Server | nginx |
Content-Type | text/html; charset=UTF-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
Vary | Accept-Encoding |
Access-Control-Allow-Origin | * |
Access-Control-Allow-Methods | POST, GET, OPTIONS |
Access-Control-Allow-Headers | Content-Type, Origin, Authorization, X-Requested-With |
Cache-Control | no-cache |
Public-Key-Pins | pin-sha256="EohwrK1N7rr3bRQphPj4j2cel+B2d0NNbM9PWHNDXpM="; pin-sha256="58qRu/uxh4gFezqAcERupSkRYBlBAvfcw7mEjGPLnNU="; pin-sha256="bY1oMH0JFNNCTyU6NZn3b/aaasQfGRWGHExtVShyuSw="; max-age=2592000; includeSubDomains |
Strict-Transport-Security | max-age=31536000; includeSubdomains; preload |
X-Frame-Options | DENY |
X-Content-Type-Options | nosniff |
X-XSS-Protection | 1;mode=block; |
Content-Encoding | gzip |