Cache-Control | max-age=900, no-store |
Content-Language | en |
Content-Security-Policy | default-src https: data: 'unsafe-inline' 'unsafe-eval' |
Content-Type | text/html; charset=utf-8 |
Expires | Sun, 19 Nov 1978 05:00:00 GMT |
From-Origin | same |
Server | Apache |
Strict-Transport-Security | max-age=1000 |
X-Content-Security-Policy | default-src 'self'; script-src 'unsafe-inline' https:; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; img-src 'unsafe-inline' localhost https://*.s3.amazonaws.com https://www.google-analytics.com hsdp.io/* 'self'; media-src 'self' https://*.s3.amazonaws.com; frame-src 'self' https://*.s3.amazonaws.com; font-src 'self' https:; connect-src 'self' https://*.s3.amazonaws.com; report-uri /admin/config/system/seckit/csp-report |
X-Content-Type-Options | nosniff |
X-Drupal-Cache | MISS |
X-Frame-Options | SameOrigin |
X-Generator | HSDP |
X-Vcap-Request-Id | 492252da-95c6-478c-458c-9ca302fbed60 |
X-Webkit-Csp | default-src 'self'; script-src 'unsafe-inline' https:; object-src 'none'; style-src 'self' 'unsafe-inline' cdn.jsdelivr.net; img-src 'unsafe-inline' localhost https://*.s3.amazonaws.com https://www.google-analytics.com hsdp.io/* 'self'; media-src 'self' https://*.s3.amazonaws.com; frame-src 'self' https://*.s3.amazonaws.com; font-src 'self' https:; connect-src 'self' https://*.s3.amazonaws.com; report-uri /admin/config/system/seckit/csp-report |
X-Xss-Protection | 1; mode=block |
transfer-encoding | chunked |
Connection | keep-alive |