Cache-Control | private |
Transfer-Encoding | chunked |
Content-Type | text/html; charset=utf-8 |
Content-Encoding | gzip |
Vary | Accept-Encoding |
X-Content-Security-Policy | default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline'; |
x-frame-options | SAMEORIGIN, SAMEORIGIN |
X-WebKit-CSP | default-src 'self'; img-src *; script-src 'self'; style-src 'self' 'unsafe-inline';, default-src 'self' |
X-UA-Compatible | IE=edge |
Server | DC Handicrafts server |
Content-Security-Policy | default-src 'self' 'unsafe-inline'; connect-src 'self' 'unsafe-inline' *.google-analytics.com *.googleapis.com *.gstatic.com data:; img-src 'self' 'unsafe-inline' * data:; style-src 'self' https://maxcdn.bootstrapcdn.com https://translate.google.com *.googleapis.com 'unsafe-inline' ; font-src 'self' https://maxcdn.bootstrapcdn.com 'unsafe-inline'; script-src 'self' *.google-analytics.com *.googleapis.com data: 'unsafe-inline';, 'self' https://ajax.googleapis.com |
Access-Control-Allow-Origin | * |
Access-Control-Allow-Headers | Content-Type |
Access-Control-Allow-Methods | GET,POST,PUT,DELETE,OPTIONS |
Access-Control-Allow-Credentials | true |