| Server | nginx |
| Content-Type | text/html; charset=utf-8 |
| Transfer-Encoding | chunked |
| Connection | keep-alive |
| Expires | Thu, 19 Nov 1981 08:52:00 GMT |
| Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
| Pragma | no-cache |
| Content-Security-Policy | default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://code.jquery.com/ https://seal.websecurity.norton.com/ https://www.google.com/ https://www.google-analytics.com/ https://image.providesupport.com/ https://browser-update.org/ https://www.googleadservices.com/ https://ajax.googleapis.com/ https://apis.google.com/ https://cdnjs.cloudflare.com/ https://*.optimizely.com/ https://optimizely.s3.amazonaws.com/ https://script.crazyegg.com/ https://s3.amazonaws.com/ https://cdn3.optimizely.com/; img-src 'self' https://code.jquery.com/ https://seal.websecurity.norton.com/ data: https://chart.googleapis.com/ https://www.google-analytics.com/ https://image.providesupport.com/ https://stats.g.doubleclick.net/ http://stats.g.doubleclick.net/ https://ssl.gstatic.com/ https://s3.amazonaws.com/ https://*.optimizely.com/; style-src 'self' 'unsafe-inline' https://code.jquery.com/ https://www.google.com/ https://ajax.googleapis.com/ https://maxcdn.bootstrapcdn.com/; font-src https://maxcdn.bootstrapcdn.com/ 'self'; frame-src https://www.youtube.com/ https://googleads.g.doubleclick.net/ https://www.google.com/ https://www.google.nl/ https://apis.google.com/ https://accounts.google.com/ https://*.optimizely.com/; object-src 'self'; connect-src 'self' https://*.optimizely.com/ |
| X-Frame-Options | SAMEORIGIN |
| Strict-Transport-Security | max-age=31536000; includeSubdomains; |
| X-XSS-Protection | 1; mode=block |
| X-Content-Type-Options | nosniff |
| Content-Encoding | gzip |