Server | Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/7.0.20 |
Strict-Transport-Security | max-age=16070400; includeSubDomains; preload |
Last-Modified | Tue, 13 Feb 2018 09:02:23 GMT |
Accept-Ranges | bytes |
Access-Control-Allow-Origin | * |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1; mode=block |
Content-Security-Policy | default-src 'self' *.semikron.com *.localhost.com; style-src 'self' 'unsafe-inline' *.semikron.com *.mellow.biz *.mellowdomain.biz *.localhost.com *.googleapis.com *.google.com; img-src 'self' data: *; script-src 'self' 'unsafe-inline' 'unsafe-eval' http://f.fontdeck.com *.fontdeck.com *.localhost.com *.semikron.com *.mellow.biz *.mellowdomain.biz *.google-analytics.com *.googleapis.com *.google.com *.googletagmanager.com *.googleadservices.com googleads.g.doubleclick.net; font-src 'self' *.localhost.com *.semikron.com *.mellow.biz *.mellowdomain.biz *.fontdeck.com *.gstatic.com; frame-src *.youtube.com *.youku.com *.semikron.com *.mellow.biz *.mellowdomain.biz *.doubleclick.net https://s3.amazonaws.com; child-src *.youtube.com *.youku.com *.semikron.com *.mellow.biz *.mellowdomain.biz *.doubleclick.net https://s3.amazonaws.com |
Cache-Control | no-cache, no-store, must-revalidate |
Pragma | no-cache |
Content-Encoding | gzip |
Keep-Alive | timeout=5, max=100 |
Connection | Keep-Alive |
Content-Type | text/html; charset=UTF-8 |