Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Last-Modified | Thu, 12 Oct 2017 17:44:48 GMT |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Cache-Control | max-age=14400, must-revalidate |
ETag | W/"59dfaa10-d8d" |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
X-XSS-Protection | 1; mode=block |
Referrer-Policy | same-origin |
Content-Security-Policy | default-src 'self'; connect-src 'self' ajax.googleapis.com data:; script-src 'self' 'unsafe-eval' ajax.googleapis.com ajax.aspnetcdn.com ajax.microsoft.com cdnjs.cloudflare.com code.jquery.com cdn.jsdelivr.net yastatic.net yandex.st libs.baidu.com lib.sinaapp.com upcdn.b0.upaiyun.com data:; style-src 'self' 'unsafe-inline'; |
Content-Encoding | gzip |