Server | cloudflare-nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Cache-Control | max-age=600, public |
Cf-Railgun | direct (waiting for pending WAN connection) |
Content-Disposition | inline; filename="response.html" |
Content-Security-Policy | default-src 'none'; connect-src 'self'; font-src 'self'; frame-src https://www.youtube-nocookie.com https://www.hellosign.com; img-src 'self' data: https://www.google-analytics.com https://cover-photos.hackerone-user-content.com https://profile-photos.hackerone-user-content.com; media-src 'self'; object-src 'none'; script-src 'self' https://www.google-analytics.com; style-src 'self' 'unsafe-inline'; base-uri 'self'; form-action 'self'; frame-ancestors 'none'; report-uri https://app.getsentry.com/api/55143/csp-report/?sentry_version=5&sentry_key=b7f63dee2a404d5e83fff96c50bd700f |
Etag | W/"156125d5712782382a5694108f389dd9" |
Status | 200 OK |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | DENY |
X-Permitted-Cross-Domain-Policies | none |
X-Request-Id | 2590cc85-ad7b-40b7-a84d-954d9a6bbecd |
X-Xss-Protection | 1; mode=block |
CF-RAY | 2406e8fb84ec186a-EWR |
Content-Encoding | gzip |