB
484 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/css/site.min.css?v=Pi71eIYrR5yhYReFrODpVajfBFtXDw5JQh5an02XmRg
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
3e2ef578862b479ca1611785ace0e955a8df045b570f0e49421e5a9f4d979918
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961ed7705"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
494469
date
Mon, 30 Sep 2024 15:43:34 GMT
content-type
text/css
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET
vendor.min.js
promotion-service-qa.elancoapps.com/js/ 		577 KB
578 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/js/vendor.min.js?v=8UfPzHYpA8dUumkreMw4t03fuuSJrTcnsDpT7m5ZXyU
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
f147cfcc762903c754ba692b78cc38b74ddfbae489ad3727b03a53ee6e595f25
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961e3fec9"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
590409
date
Mon, 30 Sep 2024 15:43:34 GMT
content-type
text/javascript
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET
site.min.js
promotion-service-qa.elancoapps.com/js/ 		3 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/js/site.min.js?v=nxak5ihBB_DamjlOnmqBBjDagGmGKfQUKoIhvnAYRb8
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
9f16a4e6284107f0da9a394e9e6a810630da80698629f4142a8221be701845bf
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961eaf128"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
3496
date
Mon, 30 Sep 2024 15:43:34 GMT
content-type
text/javascript
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET
iframeResizer.contentWindow.min.js
promotion-service-qa.elancoapps.com/js/ 		13 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/js/iframeResizer.contentWindow.min.js?v=WB5wtvFSCndJw9KAwUin7M_fP-JByktioHOHvbemUD8
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
581e70b6f1520a7749c3d280c148a7eccfdf3fe241ca4b62a07387bdb7a6503f
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961eac9b9"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
13625
date
Mon, 30 Sep 2024 15:43:34 GMT
content-type
text/javascript
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET
utag.js
tags.tiqcdn.com/utag/elanco/yourpetandyou.elanco.com/prod/ 		111 B
552 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tags.tiqcdn.com/utag/elanco/yourpetandyou.elanco.com/prod/utag.js
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2511:7800:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ac8b7b7492816882816ae0243cb12960d83906361e49799fffe25d54ad539788

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/

Response headers

x-amz-version-id
ZW230OxVx0Uf8pnqA2xrnT74UnXHR1xT
etag
"ad0c57fddc41cd28d93d454576b6e15d"
age
232
x-cache
Hit from cloudfront
x-amz-cf-id
3IVQTgGfrMlEtJ6HsC-N3elF8Mo9hNQX6fNhEP-2gTj2y8kRShT4eg==
date
Mon, 30 Sep 2024 15:37:43 GMT
content-type
application/javascript
vary
Accept-Encoding
last-modified
Wed, 08 Mar 2023 08:09:05 GMT
cache-control
max-age=300
via
1.1 5a588475f9a075d76c33229107634f8e.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
111
x-amz-cf-pop
JFK50-P6
server
AmazonS3
x-amz-server-side-encryption
AES256
fa-solid-900.woff2
promotion-service-qa.elancoapps.com/fonts/fontawesome/ 		78 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/fonts/fontawesome/fa-solid-900.woff2
Requested by
Host: promotion-service-qa.elancoapps.com
URL: https://promotion-service-qa.elancoapps.com/css/vendor.min.css?v=Q0Yv9N7N49wInqZPgWOgAaHHsbyft7lXrIs9sPBb5YQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
6b555920e358f8a25a422988b448615c33bcccb4f932e8331cebfc8e2a737fc7
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://promotion-service-qa.elancoapps.com
Referer
https://promotion-service-qa.elancoapps.com/css/vendor.min.css?v=Q0Yv9N7N49wInqZPgWOgAaHHsbyft7lXrIs9sPBb5YQ

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961ebc52c"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
80300
date
Mon, 30 Sep 2024 15:43:35 GMT
content-type
font/woff2
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET
favicon.ico
promotion-service-qa.elancoapps.com/ 		2 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://promotion-service-qa.elancoapps.com/favicon.ico?v=jD-CyBhsTqd4mpqZMo4VnPGbDvC0poMAuW_EGqF6wMc
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.70.34.151 Fargo, United States, ASN12042 (ENVENTIS, US),
Reverse DNS
216.70.34.151.static.enventis.net
Software
/ ASP.NET
Resource Hash
8c3f82c8186c4ea7789a9a99328e159cf19b0ef0b4a68300b96fc41aa17ac0c7
Security Headers
Name Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://promotion-service-qa.elancoapps.com/Notification/NotLoggedIn

Response headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
etag
"1daf97961eafae7"
x-content-type-options
nosniff
accept-ranges
bytes
content-length
1639
date
Mon, 30 Sep 2024 15:43:35 GMT
content-type
image/x-icon
last-modified
Wed, 28 Aug 2024 18:37:49 GMT
server
x-powered-by
ASP.NET

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| $jscomp function| $jscomp$lookupPolyfilledValue function| bkExtend function| bkClass function| bkElement object| bkLib function| $BK object| bkEvent function| __ function| nicEditorConfig object| nicEditors function| nicEditor function| nicEditorInstance function| nicEditorIFrameInstance function| nicEditorPanel function| nicEditorButton function| nicPlugin object| nicPaneOptions function| nicEditorPane function| nicEditorAdvancedButton function| nicButtonTips object| nicSelectOptions function| nicEditorSelect function| nicEditorFontSizeSelect function| nicEditorFontFamilySelect function| nicEditorFontFormatSelect object| nicLinkOptions function| nicLinkButton object| nicColorOptions function| nicEditorColorButton function| nicEditorBgColorButton object| nicImageOptions function| nicImageButton object| nicSaveOptions function| nicEditorSaveButton function| $ function| jQuery object| bootstrap object| utag_data boolean| cookiesEnabled

3 Cookies

Domain/Path Name / Value
promotion-service-qa.elancoapps.com/Notification Name:
Value: testCookiesEnabled
promotion-service-qa.elancoapps.com/ Name: .AspNetCore.Session
Value: CfDJ8JiS%2Bx3nZGlHn0kI8od6RoqJk89AhBqKyYgfptxHvg1RXOB9vPhXT%2B6rkZ7hHGvzyXs58Pi7KKRIENF0I9tZi958EHpOhpQXFwCB1Mdr7Qx3kWMuYf1KpAJnEgeZj03%2B%2BxqtgXvwLnzqo3StT5DGvVKQMI7VdFSgoqTX2mmkqYS%2B
promotion-service-qa.elancoapps.com/ Name: .AspNetCore.Antiforgery.Ax1NxwDsTE4
Value: CfDJ8JiS-x3nZGlHn0kI8od6Roo4VdtZzlCm3rUwhrOUiBv0sffZSBQt_jJ5XkOuP9zQ60GB1WZV5Stx6ksBdpp3uJURv5OqLHRqyfIZgc50ftpM0WeKwbgVOlL4KxZpeZob78DpFMSiLks1O9P1l-iHPbM

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors *.elancoapps.com *.elanco.com *.azurewebsites.net localhost localhost:* http://localhost:*; default-src * 'unsafe-eval' 'unsafe-inline' data: blob:;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN