Server | nginx |
Content-Type | text/html; charset=utf-8 |
Connection | keep-alive |
P3P | CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA" |
Expires | Sat, 18 Jun 1983 07:07:07 GMT |
Last-Modified | Thu, 05 Nov 2015 07:41:13 GMT |
Cache-Control | no-store, no-cache, must-revalidate, post-check=0, pre-check=0 |
Pragma | no-cache |
X-Frame-Options | SAMEORIGIN |
Content-Security-Policy | default-src 'self' https://* 'unsafe-inline' 'unsafe-eval' data:; img-src https: http: data:; object-src 'none'; frame-ancestors 'self'; report-uri https://hackpad.com/csp_log; referrer origin-when-crossorigin; script-src 'self' 'unsafe-inline' https://www.dropbox.com/static/api/1/dropins.js https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js https://ssl.google-analytics.com/ga.js https://cdn.mxpnl.com/libs/mixpanel-2.1.min.js https://connect.facebook.net/en_US/all.js https://js.stripe.com/v1/ https://static.intercomcdn.com/intercom.v1.js https://widget.intercom.io/widget/ https://js.intercomcdn.com/ https://platform.twitter.com/widgets.js https://syndication.twitter.com/ https://gist.github.com/ https://d29bt26wntaesq.cloudfront.net/ 'nonce-eb28c14d852207013448e35d0cb91168a7942f75';, frame-ancestors 'self' |
Content-Encoding | gzip |
Strict-Transport-Security | max-age=31557600; includeSubdomains; |
X-Permitted-Cross-Domain-Policies | master-only |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
X-Hackpad-Server-Id | Main |