Server | Apache |
X-XSS-Protection | 1; mode=block |
X-Content-Type-Options | nosniff |
X-Frame-Options | DENY |
Strict-Transport-Security | max-age=63072000; includeSubDomains |
Public-Key-Pins-Report-Only | pin-sha256="TLWu29Y83wlFocu4Vo9Lcj34h3eLB3+BpBPb654LS8o="; pin-sha256="5kJvNEMw0KjrCAu7eXY5HZdvyCS13BbA0VJG1RSP91w="; pin-sha256="kYYpAGMOnb4tDu2wbNuYcB2ch3vR7Djmnffb/rNRnNE="; max-age=600; report-uri="http://report.tunetheweb.com/api/report/hpkp-report.json" |
Content-Security-Policy-Report-Only | default-src 'self' https:; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google-analytics.com https://cse.google.com https://www.google.com https://www.googleapis.com https://tunetheweb.disqus.com https://a.disquscdn.com https://cdn.ampproject.org https://www.gstatic.com; style-src 'self' 'unsafe-inline' https:; frame-ancestors 'none'; form-action 'self'; img-src 'self' https: data:; report-uri https://www.tunetheweb.com/api/report/csp-report.json; |
Upgrade | h2 |
Connection | Upgrade, Keep-Alive |
Last-Modified | Mon, 28 Dec 2015 07:42:32 GMT |
Accept-Ranges | bytes |
Vary | Accept-Encoding,User-Agent |
Content-Encoding | gzip |
Cache-Control | max-age=10800, public |
Expires | Mon, 28 Dec 2015 14:43:33 GMT |
Keep-Alive | timeout=5, max=100 |
Content-Type | text/html; charset=utf-8 |