Server | Apache |
Content-Security-Policy | default-src 'self' maps.google.com data: ; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.jquery.com *.slaask.com *.google.com *.gstatic.com *.google-analytics.com *.googleapis.com *.pusher.com *.embedly.com *.mxpnl.com *.bootstrapcdn.com ; style-src 'self' 'unsafe-inline' *.jquery.com *.googleapis.com *.slaask.com *.gstatic.com; child-src 'self' *.youtube.com ; connect-src 'self' slaask.com ws://*.pusherapp.com *.mixpanel.com wss://ws.pusherapp.com *.pusherapp.com *.google-analytics.com ; img-src 'self' data: *.slaask.com *.mixpanel.com *.gstatic.com *.googleapis.com *.google-analytics.com *.licdn.com *.slack-edge.com *.youtube.com ; media-src 'self' *.slaask.com *.youtube.com ; font-src 'self' data: cdn.slaask.com *.gstatic.com; |
X-Frame-Options | SAMEORIGIN |
Expires | Thu, 19 Nov 1981 08:52:00 GMT |
Cache-Control | private, no-cache, no-store, proxy-revalidate, no-transform |
Vary | Accept-Encoding,User-Agent |
Content-Encoding | gzip |
X-XSS-Protection | 1; mode=block |
Strict-Transport-Security | max-age=604800 |
X-Content-Type-Options | nosniff |
X-Permitted-Cross-Domain-Policies | none |
Referrer-Policy | no-referrer-when-downgrade |
Keep-Alive | timeout=5, max=99 |
Connection | Keep-Alive |
Content-Type | text/html; charset=UTF-8 |