Cache-Control | private, no-cache |
Content-Encoding | gzip |
Content-Security-Policy | connect-src 'self' https://*.smooch.io/ wss://*.smooch.io/ https://api.mixpanel.com; default-src 'self'; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://maxcdn.bootstrapcdn.com https://netdna.bootstrapcdn.com; frame-src 'self' https://cdn.embedly.com https://www.google.com/maps/embed https://samshah.wufoo.com; img-src * data:; media-src 'self' https://*.smooch.io/; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.google-analytics.com/analytics.js https://*.smooch.io/ https://www.wufoo.com/scripts/embed/form.js; style-src * 'unsafe-inline'; |
Content-Type | text/html; charset=utf-8 |
Server | nginx |
Strict-Transport-Security | max-age=31536000; includeSubdomains |
Vary | Accept-Encoding |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | SAMEORIGIN, SAMEORIGIN |
X-Permitted-Cross-Domain-Policies | master-only |
X-XSS-Protection | 1; mode=block |
Connection | keep-alive |