Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Expires | Sun, 19 Nov 1978 05:00:00 GMT |
Cache-Control | no-cache, must-revalidate |
Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com *.highcharts.com cdn.jsdelivr.net:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* cdn.jsdelivr.net:*; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.googleusercontent.com:* *.google-analytics.com *.webspellchecker.net stats.g.doubleclick.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com:* cdn.jsdelivr.net:* *.googleapis.com:*; report-uri /admin/config/system/seckit/csp-report |
X-Content-Security-Policy | default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com *.highcharts.com cdn.jsdelivr.net:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* cdn.jsdelivr.net:*; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.googleusercontent.com:* *.google-analytics.com *.webspellchecker.net stats.g.doubleclick.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com:* cdn.jsdelivr.net:* *.googleapis.com:*; report-uri /admin/config/system/seckit/csp-report |
X-WebKit-CSP | default-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:*; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* *.bootstrapcdn.com:* *.googleusercontent.com:* *.webspellchecker.net:* *.google-analytics.com *.highcharts.com cdn.jsdelivr.net:*; style-src 'self' 'unsafe-inline' 'unsafe-eval' *.googleapis.com:* cdn.jsdelivr.net:*; img-src 'self' 'unsafe-inline' 'unsafe-eval' *.bootstrapcdn.com:* *.googleusercontent.com:* *.google-analytics.com *.webspellchecker.net stats.g.doubleclick.net; frame-src 'self' 'unsafe-inline' 'unsafe-eval' *.constantcontact.com:80 *.youtube.com *.google.com *.vimeo.com *; font-src 'self' fonts.gstatic.com *.bootstrapcdn.com:* cdn.jsdelivr.net:* *.googleapis.com:*; report-uri /admin/config/system/seckit/csp-report |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
From-Origin | same |
Content-Language | en |
X-Proxy-Cache | HIT |
X-Proxy-Bypass | Value: |
X-Frame-Options | SameOrigin, SAMEORIGIN |
Content-Encoding | gzip |