Content-Encoding | gzip |
Content-Security-Policy | default-src 'self' 'unsafe-eval' *.karolinafund.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me;img-src *;font-src *;style-src www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com |
Content-Type | text/html; charset=UTF-8 |
Server | Apache |
Vary | Accept-Encoding,User-Agent |
X-Content-Security-Policy | default-src 'self' 'unsafe-eval' *.karolinafund.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me;img-src *;font-src *;style-src www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com |
X-Frame-Options | DENY |
X-Webkit-CSP | default-src 'self' 'unsafe-eval' *.karolinafund.com d2tnn0p1wwhikn.cloudfront.net clients1.google.com cse.google.com www.google.com *.google-analytics.com *.facebook.net *.facebook.com *.vimeo.com *.addthis.com *.googleapis.com *.bootstrapcdn.com stats.g.doubleclick.net *.soundcloud.com soundcloud.com *.youtube.com *.w3.org *.ogp.me;img-src *;font-src *;style-src www.google.com d2tnn0p1wwhikn.cloudfront.net *.addthis.com 'self' 'unsafe-inline' *.bootstrapcdn.com *.googleapis.com |
Connection | keep-alive |