Content-Encoding | gzip |
Content-Security-Policy-Report-Only | default-src 'none'; child-src 'self' https: www.google-analytics.com; connect-src 'self' https: www.google-analytics.com hades-prod.s3.amazonaws.com; font-src 'self' https: fonts.gstatic.com maxcdn.bootstrapcdn.com; img-src 'self' https: data: www.google-analytics.com; script-src 'self' https: www.google-analytics.com www.googletagmanager.com browser-update.org www.fullstory.com 'nonce-860fd152-cb8e-4c27-8a3c-6b54037a2061'; style-src 'self' https: 'unsafe-inline' maxcdn.bootstrapcdn.com fonts.googleapis.com; object-src 'none'; report-uri /report-violation |
Content-Type | text/html; charset=utf-8 |
ETag | W/"a0b1-DKwPixeut1NW9SKYcd2w0AfLljg" |
set-cookie | connect.sid=s%3ArYEiuUIrhUjRDY9tWwpyHdNtlZP8FYmD.p85oLMm5MMvboJmG49ebYep2gy1s977Xz2pi7WQu9cA; Path=/; HttpOnly; Secure |
Strict-Transport-Security | max-age=15552000; includeSubDomains |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-DNS-Prefetch-Control | off |
X-Download-Options | noopen |
X-Frame-Options | SAMEORIGIN |
X-XSS-Protection | 1; mode=block |
transfer-encoding | chunked |
Connection | keep-alive |