Server | Apache |
X-FRAME-OPTIONS | SAMEORIGIN |
Strict-Transport-Security | max-age=31536000; includeSubDomains |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Cache-Control | no-cache, no-store, must-revalidate |
Pragma | no-cache |
Expires | Thu, 01 Jan 1970 00:00:00 GMT |
X-Permitted-Cross-Domain-Policies | master-only |
Content-Security-Policy | default-src 'self' https://apis.google.com/ https://ssl.gstatic.com/ https://www.google.com/ https://www.gstatic.com/ https://www.paypal.com/ https://ajax.googleapis.com/ http://ws.assoc-amazon.com http://ecx.images-amazon.com; style-src 'self' 'unsafe-inline'; script-src 'self' apis.google.com www.google.com www.gstatic.com ajax.googleapis.com ws.assoc-amazon.com ecx.images-amazon.com 'unsafe-inline' 'unsafe-eval'; report-uri /csp-hotline.php |
Content-Length | 6343 |
Connection | close |
Content-Type | text/html; charset=UTF-8 |