Server | Apache |
Upgrade | h2 |
Connection | Upgrade, close |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self' www.google-analytics.com; script-src 'self' data: 'unsafe-inline' 'unsafe-eval' www.googletagmanager.com js-agent.newrelic.com bam.nr-data.net www.google-analytics.com www.google.com www.gstatic.com; style-src 'self' 'unsafe-inline' fonts.googleapis.com; img-src 'self' data: www.google-analytics.com; font-src 'self' fonts.gstatic.com; child-src www.googletagmanager.com www.youtube.com www.google.com; form-action 'self'; block-all-mixed-content; |
Referrer-Policy | no-referrer-when-downgrade |
X-Frame-Options | SAMEORIGIN |
X-Content-Type-Options | nosniff |
Public-Key-Pins | pin-sha256="grX4Ta9HpZx6tSHkmCrvpApTQGo67CYDnvprLg5yRME="; pin-sha256="JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg="; max-age=16070400 |
Strict-Transport-Security | max-age=16070400 |
Transfer-Encoding | chunked |
Content-Type | text/html; charset=UTF-8 |