Server | nginx |
Content-Type | text/html; charset=utf-8 |
Transfer-Encoding | chunked |
Connection | keep-alive |
x-xss-protection | 1; mode=block |
referrer-policy | strict-origin-when-cross-origin |
x-frame-options | DENY |
content-security-policy | default-src 'none'; script-src 'self' https://www.google-analytics.com/ https://static.brokenhands.io https://cdn.jsdelivr.net/ https://connect.facebook.net/ https://publish.twitter.com cdn.syndication.twimg.com platform.twitter.com https://platform.linkedin.com https://ajax.googleapis.com/ https://code.jquery.com/ https://cdnjs.cloudflare.com/ https://maxcdn.bootstrapcdn.com/ https://steampress.disqus.com/ https://*.disquscdn.com/ https://disqus.com/; style-src 'self' https://use.fontawesome.com https://cdn.jsdelivr.net/ *.twimg.com platform.twitter.com https://maxcdn.bootstrapcdn.com/ https://*.disquscdn.com/ https://cdnjs.cloudflare.com/ajax/libs/select2/; img-src 'self' data: https://static.brokenhands.io https://www.facebook.com cdn.syndication.twimg.com syndication.twitter.com *.twimg.com platform.twitter.com https://referrer.disqus.com/ https://*.disquscdn.com/ https://www.google-analytics.com/; connect-src 'self' https://links.services.disqus.com/; font-src https://maxcdn.bootstrapcdn.com/ https://use.fontawesome.com/; child-src https://disqus.com/ syndication.twitter.com platform.twitter.com www.facebook.com staticxx.facebook.com; form-action 'self'; base-uri 'self'; require-sri-for script style; report-uri https://brokenhands.report-uri.io/r/default/csp/enforce; upgrade-insecure-requests; block-all-mixed-content; |
x-content-type-options | nosniff |
Strict-Transport-Security | max-age=15724800; preload |
Content-Encoding | gzip |