Server | Apache |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
content-security-policy | connect-src 'self' https://*.google-analytics.com; default-src 'self' https://*.myxheat.com; font-src 'self' data: https://*.gstatic.com; frame-src *; img-src *; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://c.imedia.cz http://connect.facebook.net https://connect.facebook.net https://*.google-analytics.com https://maps.gstatic.com https://*.googleapis.com https://*.twisto.cz https://*.payu.com https://*.myxheat.com; style-src 'self' 'unsafe-inline' https://*.googleapis.com https://*.payu.com; report-uri /csp-log.php |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Pragma | no-cache |
X-Frame-Options | SAMEORIGIN |
Vary | Accept-Encoding |
Content-Encoding | gzip |
Connection | close |
Content-Type | text/html; charset=UTF-8 |