Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Strict-Transport-Security | max-age=31536000; includeSubDomains; preload |
X-Frame-Options | deny |
X-Content-Type-Options | nosniff |
Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' data: https: |
Public-Key-Pins | pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="1EejX+wGofOYbNg0s4W3ISjVzc7p8av1/+/+bTZGnyU="; max-age=2592000; includeSubDomains |
Public-Key-Pins-Report-Only | pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="; pin-sha256="1EejX+wGofOYbNg0s4W3ISjVzc7p8av1/+/+bTZGnyU="; max-age=2592000; includeSubDomains |
Cache-Control | no-cache |
Content-Encoding | gzip |