Server | cloudflare-nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Cache-Control | max-age=600, public |
Cf-Railgun | direct (starting new WAN connection) |
Content-Disposition | inline; filename="response.html" |
Content-Security-Policy | default-src 'none'; connect-src 'self'; font-src 'self'; frame-src https://www.youtube-nocookie.com https://www.hellosign.com; img-src 'self' data: https://www.google-analytics.com https://cover-photos.hackerone-user-content.com https://profile-photos.hackerone-user-content.com https://hackerone-attachments.s3.amazonaws.com; media-src 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri https://app.getsentry.com/api/55143/csp-report/?sentry_version=5&sentry_key=b7f63dee2a404d5e83fff96c50bd700f |
Etag | W/"419f460b120112e1638ba8b4bd654985" |
Public-Key-Pins-Report-Only | pin-sha256="WoiWRyIOVNa9ihaBciRSC7XHjliYS9VwUGOIud4PB18="; pin-sha256="r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E="; pin-sha256="K87oWBWM9UZfyddvDfoxL+8lpNyoUB2ptGtn0fv6G2Q="; pin-sha256="iie1VXtL7HzAMF+/PVPR9xzT80kQxdZeJ+zduCB3uj0="; pin-sha256="cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A="; pin-sha256="bIlWcjiKq1mftH/xd7Hw1JO77Cr+Gv+XYcGUQWwO+A4="; pin-sha256="tXD+dGAP8rGY4PW1be90cOYEwg7pZ4G+yPZmIZWPTSg="; max-age=600; includeSubDomains; report-uri="https://report-uri.io/report/hackerone/reportOnly" |
Status | 200 OK |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | DENY |
X-Permitted-Cross-Domain-Policies | none |
X-Request-Id | 90c2c21e-357f-4ebb-b1eb-6fde7ea03d04 |
X-Xss-Protection | 1; mode=block |
CF-RAY | 28b28f0b76251840-EWR |
Content-Encoding | gzip |