Server | nginx |
Content-Type | text/html; charset=utf-8 |
Connection | keep-alive |
X-DNS-Prefetch-Control | off |
X-Frame-Options | SAMEORIGIN |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
X-Download-Options | noopen |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' https://steemitimages.com wss://steemd.privex.io wss://steemd.minnowsupportproject.org wss://rpc.steemliberator.com wss://rpc.buildteam.io api.steemit.com api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation |
X-Content-Security-Policy | child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' https://steemitimages.com wss://steemd.privex.io wss://steemd.minnowsupportproject.org wss://rpc.steemliberator.com wss://rpc.buildteam.io api.steemit.com api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation |
X-WebKit-CSP | child-src 'self' www.youtube.com staticxx.facebook.com w.soundcloud.com player.vimeo.com; connect-src 'self' https://steemitimages.com wss://steemd.privex.io wss://steemd.minnowsupportproject.org wss://rpc.steemliberator.com wss://rpc.buildteam.io api.steemit.com api.blocktrades.us; default-src 'self' www.youtube.com staticxx.facebook.com player.vimeo.com; font-src data: fonts.gstatic.com; frame-ancestors 'none'; img-src * data:; object-src 'none'; plugin-types application/pdf; script-src 'self' www.google-analytics.com connect.facebook.net; style-src 'self' 'unsafe-inline' fonts.googleapis.com; report-uri /api/v1/csp_violation |
Content-Encoding | gzip |
ETag | "dc2f-SNR76alPYDvnDR3c90IqIC2UBoY" |