Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Cache-Control | no-cache |
Content-Security-Policy | img-src https://* data: blob: ; connect-src https://* ws://127.0.0.1:*/ws ; media-src https://* ; object-src https://cf.dropboxstatic.com/static/ https://www.dropboxstatic.com/static/ 'self' https://flash.dropboxstatic.com https://swf.dropboxstatic.com https://dbxlocal.dropboxstatic.com ; default-src 'none' ; font-src https://* data: ; frame-src https://* carousel://* dbapi-6://* dbapi-7://* dbapi-8://* itms-apps://* itms-appss://* ; style-src https://* 'unsafe-inline' 'unsafe-eval' ; script-src https://ajax.googleapis.com/ajax/libs/jquery/ 'unsafe-eval' https://www.dropbox.com/static/ https://cf.dropboxstatic.com/static/javascript/ https://www.dropboxstatic.com/static/javascript/ https://cf.dropboxstatic.com/static/api/ https://www.dropboxstatic.com/static/api/ https://www.google.com/recaptcha/api/ 'nonce-/bB2tWqvveAHzH6+T1Ps' ; |
Pragma | no-cache |
X-Content-Type-Options | nosniff |
X-Dropbox-Http-Protocol | None |
X-Dropbox-Request-Id | 4f81b8810ab988692a6300aabfc005ec |
X-Frame-Options | SAMEORIGIN |
X-Server-Response-Time | 238 |
X-Xss-Protection | 1; mode=block |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
Content-Encoding | gzip |