Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #cURL request with a User Agent set to the latest Chrome, CSP header is issued.
- scott@securityheaders:~$ curl -A "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.97 Safari/537.36" -I https://twitter.com
- HTTP/1.1 200 OK
- cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
- content-length: 253757
- content-security-policy: script-src https://connect.facebook.net https://cm.g.doubleclick.net https://ssl.google-analytics.com https://graph.facebook.com https://twitter.com 'unsafe-eval' https://*.twimg.com https://api.twitter.com 'nonce-pNzQrZTmFhM6POFomnBfRw==' https://analytics.twitter.com https://ton.twitter.com https://syndication.twitter.com https://www.google.com https://t.tellapart.com https://platform.twitter.com https://www.google-analytics.com 'self'; frame-ancestors 'self'; font-src https://twitter.com https://*.twimg.com data: https://ton.twitter.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com 'self'; media-src https://twitter.com https://*.twimg.com https://ton.twitter.com blob: 'self'; connect-src https://graph.facebook.com https://media4.giphy.com https://media0.giphy.com https://pay.twitter.com https://analytics.twitter.com https://media.riffsy.com https://media.giphy.com https://media3.giphy.com https://upload.twitter.com https://media2.giphy.com https://media1.giphy.com 'self'; style-src https://fonts.googleapis.com https://twitter.com https://*.twimg.com https://translate.googleapis.com https://ton.twitter.com 'unsafe-inline' https://platform.twitter.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com 'self'; object-src https://twitter.com https://pbs.twimg.com; default-src 'self'; frame-src https://staticxx.facebook.com https://twitter.com https://*.twimg.com https://player.vimeo.com https://pay.twitter.com https://www.facebook.com https://ton.twitter.com https://syndication.twitter.com https://vine.co twitter: https://www.youtube.com https://platform.twitter.com https://upload.twitter.com https://s-static.ak.facebook.com 'self' https://donate.twitter.com; img-src https://graph.facebook.com https://twitter.com https://*.twimg.com https://media4.giphy.com data: https://media0.giphy.com https://fbcdn-profile-a.akamaihd.net https://www.facebook.com https://ton.twitter.com https://*.fbcdn.net https://syndication.twitter.com https://media.riffsy.com https://www.google.com https://media.giphy.com https://stats.g.doubleclick.net https://media3.giphy.com https://www.google-analytics.com blob: https://media2.giphy.com https://media1.giphy.com 'self'; report-uri https://twitter.com/i/csp_report?a=NVQWGYLXFVZXO2LGOQ%3D%3D%3D%3D%3D%3D&ro=false;
- content-type: text/html;charset=utf-8
- date: Sun, 31 Jan 2016 17:08:18 GMT
- expires: Tue, 31 Mar 1981 05:00:00 GMT
- last-modified: Sun, 31 Jan 2016 17:08:18 GMT
- pragma: no-cache
- server: tsa_a
- set-cookie: _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCMUVqJhSAToMY3NyZl9p%250AZCIlYzUyNGI0YTcyYmRjZGExYjAzYzY0MTQwYmY0NzE0Nzc6B2lkIiUxNjA3%250AOGI3MGVhZDdjNTc5ZjQyMzM4ZDg1OWIyMmQyOA%253D%253D--d2c9c515146d2e926be03d570b51979950a649b7; Path=/; Domain=.twitter.com; Secure; HTTPOnly
- set-cookie: ua="f5,m2,m5,rweb,msw"; Expires=Sun, 31 Jan 2016 18:08:18 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly
- set-cookie: guest_id=v1%3A145426009850068460; Domain=.twitter.com; Path=/; Expires=Tue, 30-Jan-2018 17:08:18 UTC
- status: 200 OK
- strict-transport-security: max-age=631138519
- x-connection-hash: 34303e4dc987e1c2cab38932a411cc13
- x-content-type-options: nosniff
- x-frame-options: SAMEORIGIN
- x-response-time: 150
- x-transaction: 6187b9cf660ea18d
- x-twitter-response-tags: BouncerCompliant
- x-ua-compatible: IE=edge,chrome=1
- x-xss-protection: 1; mode=block
- #cURL request with a custom User Agent set, CSP header is not issued.
- scott@securityheaders:~$ curl -A "Mozilla/5.0 (compatible; SecurityHeaders/1.0; +https://securityheaders.io/about/)" -I https://twitter.com
- HTTP/1.1 200 OK
- cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
- content-length: 253735
- content-type: text/html;charset=utf-8
- date: Sun, 31 Jan 2016 17:08:57 GMT
- expires: Tue, 31 Mar 1981 05:00:00 GMT
- last-modified: Sun, 31 Jan 2016 17:08:57 GMT
- pragma: no-cache
- server: tsa_a
- set-cookie: _twitter_sess=BAh7CSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNo%250ASGFzaHsABjoKQHVzZWR7ADoPY3JlYXRlZF9hdGwrCAKtqJhSAToMY3NyZl9p%250AZCIlNjhiZjdmNWFkN2ViNjRiMGM2NmMxMzE4ZTlmOTZlY2U6B2lkIiUyZTcz%250AOTk2OGJlOTFiZDQyNDQzMGY4ZjNkODIzZjk1Mw%253D%253D--cc35ace2184c6e4b3787ca7af2811c7bb0aa8115; Path=/; Domain=.twitter.com; Secure; HTTPOnly
- set-cookie: ua="m2,msw"; Expires=Sun, 31 Jan 2016 18:08:57 UTC; Path=/; Domain=.twitter.com; Secure; HTTPOnly
- set-cookie: guest_id=v1%3A145426013717532576; Domain=.twitter.com; Path=/; Expires=Tue, 30-Jan-2018 17:08:57 UTC
- status: 200 OK
- strict-transport-security: max-age=631138519
- x-connection-hash: 25ab8fd22ca280589690ab5a168960a0
- x-content-type-options: nosniff
- x-frame-options: SAMEORIGIN
- x-response-time: 228
- x-transaction: dec22fc2ea127fd8
- x-twitter-response-tags: BouncerCompliant
- x-ua-compatible: IE=edge,chrome=1
- x-xss-protection: 1; mode=block
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement