Server | nginx |
Content-Type | text/html; charset=utf-8 |
Connection | keep-alive |
Content-Language | en |
Expires | Sat, 03 Mar 2018 17:32:34 GMT |
Cache-Control | max-age=2323 |
Pragma | public |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-Xss-Protection | 1; mode=block |
X-UA-Compatible | IE=edge |
X-Content-Type-Options | nosniff, nosniff |
X-Powered-By | Commodore C64 |
X-FRAME-OPTIONS | SAMEORIGIN |
Content-Security-Policy | default-src https: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.cloudfront.net *.tradingview.com *.googleapis.com; img-src 'self' *.youtube.com *.tradingview.com *.google-analytics.com *.gstatic.com stats.g.doubleclick.net *.googleapis.com data:; |
X-Content-Security-Policy | default-src https: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.cloudfront.net *.tradingview.com *.googleapis.com; img-src 'self' *.youtube.com *.tradingview.com *.google-analytics.com *.gstatic.com stats.g.doubleclick.net *.googleapis.com; |
X-Webkit-CSP | default-src https: 'unsafe-inline' 'unsafe-eval' *.google.com *.google-analytics.com *.cloudfront.net *.tradingview.com *.googleapis.com; img-src 'self' *.tradingview.com *.google-analytics.com *.gstatic.com stats.g.doubleclick.net *.googleapis.com; |
Strict-Transport-Security | max-age=31536000 |
Public-Key-Pins | pin-sha256="1J/w9wwnolrMOe1efJUBcfDAOIeRlyUPSDx0NV75ie0="; pin-sha256="8kGWrpQHhmc0jwLo43RYo6bmqtHgsNxhARjM5yFCe/w="; pin-sha256="gI1os/q0iEpflxrOfRBVDXqVoWN3Tz7Dav/7IT++THQ="; pin-sha256="lNd4tSEMkXRhrpwme2vR5SgT3lRDT34GI92q1So8tic="; max-age=604800 |