Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding, Accept-Encoding |
Cache-Control | private, must-revalidate |
pragma | no-cache |
expires | -1 |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
Content-Security-Policy-Report-Only | default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report |
Access-Control-Allow-Origin | * |
Access-Control-Allow-Methods | GET, POST, PATCH, PUT, DELETE, OPTIONS |
Access-Control-Allow-Headers | Origin, Content-Type, X-Auth-Token |
Content-Encoding | gzip |