Server | nginx/1.12.2 |
Content-Type | text/html;charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Content-Security-Policy | default-src 'none'; base-uri 'none'; block-all-mixed-content; child-src https://share.intercom.io https://www.youtube.com https://player.vimeo.com https://fast.wistia.net; connect-src 'self' https://api.rollbar.com https://r.fullstory.com https://www.fullstory.com https://fullstory.com https://api.segment.io https://api.mixpanel.com https://api.amplitude.com https://*.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://heapanalytics.com; font-src 'self' data: https://cdn.myfontastic.com https://js.intercomcdn.com https://fonts.gstatic.com https://heapanalytics.com; form-action 'self'; frame-ancestors 'none'; img-src 'self' https://csi.gstatic.com https://logo.clearbit.com https://maps.googleapis.com https://www.google-analytics.com https://heapanalytics.com data: https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://dapjjo8h3d36y.cloudfront.net; media-src https://js.intercomcdn.com; object-src 'self'; script-src https://affinity.vc 'self' 'unsafe-inline' https://d37gvrvc0wt4s1.cloudfront.net https://maps.googleapis.com https://js-agent.newrelic.com https://bam.nr-data.net https://www.google-analytics.com https://www.fullstory.com https://fullstory.com https://cdn.heapanalytics.com https://heapanalytics.com https://cdn.segment.com https://d24n15hnbwhuhn.cloudfront.net https://cdn.mxpnl.com https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com; style-src 'self' 'unsafe-inline' https://cdn.myfontastic.com https://heapanalytics.com; upgrade-insecure-requests; report-uri /api/csp |
Strict-Transport-Security | max-age=31557600; includeSubdomains; preload |
Referrer-Policy | origin-when-cross-origin |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | DENY |
X-Permitted-Cross-Domain-Policies | none |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |