Server | nginx/1.10.3 (Ubuntu) |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Referrer-Policy | origin-when-cross-origin, strict-origin-when-cross-origin |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self'; img-src 'self' data: *.google-analytics.com; style-src 'self' 'unsafe-inline' maxcdn.bootstrapcdn.com cdn.jsdelivr.net fonts.googleapis.com; font-src 'self' fonts.gstatic.com fonts.googleapis.com cdnjs.cloudflare.com; script-src 'self' 'unsafe-inline' *.google-analytics.com *.googletagmanager.com; connect-src 'self'; |
X-Permitted-Cross-Domain-Policies | master-only |
X-Frame-Options | DENY, DENY |
X-Content-Type-Options | nosniff, nosniff |
Strict-Transport-Security | max-age=31536000 |
Public-Key-Pins | pin-sha256="[SOME_BASE64]"; max-age=5184000; |
Content-Encoding | gzip |