Server | nginx |
Content-Type | text/html; charset=utf-8 |
Vary | Accept-Encoding |
ETag | W/"cd59b5dac7997cfd260a8548d703c0b4" |
Cache-Control | max-age=0, private, must-revalidate |
X-Request-Id | d2ad3146-26ea-46d6-9a32-0d690d6a0423 |
X-Runtime | 0.005091 |
X-Cloud-Trace-Context | bc566ce0837d392125071160d8a1013b/7351909765867677795;o=1 |
Strict-Transport-Security | max-age=631152000; includeSubdomains; preload |
Content-Security-Policy | default-src 'self'; child-src 'none'; font-src 'self' data: cdn.squarectf.com; img-src 'self' www.google-analytics.com cdn.squarectf.com data:; media-src 'self' cdn.squarectf.com; object-src 'self'; script-src 'self' 'unsafe-eval' www.google-analytics.com cdn.squarectf.com 'sha256-OYuCHq5hzGUL+XJLfG9qRfd7bm6vkKchWHY8timtg+E=' 'sha256-db2tEztUy9Ib/c6PwGRZ9Anz3BRhBKf/Z1FzSsFXFtw='; style-src 'self' 'unsafe-inline' cdn.squarectf.com |
Referrer-Policy | origin-when-cross-origin |
X-Content-Type-Options | nosniff |
X-Download-Options | noopen |
X-Frame-Options | DENY |
X-Permitted-Cross-Domain-Policies | none |
X-XSS-Protection | 1; mode=block |
Content-Encoding | gzip |
Via | 1.1 google |
Transfer-Encoding | chunked |